Okay, before we begin, I give yous fun facts on WEP.
FUN FACTS:
-WEP stands for Wired Equivalent Privacy
-WEP is used to secure wireless networks from eavesdroppers
-WEP usually takes hours to crack
WEP has always been a long and tedious job, untill recently, when two FBI agents demonstrated how it´s possible to crack WEP in under 4 minutes (3 to be exact).
Here is how they did it:
1. Run Kismet to find your target network. Get the SSID and the channel.
2. Run Airodump and start capturing data.
3. With Aireplay, start replaying a packet on the target network. (You can find a ‘good packet’ by looking at the BSSID MAC on Kismet and comparing it to the captured packet’s BSSID MAC).
4. Watch as Airodump goes crazy with new IVs. Thanks to Aireplay.
5. Stop Airodump when you have about 1,000 IVs.
6. Run Aircrack on the captured file.
7. You should see the WEP key infront of you now.
PROGRAMS USED:
-Kismet
Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
It is designed for Linux.
You can download it at www.kismetwireless.net
A windows version can be downloaded at http://www.renderlab.net/projects/wrt54g/kiswin.html
-Aircrack (Includes Airodump, Aireplay, Aircrack and optional Airdecap for decrypting WEP/WPA capture files)
Aircrack is the 802.11 WEP and WPA-PSK keys cracking program that can recover this keys once enough encrypted packets have been captured with airodump.
Airdecap is used to decrypt WEP/WPA capture files.
Airmon can be used to configure the wireless card.
Aireplay is used to inject frames.
Airodump is used for packet capturing of raw 802.11 frames and is particularly suitable for collecting WEP IVs (initialization vectors) for the intent of using them with aircrack-ng.
Download the whole suit at www.aircrack-ng.org
No comments:
Post a Comment