Friday, October 23, 2015

cracking wireless wep router encryption

Recently I noticed one of my neighbor router encryption is using WEP and I thought maybe to spend sometime to aircrack it. Googling shown many articles that teach you on how to gain access to wireless router that using WEP as the encryption standard. In this article, I mainly reference this article and running this on my linux workstation.

With that said, let's begin. Install aircrack-ng package that contain essentials applications that sniff the air traffic and crack it.

 root@localhost:~# apt-get install aircrack-ng  
 Reading package lists... Done  
 Building dependency tree      
 Reading state information... Done  
 The following packages were automatically installed and are no longer required:  
  libgee2 libmono-2.0-1 libmono-2.0-dev libmono-accessibility4.0-cil libmono-c5-1.1-cil libmono-cecil-private-cil libmono-codecontracts4.0-cil  
  libmono-compilerservices-symbolwriter4.0-cil libmono-cscompmgd8.0-cil libmono-custommarshalers4.0-cil libmono-db2-1.0-cil libmono-debugger-soft2.0a-cil  
  libmono-debugger-soft4.0a-cil libmono-entityframework-sqlserver6.0-cil libmono-entityframework6.0-cil libmono-http4.0-cil libmono-ldap2.0-cil  
  libmono-ldap4.0-cil libmono-management2.0-cil libmono-management4.0-cil libmono-messaging-rabbitmq2.0-cil libmono-messaging-rabbitmq4.0-cil  
  libmono-messaging4.0-cil libmono-microsoft-build-engine4.0-cil libmono-microsoft-build-framework4.0-cil libmono-microsoft-build-tasks-v4.0-4.0-cil  
  libmono-microsoft-build-utilities-v4.0-4.0-cil libmono-microsoft-build2.0-cil libmono-microsoft-build4.0-cil libmono-microsoft-visualc10.0-cil  
  libmono-microsoft-web-infrastructure1.0-cil libmono-microsoft8.0-cil libmono-npgsql2.0-cil libmono-npgsql4.0-cil libmono-opensystem-c4.0-cil  
  libmono-oracle2.0-cil libmono-oracle4.0-cil libmono-parallel4.0-cil libmono-peapi2.0a-cil libmono-peapi4.0a-cil libmono-profiler libmono-rabbitmq2.0-cil  
  libmono-rabbitmq4.0-cil libmono-relaxng2.0-cil libmono-relaxng4.0-cil libmono-sharpzip2.6-cil libmono-simd2.0-cil libmono-simd4.0-cil  
  libmono-system-componentmodel-composition4.0-cil libmono-system-componentmodel-dataannotations4.0-cil libmono-system-configuration-install4.0-cil  
  libmono-system-data-datasetextensions4.0-cil libmono-system-data-linq4.0-cil libmono-system-data-services-client4.0-cil  
  libmono-system-data-services2.0-cil libmono-system-data-services4.0-cil libmono-system-design4.0-cil libmono-system-drawing-design4.0-cil  
  libmono-system-dynamic4.0-cil libmono-system-identitymodel-selectors4.0-cil libmono-system-identitymodel4.0-cil  
  libmono-system-io-compression-filesystem4.0-cil libmono-system-io-compression4.0-cil libmono-system-json-microsoft4.0-cil libmono-system-json2.0-cil  
  libmono-system-json4.0-cil libmono-system-ldap-protocols4.0-cil libmono-system-ldap2.0-cil libmono-system-ldap4.0-cil libmono-system-management4.0-cil  
  libmono-system-messaging4.0-cil libmono-system-net-http-formatting4.0-cil libmono-system-net-http-webrequest4.0-cil libmono-system-net-http4.0-cil  
  libmono-system-net2.0-cil libmono-system-net4.0-cil libmono-system-numerics4.0-cil libmono-system-reactive-core2.2-cil  
  libmono-system-reactive-debugger2.2-cil libmono-system-reactive-experimental2.2-cil libmono-system-reactive-interfaces2.2-cil  
  libmono-system-reactive-linq2.2-cil libmono-system-reactive-observable-aliases0.0-cil libmono-system-reactive-platformservices2.2-cil  
  libmono-system-reactive-providers2.2-cil libmono-system-reactive-runtime-remoting2.2-cil libmono-system-reactive-windows-forms2.2-cil  
  libmono-system-reactive-windows-threading2.2-cil libmono-system-runtime-caching4.0-cil libmono-system-runtime-durableinstancing4.0-cil  
  libmono-system-servicemodel-activation4.0-cil libmono-system-servicemodel-discovery4.0-cil libmono-system-servicemodel-routing4.0-cil  
