个人工具

UbuntuHelp:CrackingWEP

来自Ubuntu中文

跳转至: 导航, 搜索

<<Include(Tag/Moving)>> This page is provided for educational purposes only. Gaining access to networks without permission is illegal

Cracking WEP with Ubuntu dapper 6.06

This entry should enable anyone to get Linux up and running and crack a WEP key. It took me about 2 days and myriad tutorials to finally get this to work, and now that I have I feel that I should share it with everyone. I am by no means a Linux expert, but this works regardless. All you need is a old laptop with a wireless card and a copy of Ubuntu Linux, currently one of the most popular and easily installed distributions of linux. If you haven’t already bought a wireless card, you should select one from this list to save yourself some trouble. 1. The first step is to add the extra repositories.Adding|Repositories Make sure your box can connect to the internet. If you can only connect via wireless and are having problems, there is a package called Wi-Fi radar that is helpful. 2. Now we have to install build-essential, linux-source, linux-headers and shareutils packages from the repository and aircrack, kismet, and airsnort packages from the Universer Repository. 3. Next, you should update your entire system and once that is done reboot your system. After this is done, it’s time to patch the Madwifi drivers. 4. This is where everything can be tricky. My wireless card (Linksys WPC55AG) uses the Atheros driver, which I needed to patch. If you have a different driver, you’re going to need to find out whether or not you need to patch your drivers, or if they’ll even work with the Aircrack suite. The forums at aircrack-ng.org are a good place to look and so is a google search. If you have an Atheros card, it will be called ath0 when you type iwconfig in the terminal window, or there will be a line that says Ethernet controller: Atheros Communications… when you type lspci in the terminal. 5. If you are using the Atheros driver, next we need to configure kismet to use the right source. If you are using another driver you’ll have to look up what syntax you use. First navigate to the Kismet config, /etc/kismet/kismet.conf, then change the source line. Change the line that begins with ’source=’ to ’source=madwifi_ag,ath0,madwifi’. Now reboot the computer. After it boots back up you should be able to access the internet again via your wireless card. 6. Now we can begin cracking. Open up a terminal window, enter monitor mode, and run kismet.

sudo airmon start ath0
sudo kismet

7. Locate the wireless network you want to crack, and note its ESSID and channel. Then exit by pressing Ctrl-C.

Next, run airodump.

sudo airodump filename ath0 channel# 1

The one at the end lets Airodump know we only want to capture IV’s. The filename can be anything you want, and will be saved in your home directory (or whatever directory you run the command from) as filename.ivs. 8. Copy the Essid of the wireless network from the airodump window by selecting it and pressing Shift+Ctrl+C. Open up a new terminal window so we can run aireplay to start injecting packets so our data count goes up. We want the data column in airodump to reach between 100,000 and 400,000. The more packets we have, the faster aircrack can find the WEP key. If the WEP key is 128 bits, we may need up to 1,000,000 packets.

sudo aireplay -3 -b BSSID -h 0:1:2:3:4:5 ath0

9. This should associate the network with the wireless connection. If it times out repeatedly, you need to be closer to the wireless router or change your interface rate by typing ’sudo iwconfig ath0 rate 1M’.

Next we want to start injecting packets.

sudo aireplay -1 0 -e ESSID -a BSSID -h 0:1:2:3:4:5 ath0

At first, it will only read packets, and say 0 ARP requests and 0 packets sent. Just wait a minute or two and it will start sending packets in large quantities. If it returns text that says it has been deauthorized, press Ctrl+C and run the command again. You can try to speed things up by entering this command:

sudo aireplay -0 ath0 -a BSSID ath0

Otherwise just sit back and wait. As soon as packets begin to be sent, the data field in Airodump should start flying. Wait until the desired number of packets have been recieved, then open a new terminal window and run aircrack.

sudo aircrack filename.ivs

10. After a minute, aircrack should return the WEP key. If it doesn’t, collect more packets.

References

http://aircrack-ng.org/doku.php?id=faq#which_is_the_best_card_to_buy

External links

http://packages.ubuntu.com/dapper/net/wifi-radar http://aircrack-ng.org/doku.php?id=faq#which_is_the_best_card_to_buy http://airdump.net/hacking-wifi-ultimate-ubuntu-guide