I AM NOT AN EXPERT IN THIS AND IS THE FIRST TIME I DO, is only to get concerned, to try discovered since Windows was impossible using Aircrack-ng, so I had to do it from the LIVE CD ; Linux, which is a quite unknown to me, but it is very easy to do with just a few commands and was able to decipher multiple WEP keys.
To achieve this we must first have the hardware to work with these programs and this depends on the chip they use, but turned out to be more simple than I thought buying the board PCI WIFI common cheaper and there is TP-mark Link TL-wn350GD to work with all Linux Live CD programs, but I could not inject packets by the distance to the AP, proved to be a completely unnecessary step and that all are bent on doing, so everything was even easier.
justifiedSo buy a USB WIFI ultra-powerful (1 or 2 Watts) and one antenna, just to access the use of the Internet connection AP, but the best would have a WIFI CLIENT decent as Ubiquiti NanoStation, Koizumi, etc. for the prices as close to that of those USB.
need not enter any encryption Ap because I have access to many AP-free, problem is that all the bandwidth limit, dividing the bandwidth into channels 300 or 500 kbps during the day, so you can not do great things like watch videos or download many gigabytes, but usually released at night to stop using the total bandwidth, I do not usually use, but I prefer this to be paying fees to Timofonica by 5 and get 1 meg meg. This is the best way to make the vacuum Timofonica these real criminals also buy the best teams in AP, which they had been paid to these swindlers and above all learn.
WEP Key
Following this protocol, who is really is a much better known called RC4. That it be a stream cipher algorithm. RC4
could say that making a password either in a random bit thrown much longer than the original. This string can then be used to apply the plain text in the actual encryption process.
But WEP was intended to implement an additional security measure and for this I use what many know as 's IV (Initialization Vector). It is not really just a string of 24 bits to be added to the key before going through RC4.
The problem is these two points:
• The ridiculous length of IV (Initialization Vector) (24 bits)
• The bad implementation of the manufacturers to apply randomness to these IVs.
The point is that even knowing the key, the IV's are repeated many times, causing different plaintexts to be encrypted multiple times with the same seed (almost like that is encrypted with the same key).
If you get a considerable amount of ciphertexts in a repeat of the Initialization Vector, then statistical attacks could begin to deduce the text.
Programs wep key hacking
There are a few programs, the only ones that work are the first Linux environment, but some do not support or lack of drivers for some motherboards and USB WIFI so they become useless, until we find the program that has the drivers for your hardware. Usb wifi especially difficult but lately they are coming strong because they offer power outputs up to 2 Watts which will greatly increase the range and are the ones that provide similar powers (Ubiquiti professional teams as soon as they arrive to 400 mW), this is very curious.
WIFI key hack is impossible, for others who are connected by the LAN port as the KOZUMI AIR FORCE ONE 2, Ubiquiti NanoStation, etc.
These programs are:
- 4
- Backtrack Linux Live CD environment
- Wifiway 2.0 Linux on a live cd environment
- wifislax 3.1 & # 160; Linux live cd environment
- Beini Linux 1.2.1 Live CD environment
- Aircrack-ng 1.1 Windows environment! unusable! (and this is detected as virus by Avira, Comodo etc.)
may use one or the other is determined by the drivers who own and among which are those of your hardware.
In all, I prefer the Backtrack 4 because it seems to be the one that most drivers have plates and WIFI usb plus no restrictions of any kind to access your computer's hard disk.
who does not work for me ever, was the Aircrack-ng Windows, so I recommend any Linux live cd,
The Wifiway not let you write any file on your hard disk even having admin rights, perhaps the most colorful, and is almost identical to wifislax, in reality the difference may be the drivers they use.
Although many exciting programs, almost everyone has an almost identical way to work! This makes a big difference when you've done it once, is based on the Aircrack-ng and its derivatives
For our hardware is incompatible, the best option is to buy a wifi board, the more ordinary (very cheap by the way, from 5 to 10 dollars) as the TP-link etc. we will use only to find the key, which is precisely what I had to do.
