Hacking other people's WLAN is illegal and unethical. This article is not about penetrating foreing WLANs but about learning someting about security. The techniques described here apply the encryption with WEP, not WPA. I have successfully installed the tools on Fedora Core 3 (FC3) and Fedora Core 4 (FC4). It is amazing how many believe that hiding their SSID or rejecting foreign MAC addresses is secure enough. The reality is somehow different: even a WEP-Encryption with 128 bits key is not secure. I recommend anyone having a WLAN to try the techniques from this article and find out how easy it is for someone with bad intentions to penetrate a wireless lan. This article focuses on installing and using the available tools to detect a wireless network, gather the required details and crack its WEP encryption: Installing and using kismet, aireplay, airodump and aircrack
Collecting encrypted packets
Cracking the WEP key from collected data
Common techniques and attacks on WLANs
For those who don't want to configure their Linux to do this there is pre-configured Live CDs worth looking at: The Auditor distro from Remote Exploit
1. References There are many source about this matter. I especially recommend these: How to crack WEP part 1
How to crack WEP part 2
How to crack WEP part 3
The remote exploit forum
The remote exploit Auditor Live CD
WHAX, another Live CD (currently merging with Auditor)
The aircrack tools-suite documentation
Kismet crack 64 bit
Some access points are configured not to broadcast their SSIDs. The access point is still shown in kismet but the SSID is not displayed. The SSID can be recovered using aireplay: aireplay -0 2 -a ath0
Channel Utilization MonitoringKismet WIDS alertingThis worked great, but I soon noticed that Kismet also was logging WPA handshakes for client connections. Which made me wonder, could kismet be used as an attack platform?
Cracking is the process of exploiting security weaknesses in wireless networks and gaining unauthorized access. WEP cracking refers to exploits on networks that use WEP to implement security controls. There are basically two types of cracks namely;
WPA uses a 256 pre-shared key or passphrase for authentications. Short passphrases are vulnerable to dictionary attacks and other attacks that can be used to crack passwords. The following WiFi hacker online tools can be used to crack WPA keys.
It is possible to crack the WEP/WPA keys used to gain access to a wireless network. Doing so requires software and hardware resources, and patience. The success of such WiFi password hacking attacks can also depend on how active and inactive the users of the target network are.
In this practical scenario, we are going to learn how to crack WiFi password. We will use Cain and Abel to decode the stored wireless network passwords in Windows. We will also provide useful information that can be used to crack the WEP and WPA keys of wireless networks.
Hydra is a parallelized login cracker and pen testing tool. It is very fast and flexible, and new modules are easy to add. This tool allows researchers and security consultants to find unauthorized access.
John the Ripper known as JTR is a very popular password cracking tool. It is primarily used to perform dictionary attacks. It helps identify weak password vulnerabilities in a network. It also supports users from brute force and rainbow crack attacks.
The basic idea is to capture as much encrypted traffic as possible using airodump-ng. Each WEP data packet has an associated 3-byte Initialization Vector (IV): after a sufficient number of data packets have been collected, run aircrack-ng on the resulting capture file. aircrack-ng will then perform a set of statistical attacks developed by a talented hacker named KoreK.
WEP cracking is not an exact science. The number of required IVs depends on the WEP key length, and it also depends on your luck. Usually, 40-bit WEP (64 bit key) can be cracked with 300,000 IVs, and 104-bit WEP (128 bit key) can be cracked with 1,500,000 IVs; if you're out of luck you may need two million IVs, or more.
The figures above are based on using the Korek method. With the introduction of the PTW technique in aircrack-ng 0.9 and above, the number of data packets required to crack WEP is dramatically lowered. Using this technique, 40-bit WEP (64 bit key) can be cracked with as few as 20,000 data packets and 104-bit WEP (128 bit key) with 40,000 data packets. PTW is limited to 40 and 104 bit keys lengths. Keep in mind that it can take 100K packets or more even using the PTW method. Additionally, PTW only works properly with selected packet types. Aircrack-ng defaults to the PTW method and you must manually specify the Korek method in order to use it.
The easiest way is do an Internet search for word lists and dictionaries. Also check out web sites for password cracking tools. Many times they have references to word lists. A few sources follow. Please add comments or additions to this thread: -ng.org/index.php?topic=1373.0.
