Cracking WEP wireless network

     Online encryption is important but most people I’ve come across never give a second thought about it. They don’t think that a hacker will hack them because they are just ordinary people. But we regular folks are the ones they are after! They use minions to achieve their wicked goals because they are disposable. This post will be a 3 part series that demonstrates how to infiltrate a wireless network with WEP encryption, sniff the network traffic, and then use the data collected to impersonate a user. The goal is to raise awareness on how vulnerable wireless connections are.

     There are hundreds of articles online that will teach you how to crack a wireless network. Now there is another one.

1) Download Backtrack ISO and burn it to CD and then boot from the disc.
       You don’t need to install the program but you can
       I will be using the BT5R3-GNOME-32 for this demonstration
2) Once it is installed or booted up, login and start the GUI
       Default user name is root and the password is toor
       Type startx to start the GUI
3) The tool we will use is Gerix
       Navigate to: Applications, BackTrack, Exploitations Tools, WLAN Exploitation, gerix-wifi-cracker-ng

4) Click the configuration tab and highlight your wireless adapter (wlan0) listed under interface
       If there is no adapter present, refer to the notes at the end of this article
5) Click enable/disable monitor mode to create a new interface (mon0)
       Highlight mon0 and set a random mac address

6) Scroll down and click rescan networks
       After the wireless network appears, select one from the list with WEP encryption and decent signal strength

7) Navigate to the WEP tab and start sniffing
       A box will appear, just move it aside, don’t close it
          The number below #Data is what we are monitoring
          The more traffic on the network the more we get, but we can inject stuff to make traffic

If no one is on the network then you will need to simulate traffic, click test injection to see if the AP is vulnerable.

8) Try a Chopchop attack first, Crate an ARP packet to be injected the Inject the create ARP packet
       Another window will pop up and ask you if want to inject with the created packet, type Y and hit enter
       This will help you get more #Data (try fragmentation injection if it doesn’t work)

9) Once you have at least 5000, try and crack
       Click on the Cracking tab and click on Decrypt WEP password

     Another Window will pop up and will display the password when successful

If you don’t have enough #Data it will not be successful, wait to get more and click Decrypt WEP again when you have more (10,000 or 15,000)


     Gerix is just a GUI for the aircrack-ng, for full functionality, your wireless adapter chipset will need to support injection. The list of supported chipsets can be found here the page has not been modified since 2011, so there are probably more chipsets on the market that is supported.

Windows 8 wireless issues

I have 2 SSD drives in my laptop, one is the 180GB Intel 520 with Windows 7 Pro installed and the other is Mushkin Enhanced mSATA 120GB drive with Windows 8 Pro installed. I have noticed issues in multiple locations where Windows 8 would experience frequently dropped packets when connected to a wireless access point. I would boot back into Windows 7 and it did not exhibit the same behavior so I suspect it is not specific to the hardware. While in Windows 8, I plugged in a TP-Link USB wireless adapter (TL-WN722N use the AR9271 Chipset) and did not experience any issues with it either. I only saw issues when running Windows 8 while using the on board wireless adapter. It makes me sad because the Intel Centrino 6205 wireless adapter are great for penetration testing but using it along side with Windows 8 will inhibit your ability to work productively from some locations.

After battling it for many months I think I nailed it down to two things:

1) Change the advanced power settings of the wireless adapter to never go to sleep
2) Disabled the multi-band frequency settings of the wireless adapter

The first part will need to be configured in the Windows control panel, under power options, and advanced power settings & wireless adapter settings – set everything to maximum performance.

The second change needs to be made under the wireless adapter properties. Open the advanced settings tab for the wireless adapter properties and scroll down to wireless mode and change the band to G only.

This is not an ideal solution if you plan on using multiple frequencies but at least it will stabilize your wireless connection. I don't know why it is a problem in some locations and not all. Maybe because it is the wireless router? I have not tested but I bet disabling ABN on the access point and only allowing G will fix the problem as well. But it is much easier to change the adapter's setting on your laptop than every wireless hotspot you visit.