But this is very important, these boards usually do not have much power output as the scope is minimal (some 40 meters), so when you find the key if the access point is a greater distance, unable to communicate with it, therefore not to communicate or even to use the internet connection from the AP. So if you have not bought your hardware WIFI, I will give an address of a site where all USB WIFI the most powerful and proven in these programs, this is the direction http://factoriawireless.net/index.php/topic, 25.0.html if you go to the forum must register, theme & # 160; "usb wireless adapters valid for audits"
because we receive the AP have a much higher power of the order of 400 mW with high performance external antennas, so it can reach a distance of 5 to 10 kilometers depending on the topography and height.
materials are basically 2 classes, access point (the server) and client (the server)
access point (AP), may act as a server or client (and other functions as a repeater, bridge (bridge), firewall, router etc.) but the client is basically who asks and receives, should seek to reach the distance where the server! and for this you need enough power output and maybe a wifi antenna.
Three steps to hack a WEP key
1) We must know that "interface" we
This depends exclusively on the chipset hardware we use, we know that certain programs do not recognize some chips, so the program will be unusable with our hardware.
Among the most common interfaces are:
- wlan0 (pci wifi common plate TP-Link)
- ath0 , (atheros chipset (eg in a usb. Kozumi k-200mwu)
- eth0 (Ethernet card) wifi0
This is the first command run (in linux as sensitive environments eg. the Backtrack)
airmon-ng can also put
iwconfig who does same. This will tell you that you have agreed to interface hardware and is always put in all the following commands.
The method for making a crack wep wifi access point, often summarized as follows
2) use airodump-ng to capture packets.
3) use aircrack-ng to crack the password. But
Occurs only when a network packet, or when no clients connected or a myriad of problems that limit packet capture, Here comes the need to inject packets with aireplay-ng using this process located between the step 2 and 3,
But will not work if the distance is more than you can convey our hardware, this step is not used in this tutorial.
NOTICE
we know that to crack a wep key, you need an average catch of 500,000 packets (not the same as IVs) and it may take 10 hours so that is not expected to be made to find the key, it is best to launch the capture of packets before going to bed and am almost certain that it will be the key, but be careful at night time some AP have no traffic because no one is connected, so you can become fruitless to do this at night. We often find publications not say how tedious this process is the time it takes to do it and they say that with 30,000 parcels and must find the key (it is almost impossible), perhaps because of this, many cut catch early. Are normally required
300,000 packs a 64-bit wep key
500,000 ; packages for a 128-bit WEP key
these the really after in the field # DATA, capture the console.
Using Backtrack 4
It is best to burn it to CD (also on DVD) to start booting from the DVD recorder in a LINUX environment. The first screen that appears we must choose the type of desktop to the screen resolution, usually choose the former, which is 1024x768, then load the entire Linux system in text mode, in some versions can come to ask you to log in login you use it in root and password toor , after we start the graphical window, so write startx
1) STEP ONE: First console
Now create the first console by clicking on the icon (fifth icon, black monitor, located on the bottom bar left)
a text window is very similar to Windows, since there Write the following command to know which is our interface (wlan0, ath0, eth0, wifi0, etc.)
airmon-ng & # 160, (or if iwconfig)
the interface we found, use it for knowing the Access Points ( AP) or access points that we receive, choosing which is what we are going to hack, so we will have to write on paper the channel, the access point BSSID (MAC address) and the access point essid (name AP). These
data will not change so worth copying at once all that interest us when we finished we close the console by pressing CTRL + C or by pressing the x and the window, this is the command:
airodump-ng & # 160; interface eg. airodump-ng wlan0
when copy the data is better to close this console that does not consume bandwidth, we can also re-run the times you want, so we close it here!
