ComputerSecurityStudent (CSS) [Login] [Join Now]




|SECURITY TOOLS >> Wireless Cracking >> Current Page |Views: 20886

(Wireless: Lesson 1)

{ Hacking WEP Encryption from A to Z }


Section 0. Background Information
  1. WEP Cracking Overview
    • In this lab, I will show you how to do the following:
      1. How to obtain/buy the type of wireless card that is compatible with Backtrack that allows for packet injection.
        • Note:  If you don't already have this special wireless card, please purchase it from this webpage and I will receive a 3% commission.
      2. Where to download the Linksys USB54GC ver 3 drivers.
      3. How to Install the Linksys USB54GC ver 3 drivers.
      4. How to use BackTrack to crack the WEP cipher of a live router.
      5. How to connect to the victim router once after the key is cracked.

       

  2. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • 2013 No content replication of any kind is allowed without express written permission.

 

Section 1. Obtaining Your BackTrack Compatible Wireless Card
  1. Obtain a BackTrack Compatible Wireless Card
    • Instructions:
      1. You can purchase your BackTrack Compatible Wireless Card from this website using the following choices on your far right.
      2. For this lab I will be using Linksys WUSB54GC ver 3.
    • Other BackTrack Compatible Wireless Cards:
      1. http://www.backtrack-linux.org/wiki/index.php/Wireless_Drivers#Wireless_Drivers
        1. AWUS036H (rtl8187, r8187) - both mac80211 and IEEE drivers - passed
        2. AWUS036NH (Ralink RT2870/3070) - using the mac80211 rt2x00usb drivers - passed
        3. BCM4312 802.11b/g LP-PHY (rev 01) - using the mac80211 b43, works well - passed
        4. Rockland N3 - (Ralink RT2870/3070) - using the mac80211 rt2x00usb drivers -passed
        5. Edimax EW-7318USG USB - (Ralink RT2501/RT2573) - using the mac80211 rt2500usb/rt73usb drivers -passed
        6. ASUSTek Computer, Inc. RT2573 - using the mac80211 rt2500usb/rt73usb drivers -passed
        7. Linksys WUSB54GC ver 3 - using the mac80211 rt2800usb drivers -passed
        8. Ubiquiti SRC - using the mac80211 ath9k drivers-passed
        9. Internal Intel Corporation PRO/Wireless 3945ABG - using the mac80211 iwl3945 drivers-passed
        10. Dlink WNA-2330 PCMCIA - using the mac80211 ath5k drivers-passed
        11. Atheros Communications Inc. AR9285 Wireless Network Adapter (PCI-Express) (rev 01) - using the mac80211 ath9k drivers-passed
        12. Netgear wg111v2 - using the mac80211 rtl8187 drivers-passed
        13. ZyXEL AG-225H v2 - using the mac80211 zd1211 drivers - passed
        14. Intel 4956/5xxx - using the iwlagn drivers - passed

 

Section 2. Installing the Wireless Card
  1. Obtain a BackTrack Compatible Wireless Card Drivers

     

  2. Saving the Driver
    • Instructions:
      1. On my Host machine, I am saving the driver to the following location.
      2. C:\Linksys Drivers\

     

  3. Extract Files
    • Instructions:
      1. Right Click on x64,0.zip
        • Note: In my case, I download the 64 bit version.  If you selected the 32 bit version for Windows 7, you will see x86,0.zip
      2. Extract to x64,0

     

  4. Insert your Card
    • Instructions:
      1. Insert your Wireless 802.11 g wlan linksys card into the host machine.

     

  5. Bring up Device Manager
    • Instructions:
      1. Start --> Control Panel --> System --> Device Manager

     

  6. Select Device for the Driver Installation
    • Instructions:
      1. Right Click on 802.11 g WLAN
      2. Select Update Driver Software

     

  7. Select Driver Location
    • Instructions:
      1. Click on Browse my computer

     

  8. Browse to Driver Location
    • Instructions:
      1. Click on Browse Button
      2. Navigate to the location where you save the Linksys Drivers.
      3. Click Next.

     

  9. Windows Success Message
    • Instructions:
      1. Click the Close Button.

 

Section 3. Configure BackTrack Virtual Machine Settings
  1. Open Your VMware Player
    • Instructions:
      1. On Your Host Computer, Go To
      2. Start --> All Program --> VMWare --> VMWare Player

     

  2. Edit BackTrack Virtual Machine Settings
    • Instructions:
      1. Highlight BackTrack5R1
      2. Click Edit virtual machine settings

     

  3. Edit Network Adapter
    • Instructions:
      1. Highlight Network Adapter
      2. Select Bridged
      3. Do not Click on the OK Button.
  1. Edit USB Controller
    • Instructions:
      1. Highlight USB Controller
      2. Select the first three check boxes, especially the "Show all USB input devices" checkbox.
      3. Click on the OK Button.

