How to Use BackTrack to crack WEP keys in Wi-Fi networks

Source: Internet
Author: User
Tags bssid

You may already know that if you want to lock your Wi-Fi network, you 'd better choose the WPA encryption method because WEP encryption is easily cracked. But do you know how easy it is? Let's take a look.

Note: This post verifies how to crack the rarely used and outdated WEP encryption protocol. If you want to crack the network with more popular WPA encryption, read this article: How to Use Reaver to crack the WPA password of the Wi-Fi network.

Today, let's take a look at how to crack the Wi-Fi network encrypted using WEP encryption method step by step. However, knowledge is a kind of power, but power does not mean you should be a player or do anything illegal. Knowing how to pick a lock won't make you a thief. Please apply this post to the educational nature or conceptual verification test.

There are many tutorials on how to use this solution to crack WEP encryption on the Internet. Seriously under Google, this cannot be called news. However, it is surprising that, for example, I only have a few cainiao who have little network experience. I can also use some free software and cheap WIFI adapters to crack this problem. Let's take a look!

What do you need

Unless you are a computer network security ninja, you are unlikely to have all the tools to complete the experiment. The following are what you need:

  • A compatible wireless adapter. This is the main requirement. You need a wireless adapter for package injection. Your computer may not have this function. After discussing with my security expert neighbor, I spent $50 on Amazon to buy an Alfa AWUS050NH adapter, as shown in the figure above. Update: do not learn from me. In fact, you should buy Alfa AWUS036H instead of US050NH. The buddy in the video bought a modem on Ebay for $12 USD (you can also choose to sell your vro ). There are many adapters compatible with aircrack on the Internet.
  • OneBackTrack Live CD. We have provided a complete installation tutorial for BackTrack 3. Linux Live CD allows you to complete all security testing and testing. Download a CD image and burn it or start it from VMware.
  • A nearbyWEPEncryptedWIFINetwork. The signal must be strong enough. Ideally, it is best to have the user using, connecting, and disconnecting the device. The more people use the network, the more data you can crack, and the more likely you are to succeed.
  • Patience with command lineThere are a total of 10 steps here, a total of long, difficult to understand commands, and then wait for your wifi card to collect enough password cracking data. As a doctor and an impatient patient said, You need to be patient.

CrackingWEP

To crack WEP, you need to start a Konsole, which is the built-in command line interface of BackTrack, which is the second icon from left to right in the lower left corner of the taskbar. Enter the command.

Step 1: run the following command to obtain your Nic list:

Airmon-ng

I only saw the result of a ra0. You may be different. Record the content (find a piece of paper or ). Now, change and replace each interface in the command.

Now, run the following four commands. Look at the input results.

Airmon-ng stop (interface)

Ifconfig (interface) down

Macchanger-mac 00: 11: 22: 33: 44: 55 (interface)

Airmon-ng start (interface)

If you do not get the same result, the most likely situation is that your wireless network card cannot work in special cracking mode. If you have succeeded, you should have successfully forged a new MAC address on your wireless network card, 00: 11: 22: 33: 44: 55.

Now, start to use your network interface and run: (Note: The interface is ra0 In the example)

Airodump-ng (interface)

You can see the list of Wi-Fi networks around you. After you confirm your target, press Ctrl + C to end the list. Highlight the network you are interested in and record two types of data at the same time: Its BSSID and its Channel (the Channel, the column labeled as CH), just like the following. Obviously, the network you want to crack requires WEP encryption, not WPA or other encryption methods.

As I said, press Ctrl + C to terminate the list. (I need to repeat it once or twice to find the network I need) once you find the network you want to crack, highlight BSSID and copy it to your clipboard to prepare for the command to be entered.

Now we need to observe the target network you selected and save the captured information to a file and run the following command:

Airodump-ng-c (channel)-w (file name)-bssid (bssid) (interface)

(Channel) and (bssid) are the information you obtained earlier. You can use Shift + Insert to paste the bssid information in the clipboard to the command line. Just give your file a name. I used "YoYo", the name of the network I cracked.

You can get the window output as shown in. Put this window in this way. Create a konsole window in the foreground and enter the following command:

Aireplay-ng-1 0-a (bssid)-h 00: 11: 22: 33: 44: 55-e (essid) (interface)

The ESSID here is the name of the Access Point SSID, for example, my name is YoYo. You want to get the result of "Association successful" after running.

If you have reached this step, it is time to run the following command:

Aireplay-ng-3-B (bssid)-h 00: 11: 22: 33: 44: 55 (interface)

Now, we have created a routing path to capture data faster and thus accelerate the cracking process. A few minutes later, the front-end window will start reading and writing data packets frantically. (At this time, I cannot use the YoYo network to access the Internet on another machine.) Here, you can have a cup of Java card coffee and then go out for a walk. Generally, you need to collect enough data before running your cracking program. Looking at the Data in the "# Data" column, you need it to be above 10,000. (Shard only has 854 of the data)

This process may take some time, depending on your network signal strength (as you can see in the middle, my signal strength is lower than-32DB, although the YoYo AP and my adapter are in the same room ). Wait until the packet data reaches 10 KB, because the cracking process will not succeed before that. In fact, you may need more than 10 K, although it may be enough in most cases.

Once you have collected enough data, it is time to witness the miracle. Start the third terminal window and enter the following command to crack the data you have collected:

Aircrack-ng-B (bssid) (filename-01.cap)

The filename here is the name of the file you entered above. You can see it in your Home directory. It should be a. cap extension file.

If you do not have enough data, the attack may fail. aircrack will tell you to get more data and try again. If it succeeds, you will see the result:

"Key found" is displayed next to the wep key ". Remove the quotation marks and enter them to log on to the target network.

Problems in this process

Through this article, we can prove that the network to crack WEP encryption is so easy for anyone with hardware and software. I always think this is the case, but unlike the guy in the video below, I encountered a lot of problems in this process. In fact, you should be aware that the last one is different from the others because it is not mine. Although the ap I cracked was my own AP, it was in the same room as my Alfa, and the signal strength was always around-30, however, the data collection speed is still very slow, and before the data collection is complete, BackTrack cannot crack him. After trying various solutions (on my MAC and PC), I have never been able to capture enough data to crack the key.

Therefore, this process is theoretically very simple. In fact, the distance between devices and AP varies from person to person.

You can go to Youtube to watch the video and feel the actual operations of this guy.

Http://www.youtube.com/embed/kDD9PjiQ2_U? Wmode = transparent & rel = 0 & autohide = 1 & showinfo = 0 & enablejsapi = 1

Do you feel the role of using BackTrack to crack WEP encryption? What do you want to say? Change it.

Via: http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrack

Translator: stduolc Proofreader: wxy

This article was originally translated by LCTT and launched with the Linux honor in China

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.