Author Topic: Hacking WEP with Backtrack4 Final and Airoscript  (Read 37386 times)

0 Members and 5 Guests are viewing this topic.

Offline iTpHo3NiX

  • EZ's Pirate Captain
  • Administrator
  • Titan
  • *
  • Posts: 2920
  • Cookies: 328
    • View Profile
    • EvilZone
Hacking WEP with Backtrack4 Final and Airoscript
« on: November 26, 2010, 06:35:30 am »
///////////////////////////////////////////////////////////////////////////////////////
Title: Hacking WEP with Backtrack4 Final and Airoscript
Paper by: iTpHo3NiX
///////////////////////////////////////////////////////////////////////////////////////

NOTE
When cracking the network from the screenshots, I had permission from my neighbor to pen test their wireless encryption and to write this paper. It is illegal to hack wireless networks without encryption, however if you would like to help secure your neighbors network (as I did and help him set up a MAC filter after this with a WPA2 encryption). Then take a look and show them this. Also hopefully this will also educate you in wireless security.

Method
The simplest way (and a good way to show potential customers how easy it is to actually hack their wireless networks) to hack a WEP encrypted network is using Backtrack4 Final with Airoscript. Airoscript utilizes the aircrack-ng suite to automate WEP/WPA hacking (although WPA, best thing to do is use it to capture the handshake file, go offsite and use John the Ripper to bruteforce, or cowpatty to run a dictionary attack against the handshake file).

Devices Used
  • HP G60 Laptop (Wireless is broadcomm and not really supported with aircrack)
  • Linksys WUSB54GC USB Wireless Adapter (very good for wifi penetration)
  • Backtrack4 Final Live DVD

Hint
With the final release of Backtrack4 there seems to be an error with Airoscript (just a very slight one) that requires you to navigate to the tmp directory after scan and change the extention of dump-01.cvs to dump-01.txt for airoscript to recognize the dump file to select which network you would like to attack.

The Process

Step One
Open the KDE Start Menu (after loading the desktop using startx) and navigate to "Backtrack-->Raido Network Analysis-->80211-->Cracking-->Airoscript"



Step Two
Select your screen resolution (I chose 4)

Step Three
Select your wireless device. In most cases its wlan0, however since I'm using my Linksys WUSB54GC its going to be wlan1 and when prompted to put device into monitor mode, select "y" for yes.



Step Four
Now you are at the main Airoscript page to select your options. Now normally option 9 which will go through the first three steps is not working out of the box with the final live cd (unless updated to the latest airoscript and the latest aircrack-ng suite) so we are manually going to go through the steps (however its still just as simple) So lets select option 1 to scan.



Step Five
The next page asks you if you would like to apply a filter, since this is a paper on WEP cracking then I am going to select a filter for WEP (option 3) then to select whether you want it to scan on a specific channel or to scan all channels (via Channle Hopping or option 1)



This will open up a new window that is now scanning for targets



Step Six
Once you've picked up a few networks and have a target you would like to attack (I would note the BSSID and the ESSID with multiple options so you go after ther proper network. Close the scanning window. Now as I stated before unless you have an updated Airoscript/aircrack-ng you will need to go to the temp folder and rename the dump-01.cvs to dump-01.txt To do this simply open Konqueror (right next to the KDE start menu) Click on "Home Folder" you will be in /root and then you will want to go up a folder to just / go into the tmp folder then go into the tmp.RANDOMCHARACTOR folder right click on dump-01.cvs and click rename, then change the extention to dump-01.txt and you can now close Konqueror and continue with Airoscript.

Step Seven
Now we select option 2 to simply select our target then you have a numbered list to select which network you would like to attack



Step Eight
Now I choose option 1 to select the associated client



Step Nine
Now we go for the attack so choose option 3, now this can vary for everyone, I personally choose option 1 which is a Fake authorization without user input (no need to select packets, a more automated attack)



Which will open up the following windows



Now I also like to run another attack at the same time, so select option 3 again, however this time I choose option 7 which is an ARP Replay which is again automatic so no user interaction.