 

Section 4. Login to BackTrack
  1. Start BackTrack VM Instance
    • Instructions:
      1. Start Up VMWare Player
      2. Select BackTrack5R1
      3. Play virtual machine

     

  2. USB Device Message
    • Instructions:
      1. If you see this USB Device Message, Select OK.

     

  3. Login to BackTrack
    • Instructions:
      1. Login: root
      2. Password: toor or <whatever you changed it to>.

     

  4. Connect the Wireless Linksys 802.11g wlan card
    • Instructions:
      1. Virtual Machine --> Virtual Machine Settings --> Removable Devices --> linksys 802.11 g wlan --> Connect

     

  5. USB Device Message
    • Instructions:
      1. If you see this USB Device Message, Select OK.

     

  6. Verify Wireless Card is Visible for the BackTrack VM.
    • Instructions:
      1. Look at the VMWare Tray in the lower right corner.
      2. Look for a USB Icon.
      3. If you run your mouse over the USB Icon, it should say Linksys 802.11g wlan.

     

  7. Verify ifconfig see the wireless card
    • Instructions:
      1. ifconfig -a
    • Note:
      • You should see another interface called wlan0.
      • If you do, then you are well on your way to hacking WEP.

     

  8. Bring up the GNOME
    • Instructions:
      1. Type startx

 

Section 5. Bring up a console terminal and Load mac80211 Drivers
  1. Open a console terminal
    • Instructions:
      1. Click on the console terminal

     

  2. Load Drivers
    • Instructions:
      1. modprobe rtl8187
        • The character after the "t" is not a one.
        • The character after the "8" is a one.

 

Section 6. Enable Monitor Mode
  1. Enable Monitor Mode
    • Instructions:
      1. airmon-ng start wlan0

 

Section 7. View Surrounding Wireless Networks
  1. View surrounding wireless networks
    • Instructions:
      1. airodump-ng mon0

     

  2. Finding a potential victim
    • Instructions:
      1. Look at the CIPHER column for anybody using WEP.
      2. For our purposes, I have set up Linksys WRT54G router called WEBCRACK, that is running WEP.
      3. Hit your <Ctrl>-c keys to stop the scan.
      4. Copy its BSSID, which is 00:1C:10:2E:AF:99.
        • Note: If you are not part of this class, your BSSID will be different.

 

Section 8. Let the Injection and Cracking Begin
  1. Open Two Terminal Consoles
    • Instructions:
      1. Click the terminal console icon twice and position your screens like mine.

     

  2. Fire up airodump
    • Instructions:
      1. airodump-ng -w wep -c 6 --bssid 00:1C:10:2E:AF:99 mon0
    • Note:
      • The BSSID was obtained in Section 7, Step 2.
      • After you press enter, you will see the Beacon number start to grow.

     

  3. Send Authentication Request to Victim
    • Instructions:
      1. Type the below command in the bottom window.
      2. aireplay-ng -1 0 -a 00:1C:10:2E:AF:99 mon0
    • Note:
      • The BSSID was obtained in Section 7, Step 2.

     

  4. Send Authentication Request to Victim
    • Instructions:
      1. Type the below command in the bottom window.
      2. aireplay-ng -3 -b 00:1C:10:2E:AF:99 mon0
    • Note:
      • The BSSID was obtained in Section 7, Step 2.
      • aireplay is used to create traffic between BackTrack and the Victim router, when then router is up, but there is no current network traffic.

     

  5. Informational Message
    • Instructions:
      1. In the top window, you will see numbers increment for both the Beacons and Data columns.
      2. In the bottom window, you will see packets being sent between BackTrack and the Victim router.

     

  6. Informational Message
    • Instructions:
      1. Once the #Data number column passes 30000, then do the following:
      2. Click in the Top Window, Press <Ctrl>-c key.
      3. Click in the Bottom Window, Press <Ctrl>-c key.

     

  7. Crack the wep cap file
    • Instructions:
      1. Click in the bottom window
      2. aircrack-ng wep-01.cap

     

  8. Viewing aircrack results
    • Instructions:
      1. In the bottom window, you will see a message saying key FOUND.
      2. You will use the 90A322AD63 key for the next section.
    • Note:
      • In those of you not in my class, you key will be different.

 

Section 9. Let's test the key
  1. On the VMWare Host Machine
    • Instructions:
      1. Click on the Wireless Connection Icon
      2. Click on WEPCRACK

     

  2. Connect to the WEPCRACK router
    • Instructions:
      1. Click the Connect Button

     

  3. Supply the cracked security key to the WEPCRACK router
    • Instructions:
      1. Supply the security key you obtained in Section 8, Step 8.
      2. We obtained the following key --> 90A322AD63.
        • Note: If you part of my class, you key will be different.
      3. Put the key in the security key textbox.
      4. Click OK.

     

  4. Congratulations
    • Instructions:
      1. Click on the Wireless Connection Icon.
      2. You should see that you are now connected.

 

Section 10. Proof of Lab
  1. Proof of Lab
    • Instructions
    • :
      1. ls -l /root/* | grep wep-01.cap
      2. date
      3. echo "Your Name"
        • Replace the string "Your Name" with your actual name.
        • E.g., echo "John Gray"
    • Proof Of Lab Instructions:
      1. Do a PrtScn
      2. Paste into a word document
      3. Upload to Moodle


Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth