With the popularity of wireless networks and mobile computing, an overall understanding of common security issues has become not only relevant, but very necessary for both home/SOHO users and IT professionals alike. This article is aimed at illustrating current security flaws in WEP/WPA/WPA2.
Successfully cracking a wireless network assumes some basic familiarity with networking principles and terminology, as well as working with command-line tools. A basic familiarity with Linux can be helpful as well.
Nowadays, malaysian people are using wireless streamyx modem that come from TM. actually that modem only support WEP encryption to secure their network. I tell you that WEP encryption is the low-level type of encryption. Which mean that you can easily crack or hack the network only about 3 - 5 minutes. The most safe way to encrypt your wireless is by using WPA2 encryption. People can still hack WPA2 but it take longer time to hack that password. And now, i want to show you how to hack WEP password from your neighbor streamyx..heheheh
To hack WEP, i use Backtrack 4
(click the picture to enlarge)
Tools used in BT4 to hack WEP :
airmon-ng - script used for switching the wireless network card to monitor mode
airodump-ng - for WLAN monitoring and capturing network packets
aireplay-ng - used to generate additional traffic on the wireless network
aircrack-ng - used to recover the WEP key, or launch a dictionary attack on WPA-PSK using the captured data.
1. Setup (airmon-ng)
As mentioned above, to capture network traffic wihtout being associated with an access point, we need to set the wireless network card in monitor mode. To do that under linux, in a terminal window (logged in as root), type:
iwconfig (to find all wireless network interfaces and their status)
airmon-ng start wlan0 (to set in monitor mode, you may have to substitute wlan0 for your own interface name)
(click the picture to enlarge)
2. Recon Stage (airodump-ng)
This step assumes you've already set your wireless network interface in monitor mode. It can be checked by executing the iwconfig command. Next step is finding available wireless networks, and choosing your target:
airodump-ng wlan0 - monitors all channels, listing available access points and associated clients within range. It is best to select a target network with strong signal (PWR column), more traffic (Beacons/Data columns) and associated clients (listed below all access points). Once you've selected a target, note its Channel and BSSID (MAC address). Also note any STATION associated with the same BSSID (client MAC addresses).
(click the picture to enlarge)
3. Capture Data (airodump-ng)
To capture data into a file, we use the airodump-ng tool again, with some additional switches to target a specific AP and channel. Most importantly, you should restrict monitoring to a single channel to speed up data collection, otherwise the wireless card has to alternate between all channels. Assuming our wireless card is mon0, and we want to capture packets on channel 6 into a text file called data:
airodump-ng -c 6 -w crack_dlink --bssid 00:19:5b:96:92:38 wlan0 (-c6 switch would capture data on channel 6, bssid 00:19:5b:96:92:38 is the MAC address of our target access point, -w data specifies that we want to save captured packets into a file called "data" in the current directory, mon0 is our wireless network adapter). After that, something will appear as the picture below.
(click the picture to enlarge)
4. Associates the network(aireplay-ng)
Open new console, then type:
aireplay-ng -1 0 -a bssid interface
aireplay-ng -1 0 -a 00:19:5b:96:92:38 wlan0
then, something will appear until you see Association succesfull : - ) (AID: 1)
(click the picture to enlarge)
5. Increase Traffic (aireplay-ng) - optional step for WEP cracking
An active network can usually be penetrated within a few minutes. However, slow networks can take hours, even days to collect enough data for recovering the WEP key.
This optional step allows a compatible network interface to inject/generate packets to increase traffic on the wireless network, therefore greatly reducing the time required for capturing data. The aireplay-ng command should be executed in a separate terminal window, concurrent to airodump-ng. It requires a compatible network card and driver that allows for injection mode.
Assuming your network card is capable of injecting packets, in a separate terminal window try:
aireplay-ng -3 -b 00:19:5b:96:92:38 wlan0-3 --> this specifies the type of attack, in our case ARP-request replay
-b ..... --> MAC address of access point
wlan0 --> our wireless network interface
Then, minimize this windows and open the step 3(capture data) windows. you will see that your data is increasing faster..don forget to wait the data until 30000 or more.30000 is enough already.(click the picture to enlarge)
(click the picture to enlarge)
6. Crack WEP (aircrack-ng)
WEP cracking is a simple process, only requiring collection of enough data to then extract the key and connect to the network. You can crack the WEP key while capturing data. In fact, aircrack-ng will re-attempt cracking the key after every 5000 packets.
To attempt recovering the WEP key, in a new terminal window, type:
aircrack-ng crack_dlink-01.cap (assuming your capture file is called data...cap, and is located in the same directory)-crack_dlink is the file contain the captured data that you create early as in the step 3....the result is.....
(click the picture to enlarge)
And now you can use free internet at your home area........