Now its a waiting game and you will be having a window like this



Now this is just personal preference, you can start the cracking as soon as you get at least 1 ACK, however I like to wait until I get at least 100,000+ ACKs (usually 200,000+)

Step 10
Now its time for the actual cracking (option 4) So you select option 4, then option 1 at the following screen for a PTW crack and soon you will have the WEP encryption key like this



Tutorial by iTpHo3NiX of EvilZone.org This is for educational purposes ONLY and is not to be abused. Hopefully this will pursued people to change their wireless configuration to run a MAC filter with WPA2 to help their internet to not be stolen.
[09:27] (+lenoch) iTpHo3NiX can even manipulate me to suck dick
[09:27] (+lenoch) oh no that's voluntary
[09:27] (+lenoch) sorry

Offline shijinmrx

  • NULL
  • Posts: 1
  • Cookies: 0
    • View Profile
Re: Hacking WEP with Backtrack4 Final and Airoscript
« Reply #1 on: January 15, 2011, 03:58:55 pm »
i know its illegal to hack to a network n use it without there permissions..
But i hacked one of my friends wep networks.we had a bet for 50$..the problem is that when i connect..it is showing limited connectivity. when i looked upon the status..the default gateway appears to b 0.0.0.0..
so i thnk its not connected to the Router(it also shows unidentified network)..Please help me..
How to find the ip adress of the router..i can no way acess his computer or router...
i used bactrack to find WEP Key..

Offline ande

  • Owner
  • Titan
  • *
  • Posts: 2664
  • Cookies: 256
    • View Profile
Re: Hacking WEP with Backtrack4 Final and Airoscript
« Reply #2 on: January 15, 2011, 04:23:28 pm »
i know its illegal to hack to a network n use it without there permissions..
But i hacked one of my friends wep networks.we had a bet for 50$..the problem is that when i connect..it is showing limited connectivity. when i looked upon the status..the default gateway appears to b 0.0.0.0..
so i thnk its not connected to the Router(it also shows unidentified network)..Please help me..
How to find the ip adress of the router..i can no way acess his computer or router...
i used bactrack to find WEP Key..

Tried the default ones? :P 10.0.0.1 | 192.168.0.1

If those does not work, do a range scan on 10.0. and 192.168. and you should get something.
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true

Offline a12danrulz

  • /dev/null
  • *
  • Posts: 14
  • Cookies: 0
  • Learning more and more.
    • View Profile
Re: Hacking WEP with Backtrack4 Final and Airoscript
« Reply #3 on: January 16, 2011, 11:20:43 pm »
This is one HELL of a tut man! Time to hack into my own wifi network. Quick question though. Could this be done from VMware? I have mine set to share my laptops network and it's never asked for a password eventhough Im getting Internet from it and it shows up when I scan. Would I have to disconnect my laptop from the network first?

Offline FuyuKitsune

  • Knight
  • **
  • Posts: 292
  • Cookies: 21
    • View Profile
Re: Hacking WEP with Backtrack4 Final and Airoscript
« Reply #4 on: January 17, 2011, 03:37:08 am »
This is one HELL of a tut man! Time to hack into my own wifi network. Quick question though. Could this be done from VMware? I have mine set to share my laptops network and it's never asked for a password eventhough Im getting Internet from it and it shows up when I scan. Would I have to disconnect my laptop from the network first?
It should work from a VM. I know that VirtualBox puts the NIC in monitor mode to create a virtual card, I'm not so sure how VMware does it.


Really nice tut. I should get that USB wifi adapter, my stupid card doesn't support monitor/promiscuous without finding some old Linux drivers.
« Last Edit: January 17, 2011, 03:39:40 am by FuyuKitsune »

Offline a12danrulz

  • /dev/null
  • *
  • Posts: 14
  • Cookies: 0
  • Learning more and more.
    • View Profile
Re: Hacking WEP with Backtrack4 Final and Airoscript
« Reply #5 on: January 17, 2011, 03:12:55 pm »
Yeah I meant virtualbox. I hate autocorrect sometimes.

Offline iTpHo3NiX

  • EZ's Pirate Captain
  • Administrator
  • Titan
  • *
  • Posts: 2920
  • Cookies: 328
    • View Profile
    • EvilZone
Re: Hacking WEP with Backtrack4 Final and Airoscript
« Reply #6 on: January 18, 2011, 02:42:51 am »
It should work from a VM. I know that VirtualBox puts the NIC in monitor mode to create a virtual card, I'm not so sure how VMware does it.


