simple_wep_crack
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
simple_wep_crack [2009/09/26 14:36] – Fixed typos darkaudax | simple_wep_crack [2018/03/11 20:13] (current) – [Introduction] Removed link to trac mister_x | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Tutorial: Simple WEP Crack ====== | ====== Tutorial: Simple WEP Crack ====== | ||
- | Version: 1.10 September 26, 2009\\ | + | Version: 1.20 January 11, 2010\\ |
By: darkAudax | By: darkAudax | ||
Line 6: | Line 6: | ||
This tutorial walks you though a very simple case to crack a WEP key. It is intended to build your basic skills and get you familiar with the concepts. | This tutorial walks you though a very simple case to crack a WEP key. It is intended to build your basic skills and get you familiar with the concepts. | ||
+ | |||
+ | The basic concept behind this tutorial is using aireplay-ng replay an ARP packet to generate new unique IVs. In turn, aircrack-ng uses the new unique IVs to crack the WEP key. It is important to understand what an ARP packet is. This [[arp-request_reinjection# | ||
For a start to finish newbie guide, see the [[newbie_guide|Linux Newbie Guide]]. | For a start to finish newbie guide, see the [[newbie_guide|Linux Newbie Guide]]. | ||
It is recommended that you experiment with your home wireless access point to get familiar with these ideas and techniques. If you do not own a particular access point, please remember to get permission from the owner prior to playing with it. | It is recommended that you experiment with your home wireless access point to get familiar with these ideas and techniques. If you do not own a particular access point, please remember to get permission from the owner prior to playing with it. | ||
- | |||
- | I would like to acknowledge and thank the [[http:// | ||
Please send me any constructive feedback, positive or negative. Additional troubleshooting ideas and tips are especially welcome. | Please send me any constructive feedback, positive or negative. Additional troubleshooting ideas and tips are especially welcome. | ||
Line 115: | Line 115: | ||
Tx excessive retries: | Tx excessive retries: | ||
- | In the response above, you can see that ath0 is in monitor mode, on the 2.452GHz frequency which is channel 9 and the Access Point shows the MAC address of your wireless card. Please note that only the madwifi-ng drivers show the MAC address of your wireless card, the other drivers do not do this. So everything is good. | + | In the response above, you can see that ath0 is in monitor mode, on the 2.452GHz frequency which is channel 9 and the Access Point shows the MAC address of your wireless card. Please note that only the madwifi-ng drivers show the MAC address of your wireless card, the other drivers do not do this. So everything is good. It is important to confirm all this information prior to proceeding, otherwise the following steps will not work properly. |
To match the frequency to the channel, check out: | To match the frequency to the channel, check out: | ||
- | http://www.rflinx.com/help/calculations/# | + | http://www.cisco.com/en/US/ |
Line 264: | Line 264: | ||
| | ||
- | It will start listening for ARP requests and when it hears one, aireplay-ng will immediately start to inject it. | + | It will start listening for ARP requests and when it hears one, aireplay-ng will immediately start to inject it. |
Here is what the screen looks like when ARP requests are being injected: | Here is what the screen looks like when ARP requests are being injected: | ||
Line 285: | Line 285: | ||
Note: For learning purposes, you should use a 64 bit WEP key on your AP to speed up the cracking process. | Note: For learning purposes, you should use a 64 bit WEP key on your AP to speed up the cracking process. | ||
- | Two methods will be shown. | + | Two methods will be shown. |
Start another console session and enter: | Start another console session and enter: | ||
- | | + | |
Where: | Where: | ||
- | * -z invokes the PTW WEP-cracking method. | ||
* -b 00: | * -b 00: | ||
* output*.cap selects all files starting with " | * output*.cap selects all files starting with " | ||
- | To also use the FMS/KoreK method, start another console session and enter: | + | To also use the FMS/Korek method, start another console session and enter: |
- | | + | |
Where: | Where: | ||
+ | * -K invokes the FMS/Korek method | ||
* -b 00: | * -b 00: | ||
* output*.cap selects all files starting with " | * output*.cap selects all files starting with " | ||
Line 331: | Line 331: | ||
* Be sure to read all the documentation on the Wiki for the various commands used in this tutorial. | * Be sure to read all the documentation on the Wiki for the various commands used in this tutorial. | ||
* See [[i_am_injecting_but_the_ivs_don_t_increase|Tutorial: | * See [[i_am_injecting_but_the_ivs_don_t_increase|Tutorial: | ||
+ | |||
+ | |||
+ | ===== Generating ARPs ===== | ||
+ | |||
+ | In order for this tutorial to work, you must receive at least one ARP packet. | ||
simple_wep_crack.1253968616.txt.gz · Last modified: 2009/09/26 14:36 by darkaudax