  libmono-system-servicemodel-web4.0-cil libmono-system-servicemodel4.0a-cil libmono-system-serviceprocess4.0-cil  
  libmono-system-threading-tasks-dataflow4.0-cil libmono-system-web-abstractions4.0-cil libmono-system-web-dynamicdata4.0-cil  
  libmono-system-web-extensions-design4.0-cil libmono-system-web-extensions4.0-cil libmono-system-web-http-selfhost4.0-cil  
  libmono-system-web-http-webhost4.0-cil libmono-system-web-http4.0-cil libmono-system-web-mvc1.0-cil libmono-system-web-mvc2.0-cil  
  libmono-system-web-mvc3.0-cil libmono-system-web-razor2.0-cil libmono-system-web-routing4.0-cil libmono-system-web-webpages-deployment2.0-cil  
  libmono-system-web-webpages-razor2.0-cil libmono-system-web-webpages2.0-cil libmono-system-windows-forms-datavisualization4.0a-cil  
  libmono-system-windows-forms4.0-cil libmono-system-windows4.0-cil libmono-system-xaml4.0-cil libmono-system-xml-serialization4.0-cil  
  libmono-tasklets2.0-cil libmono-tasklets4.0-cil libmono-webbrowser4.0-cil libmono-webmatrix-data4.0-cil libmono-windowsbase3.0-cil  
  libmono-windowsbase4.0-cil libmono-xbuild-tasks2.0-cil libmono-xbuild-tasks4.0-cil libmonoboehm-2.0-1 libmonoboehm-2.0-dev libmonosgen-2.0-1  
  libnunit-cil-dev libts-0.0-0 libts-0.0-0:i386 libupower-glib1 linux-image-amd64 mono-2.0-service mono-4.0-service mono-csharp-shell mono-jay mono-utils  
  mono-xbuild monodoc-base monodoc-browser monodoc-manual python-gtksourceview2 python3-packagekit tsconf  
 Use 'apt-get autoremove' to remove them.  
 The following extra packages will be installed:  
  ieee-data  
 The following NEW packages will be installed:  
  aircrack-ng ieee-data  
 0 upgraded, 2 newly installed, 0 to remove and 523 not upgraded.  
 Need to get 1,244 kB of archives.  
 After this operation, 5,914 kB of additional disk space will be used.  
 Do you want to continue? [Y/n] Y  
 Get:1 http://cdn.debian.net/debian/ unstable/main aircrack-ng amd64 1:1.2-0~beta3-4 [435 kB]  
 Get:2 http://cdn.debian.net/debian/ unstable/main ieee-data all 20141019.1 [809 kB]  
 Fetched 1,244 kB in 5s (228 kB/s)   
 Selecting previously unselected package aircrack-ng.  
 (Reading database ... 325525 files and directories currently installed.)  
 Preparing to unpack .../aircrack-ng_1%3a1.2-0~beta3-4_amd64.deb ...  
 Unpacking aircrack-ng (1:1.2-0~beta3-4) ...  
 Selecting previously unselected package ieee-data.  
 Preparing to unpack .../ieee-data_20141019.1_all.deb ...  
 Unpacking ieee-data (20141019.1) ...  
 Processing triggers for man-db (2.7.0.2-5) ...  
 Setting up aircrack-ng (1:1.2-0~beta3-4) ...  
 Setting up ieee-data (20141019.1) ...  

okay, the package installed successfully. Next you need to turn the wireless interface to monitor mode and so the interface can intercept any wireless traffic nearby.


As you can read above, I have stop network-manager and so my interface will not automatically connect to my wireless router. In this example, I use one of my wireless interface for this learning adventure. Once the wireless interface is turned into monitor mode, you can start to dump the air traffic using the command airodump-ng .




Identify any wireless router that use WEP encryption protocol, and then start another terminal to write all these traffics into a tcpdump file. You can do that using the command airodump-ng -c 6 -w data-capture wlan0 .


Next, you can inject (send traffic) more packets to the identified router using aireplay . As you can see below, I experiment with a few aireplay parameter and you should too.




If your neighbour WEP wireless router is an active users, airodump-ng should be able to capture sufficient of initialization vectors(IVs) for your next aircrack command. I suggest you leave over few hours to collect maybe 10k of IVs and run this tcpdump capture with a powerful cpu.



That's it. Good luck, have fun and be good.



No comments:

Post a Comment