The method of router's wireless password cracking

Source: Internet
Author: User
Tags bssid

Centrino key five-minute break method

1, crack software Introduction

The Winaircrackpack Toolkit is a wireless LAN scanning and key-cracking tool, including airodump and Aircrack tools. It can monitor the data transmitted in the wireless network, collect the packets, and compute the WEP/WPA key.

2. Composition of experimental environment system

2.1 Hardware Environment

Select a wireless router or AP that has WEP and WPA encryption features

Two PCs with Centrino Wireless card (defined as STA1 and STA2, as legitimate wireless access user)

Grab a packet of wireless card piece

u laptop one (defined as STA3, as intruder)

2.2 Software Environment

Intruder Sta3:winaircrackpack Toolkit,

Note: STA3 to open the Wireless Zero Config service in the Control Panel-> management tool-> service.

3. Experiment topology diagram

4, configure the wireless router (according to the actual network environment to configure)

(1) STA1 Connect to the wireless router (default unencrypted). Right-click the icon under the screen and select "View Available wireless Networks" to eject the window shown in Figure 1.

It shows that there are multiple wireless networks available, double-click Tp-link to connect to the wireless router, and then connect successfully.

(2) Open IE Browser, enter IP address: 192.168.1.1 (wireless router default LAN IP address).

(3) Login to the wireless Router Management interface (username: admin, Password: admin).

Click the LAN port settings option under Network Parameters on the left side of the interface to set the IP address to 192.168.1.8 and save.

(4) Open IE browser, enter IP address: 192.168.1.8, login to the wireless Router management interface (Note This experiment Select Tp-link wireless router,

Other branded products such as Cisco have similar configuration options, click the Basic Settings option under Wireless settings on the left side of the interface.

1 Select "Mode" as "54Mbps (802.11g)";

2 Select "Key format" as "ASCII code";

3 Select "Key Type" as "64-bit";

4 Set "Key 1" as "PJWEP";

5) Click "Save".

(5) When the wireless router has set the WEP key, the STA1 will need to reconnect the wireless router (the key entered is the same as the key set by the wireless router), and the connection will be successful in a few minutes.

(6) Open IE browser, enter IP address: 192.168.1.8, login to the wireless router management interface, click the DHCP service option under DHCP server on the left side of the interface, click "Do not enable" and save, as shown in Figure 8, click "Restart Router" under System Tools Reboot the router.

5, break the WEP, WPA key software download

STA3 from the Internet to download the software used to crack the key, the specific steps are as follows:

(1) In the Google search page, enter "Winaircrackpack download" to search.

Click on the above page "Security Focus: Security Tool-winaircrackpack.zip", pop-up the following page.

(2) Click "Download" to save the software, can extract to any location on the local disk (below we extract to the e-packing directory for example).

6, install the Bag wireless network card

Note: The driver used for grasping the packet wireless card adopts Atheros v4.2.1, the card must adopt Atheros AR5001, AR5002, AR5004, AR5005 or AR5006 chipset, the network card of the following table can be used, this experiment we adopt Netgear 108M Wireless network card (model: WG511T).

(1) on the STA3 notebook to install a grab packet wireless card driver. Insert the wireless network card and eject the window shown in Figure 11. Select No, temporarily not, and click Next.

(2) Select Install from list or specified location and click Next.

(3) Select "Do not Search" and click "Next".

(4) Click "Install from Disk", click "Browse" in the pop-up window, select e:winaircrackpackatheros421@ (the net5211 file in the directory, click "Open", click "OK", click "Next" to eject the window shown during the installation process.)

7, break the WEP key

(1) Let STA1 and STA2 reconnect to the wireless router.

(2) in STA3 notebook computer running airodump, the tool used to capture packets, followed by the prompts to select "16": Crack the serial number of the wireless network card;

"A", select the chip type, here select Atheros chip;

"6", channel number, General 1, 6, 11 is commonly used channel number, select "0" can collect all channel information;

"Testwep" (the input file name can be arbitrary);

"Y", when cracking WEP choose "Y", cracking WPA Select "N".

(3) Enter the following interface after entering the carriage.

(4) When the AP's communication data flow is extremely frequent (for example, can use STA1 and STA2 to copy files to generate data flow), "Packets" corresponding to the increase in the number of numerical growth. When probably caught 300,000 (such as using 104-bit RC4 encryption need to catch 1 million packets) "Packets" Close the Airodump window, start Winaircrack.

(5) Click "General" on the left to set, select the encryption type is "WEP", add the captured file (Testwep.ivs).

(6) Click on the left side of the "Advanced" to set up, select "Aircrack" location.

(7) After all settings, click on the lower right corner of the "Aircrack the Key" button pop-up the following window.

(8) Choose to crack the network BSSID (This experiment select "1"), enter the final WEP key.

8, crack the WPA key

(1) Modify the encryption type and encryption method of the wireless router, and set it to WPA-PSK authentication and TKIP encryption mode.

(2) Run Airodump on STA3 notebook, which is used to capture packets, select "A", "6", "TESTWPA" (the input file name can be arbitrary), "n".

(3) Enter the following interface after carriage

(4) Let STA1 reconnect to the wireless router, Airodump will capture a wireless router and STA1 four times handshake process.

(5) Start Winaircrack.

(6) Click "General" on the left to set, select the encryption type "WPA-PSK", add the captured file (Testwpa.cap).

(7) Click on the left side of the "Wpa" to set up, select a dictionary file (password dictionary can be downloaded: for example, lastbit.com/dict.asp).

(8) After all settings, click on the lower right corner of the "Aircrack the Key" button pop-up the following window, you have caught a handshake process.

(9) Choose to crack the network of BSSID (this experiment select "2"), after a few minutes after the return of the calculation, finally get the WPA key.

9, cracked the key to the network after the harm of a case (forged AP)

Once the intruder knows the WEP or WPA key of the wireless network, it can connect to the local LAN so that the intruder has the same access to the entire network as the normal access user, and carries out a deep attack. Intruders can use tools such as Ipbook,superscan to scan computers in a local area network, files, directories, or entire hard drives in a computer can be copied or deleted, or even worse, such as Keylogger, Trojan Horse, Spyware or other malicious programs can be installed into your system, and the consequences are very serious.

(1) Introduction

When a WEP or WPA password is cracked, an intruder may construct a bogus network with the password and other wireless access points (AP). When the signal of the camouflage AP is stronger than that of the normal AP or the user near the camouflage AP, the normal user will naturally access the fake network, and the network is not felt for the users themselves. In the normal user mail, we can use similar tools such as Cain POP3, Telnet, such as password cracking attacks.

(2) POP3 Password crack

1) Open Cain.

2 Click the menu bar "Configure" to pop up the following window.

3 Select a network adapter that will be used to grab the packet, click "OK", select "" and "", and then click "" To start monitoring the grab bag.

4 Normal users start to receive mail, the software can be the mailbox login name and password to capture.

(3) The harm after being cracked

When hackers steal your mailbox's username, password, POP3 server, and SMTP server's IP address, you can access your mailbox directly, and your email message will be completely exposed to the hacker.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.