Really nice tut. I should get that USB wifi adapter, my stupid card doesn't support monitor/promiscuous without finding some old Linux drivers.

http://www.newegg.com/Product/Product.aspx?Item=N82E16833124187&nm_mc=OTC-Froogle&cm_mmc=OTC-Froogle-_-Network+-+Wireless+Adapters-_-Linksys-_-33124187

;-) I love my card, works like a champ
[09:27] (+lenoch) iTpHo3NiX can even manipulate me to suck dick
[09:27] (+lenoch) oh no that's voluntary
[09:27] (+lenoch) sorry

Offline Ghat c0mrade2

  • NULL
  • Posts: 4
  • Cookies: 0
    • View Profile
Re: Hacking WEP with Backtrack4 Final and Airoscript
« Reply #7 on: March 01, 2011, 04:39:44 pm »
u copy/paste it
try to put the source next time  ;)
http://myhackingway.blogspot.com/2011/02/hacking-wep-with-backtrack4-final-and.html

btw nice tut

Offline ande

  • Owner
  • Titan
  • *
  • Posts: 2664
  • Cookies: 256
    • View Profile
Re: Hacking WEP with Backtrack4 Final and Airoscript
« Reply #8 on: March 01, 2011, 04:54:32 pm »
u copy/paste it
try to put the source next time  ;)
http://myhackingway.blogspot.com/2011/02/hacking-wep-with-backtrack4-final-and.html

btw nice tut

I highly doubt that.

Hacking WEP with Backtrack4 Final and Airoscript
« on: November 26, 2010, 06:35:30 am »

Saturday, February 12, 2011
Hacking WEP with Backtrack4 Final and Airoscript
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true

Offline iTpHo3NiX

  • EZ's Pirate Captain
  • Administrator
  • Titan
  • *
  • Posts: 2920
  • Cookies: 328
    • View Profile
    • EvilZone
Re: Hacking WEP with Backtrack4 Final and Airoscript
« Reply #9 on: March 01, 2011, 11:50:29 pm »
Lol I copy and pasted my own tut lol. I even posted this on the OLD evilzone!

http://evilzone.org/archive/new/tutorials/hacking-wep-with-backtrack-4-final-and-airoscript/

Hacking WEP with Backtrack 4 Final and Airoscript
« on: March 31, 2010, 04:12:13 am »

I posted that almost a year ago. They copy and pasted off of me :P

So thank you try again
[09:27] (+lenoch) iTpHo3NiX can even manipulate me to suck dick
[09:27] (+lenoch) oh no that's voluntary
[09:27] (+lenoch) sorry

Offline Satan911

  • VIP
  • Knight
  • *
  • Posts: 289
  • Cookies: 25
  • Retired god/admin
    • View Profile
Re: Hacking WEP with Backtrack4 Final and Airoscript
« Reply #10 on: March 02, 2011, 01:10:06 am »
I shall try it later today (If my backtrack live USB still works). This and easy tut.
Satan911
Evilzone Network Administrator

Offline LucaBrassi

  • NULL
  • Posts: 3
  • Cookies: 0
    • View Profile
Re: Hacking WEP with Backtrack4 Final and Airoscript
« Reply #11 on: June 19, 2011, 07:34:32 pm »
Can anyone give an updated source to download backtrack4 with airoscript because the links don't work and I could not find it when I searched with Google.

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: Hacking WEP with Backtrack4 Final and Airoscript
« Reply #12 on: June 19, 2011, 07:51:17 pm »
Use BackTrack5 instead. You can get it here: http://www.backtrack-linux.org/downloads/

Offline noob

  • Knight
  • **
  • Posts: 202
  • Cookies: 29
    • View Profile
Re: Hacking WEP with Backtrack4 Final and Airoscript
« Reply #13 on: June 20, 2011, 12:41:03 am »
Why dont do it more easy(Gerix is a part of Backtrack 4-5):


Offline ande

  • Owner
  • Titan
  • *
  • Posts: 2664
  • Cookies: 256
    • View Profile
Re: Hacking WEP with Backtrack4 Final and Airoscript
« Reply #14 on: June 20, 2011, 12:53:40 am »
Why dont do it more easy(Gerix is a part of Backtrack 4-5):



Come on, don't encourage click n hack software. Its just gay
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true