WPA2 (aka 802.11i) is exactly the same as WPA1, except that CCMP (AES in counter mode) is used instead of RC4 and HMAC-SHA1 is used instead of HMAC-MD5 for the EAPOL MIC. Bottom line, WPA2 is a bit better than WPA1, but neither are going to be cracked in the near future.
Also, it can be a firmware problem. Old firmwares have trouble with test mode 0x0A (used by the HostAP / wlan-ng injection patches), so make sure yours is up to date (see Prism2 flashing for instructions). The recommended station firmware version is 1.7.4. If it doesn't work well (kismet or airodump-ng stalls after capturing a couple of packets), try STA 1.5.6 instead (either s1010506.hex for old Prism2 cards, or sf010506.hex for newer ones).
Yes, aircrack-ng suite successfully been run under VMware. One thing about doing VMware, you can't use PCMCIA or PCI cards. You can ONLY use compatible USB wireless cards. Some limited additional information is available here:
The aircrack-ng suite has limited Mac OS X support. Currently it only supports the following tools: aircrack-ng, packetforge-ng, ivstools and makeivs. Any program which requires opening a wireless interface is not supported.
That depends. Did they provide any sort of value-added product or service, such as installation support, installation media, training, trace file analysis, or funky-colored socks? Probably not.Aircrack-ng is available for anyone to download, absolutely free, at any time. Paying for a copy implies that you should get something for your money.
aircrack-ng is an 802.11a/b/g WEP/WPA cracking program that can recover a40-bit, 104-bit, 256-bit or 512-bit WEP key once enough encrypted packetshave been gathered. Also it can attack WPA1/2 networks with some advancedmethods or simply by brute force.
It implements the standard FMS attack along with some optimizations,thus making the attack much faster compared to other WEP cracking tools.It can also fully use a multiprocessor system to its full power in orderto speed up the cracking process.
aircrack-ng -s /pathto/your/FILENAMEHERE-01.ivsaircrack-ng is the script name-s tells the script to decode the key into ASCII plain-text for you to view/pathto/your/FILENAMEHERE-01.ivs is the directory and filename you gave to airodump eariler, followed by -01. Thus, a file you named key in airodump earlier will now become key-01.ivs
In the case that it fails, simply wait a few minutes and try again. You should be able to crack a 128bit WEP key in far less than 45 minutes. Bear in mind that there must be at least one active client connected to the AP for this to work. You can use the -p 0841 method if there are no active clients, which I will describe in another tutorial.
First step, we need to find a network to crack. Start up kismet and start sniffing out APs. Leave it on for a bit so that it can discover all the important information about the networks in your vicinity. What we want from kismet is:
There are different ways in which you can help and provide support to the kismet development financially if you wish to; support is something that is always appreciated but never required. Kismet is, therefore, an open-source tool.
If you want help support kismet dev and carry a Raspberry Pi Ow, Ubertooth One or any Yardstick one that requires some kismet love, then you can always get the acrylic cut cases there at the kismet Tindie support.
If you do not want to penetrate vulnerabilities in a system, then you have the opportunity to use weak passwords to penetrate the system. A popular tool for cracking passwords is John the Ripper, which uses a brute force attack to crack the password, but this process can take a long time. This is where crunch comes in, as this tool can generate word lists. For the cracking of logins, the tool can THC-Hydra be used. This one has support for many different logins.
Also in the area of radio systems, Kali Linux offers a variety of tools with which you can crack systems. For the area of WLAN systems, there is Aircrack-ng, which makes it possible to carry out various attacks on WEP, WPA and WPA2. Another tool in this area is Reaver. It starts with the WPS standard but is not always reliable when cracking. In all of the other wireless areas can with RTLSDR work, but this presupposes the jewelige antenna for transmitting and receiving signals. usb wifi adapter monitor mode
aircrack-ng, which also airmon-ng belongs. You can feel it by entering and pressing the Tab key twice. For example, you can demonstrate with the credulity of most wireless LAN clients: The tool spans a virtual Wi-Fi hotspot of arbitrary name (SSID). If the SSID corresponds to the identifier of an unencrypted WLAN that one of the clients is aware of within wireless range, the latter attempts to establish a connection. air airbase-ng 2ff7e9595c