2) STEP TWO: Second console
Now create the second console, clicking on the icon (fifth icon, black monitor, located on the bottom bar left)
In this console will capture packet access point you're going to hack, which remain active until we find the key! ! DO NOT CLOSE!
The command is the same as above but change the options, everything is written in lowercase and 1 or more spaces between each parameter, all parameters refer to the acces point to hacking that we have chosen eg.
a)-w ficherodecaptura
write here all the packages, 500,000 or more, where you decipher the key, I recommend putting the name of the access point we're going to hack, it's easier agreed. Important point is that the system will change the file name eg p.
ficherodecaptura & # 160; leaving him
ficherodecaptura-01.cap and see (with 3 other files) appear on the desktop to run the command
b)-c channel
the channel this is a fact that we scored and that is the AP to hack
c) - bssid dirMAC
OJO here is double dash, this is the other data we had noted, it is MAC address of the AP.
d) the interface
this is another fact that we scored in the first step, it has nothing to do with the AP, and will never change ONLY (there is no parameter)
can open multiple consoles for different AP capture, but this greatly slows down the capture, although it is valid to do at night or when there is little traffic on an AP
airodump-ng-w ficherodecaptura -c channel - bssid dirMAC interface
airodump-ng-w palm -c 3 - bssid 00:0 c: 42:12: bb: 2b wlan0
The system will change the name eg. & # 160; palm and palm-01.cap
the number of packages really captured the # DATA field!.
3) STEP THREE: Third console
create the 3 console, this console is hacking the WEP key. There remain the 2 consoles running simultaneously
good thing is that while running captured in the 2 console, you can enter this command in the 3 console to start looking for the key packages that have captured the 2 console at the time, not to find it, is expected to increase the number of packages eg. if started when the capture was on the 1000 package, then wait until the 5000 capture packets and when 5000 comes to automatically seek the key in these packages and if found not extend the limit to 10,000 packets and so on until you find it, will surely be for the 500,000 or more packages,
Once you have found the key, 2 capture console, continue to capture packages, so now we can close
The command is the most famous of all and tell all we need is the capture file name entered in the 2 console, but complete as the system had changed (name- 01.cap) you'll see at the same desk with another 3, which was created when running the command catch in the second console
aircarck-ng ficherodecaptura-01.cap
KEY FOUND! [1B: 56: EE: 4B: CF: 75:1 A: 70: D1: A0: C1: ED: 12]
The key is formed by 2 pairs of hexadecimal numbers separated by "," for the final key we get the double point and that is the final key when you press enter to connect to an access point. stay well:
1B56EE4BCF751A70D1A0C1ED12 has 13 pairs or a 128-bit key length varies
as the key pair is 64, 128, 152 bits!
64 BITS ==> 10 HEX CHARACTERS OR 5 PAIRS BITS 128
==> 26 CHARACTERS OR 13 BITS Hex pairs
152 ==> 32 CHARACTERS , O 16
Hex pairs if the copies by hand writing it on paper, when you enter this MUST BE IN ALL CAPS!
can only have numbers and letters "1234567890ABCDEF" NADA MAS (not be confused or zero, etc.).
Redial
- Backtrack 4 When we leave everything will disappear! because everything is only in memory, even capture the file is written to the hard disk.
- can use copy and paste to copy the key to a text file that already exists in your hard drive. We can access the PC hard disk so it can directly select the Linux Explorer Storage Media, that Backtrack icon (bottom left), get on the 4 position " System Menu "and there" Storage Media "in the window that appears, on the left side" Services "and the last option" Storage Media " and appear hard drives.
- should change the language to fit the keyboard and can type more comfortably on your keyboard. This is done from the lower right side bar where an American flag appears, so it always starts with a U.S. keyboard.
- found no way to test the internet access from the program, possibly because the network card is not to communicate with the AP by distance. Wifi plate functions only as a radio receiver, and capturing packets which cracked the code without having injected a single package.
0 comments:
Post a Comment