Basic Entry into a WEP Encrypted Network
By MagicSata
**DISCLAMER**
I am not responsible for what you do with this guide. Any maliious!illegal ati"ity that you
do# falls ompletely on you beause this is $ust for you to test the seurity of your own
networ%.
1. Getting the tools.
Download &a%tra% '. It an be found here(
http(!![Link])e*[Link]!ba%tra%+[Link]
,he rest of this guide will proeed assuming you downloaded &,'. I downloaded the CD
iso and burned it to a d. Insert your &,' d!usb dri"e and reboot your omputer into &,'.
I always load into the -rd boot option from the boot menu. ./ESA!0DE1 2ou only ha"e a
few seonds before it auto)boots into the 3st option so be ready. ,he 3st option boots too
slowly or not at all so always boot from the 4nd or -rd. E*periment to see what wor%s best
for you.
2. Preparing the victim network for attack
5ne in &,'# li% the tiny bla% bo* in the lower left orner to load up a 60onsole6
window. 7ow we must prep your wireless ard.
,ype(
airmon)ng
2ou will see the name of your wireless ard. .mine is named 6wlan861 9rom here on out#
replae 6wlan8 with the name of your ard.
,ype(
mahanger ))ma 88(33(44(--(''(:: wlan8
,hen(
airmon)ng start wlan8
;hat these steps did was to spoof .fa%e1 your ma address so that $ust in ase your
omputer is diso"ered by someone as you are brea%ing in# they will not see your real ma
address. ;e also $ust entered monitor mode on the <wlan8= so this will show <mon8= and
will be the fa%e interfae you use. Mo"ing on...
7ow it>s time to diso"er some networ%s to brea% into.
,ype(
airodump)ng mon8
7ow you will see a list of wireless networ%s start to populate. Some will ha"e a better
signal than others and it is a good idea to pi% one that has a deent signal otherwise it will
ta%e fore"er to ra% or you may not be able to ra% it at all.
5ne you see the networ% that you want to ra%# do this(
hold down trl and tap
,his will stop airodump from populating networ%s and will free?e the sreen so that you
an see the info that you need.
7ow find the networ% that you want to ra% and ma%e sure that it says the enryption for
that networ% is ;E@. If it says ;@A or any "ariation of ;@A then mo"e on...you an still
ra% ;@A with ba%tra% and some other tools but it is a whole other ball game and you
need to master ;E@ first.
5ne you>"e deided on a networ%# ta%e note of its hannel number and bssid. ,he bssid
will loo% something li%e this ))A 88(3A(B8(BB(4C(C3
,he Channel number will be under a heading that says 6CD6.
7ow# in the same 0onsole window# type(
airodump)ng ) .hannel1 )w .file name1 ))bssid .bssid1 ath8
the filename an be whate"er you want. ,his is simply the plae that airodump is going to
store the pa%ets of info that you reei"e to later ra%. 2ou don>t e"en put in an
e*tension...$ust pi% a random word that you will remember. I usually ma%e mine 6wep6
beause I an always remember it.
**Side 7ote( if you ra% more than one networ% in the same session# you must ha"e
different file names for eah one or it won>t wor%. I usually $ust name them wep3# wep4#
et.
5ne you typed in that last ommand# the sreen of airodump will hange and start to
show your omputer gathering pa%ets. 2ou will also see a heading mar%ed 6I/6 with a
number underneath it. ,his stands for 6Initiali?ation /etor6 but in noob terms all this
means is 6pa%ets of info that ontain lues to the password.6 5ne you gain a minimum of
:#888 of these I/>s# you an try to ra% the password. I>"e ra%ed some right at :#888
and others ha"e ta%en o"er E8#888. It $ust depends on how long and diffiult they made the
password.
7ow you are thin%ing# 6I>m srewed beause my I/>s are going up really slowly.6 ;ell#
don>t worry# now we are going to tri% the router into gi"ing us DF7DREDS of I/>s per
seond.
[Link] cracking the !P passwor"
7ow lea"e this 0onsole window up and running and open up a 4nd 0onsole window. In
this one type(
aireplay)ng )3 8 )a .bssid1 )h 88(33(44(--(''(:: mon8
,his will send some ommands to the router that basially ause it to assoiate with your
omputer e"en though you are not offiially onneted with the password. If this ommand
is suessful# you should see about ' lines of te*t print out with the last one saying
something similar to 6Assoiation Suessful ()16 If this happens# then goodG 2ou are
almost there. 7ow type(
aireplay)ng )- )b .bssid1 )h 88(33(44(--(''(:: mon8
,his will generate a bunh of te*t and then you will see a line where your omputer is
gathering a bunh of pa%ets and waiting on AR@ and AC0. Don>t worry about what these
mean...$ust %now that these are your meal ti%ets. 7ow you $ust sit and wait. 5ne your
omputer finally gathers an AR@ reHuest# it will send it ba% to the router and begin to
generate hundreds of AR@ and AC0 per seond. Sometimes this starts to happen within
seonds...sometimes you ha"e to wait up to a few minutes. Iust be patient. ;hen it finally
does happen# swith ba% to your first 0onsole window and you should see the number
underneath the I/ starting to rise rapidly. ,his is greatG It means you are almost finishedG
;hen this number reahes A, LEAS, :#888 then you an start your password ra%. It
will probably ta%e more than this but I always start my password ra%ing at :#888 $ust in
ase they ha"e a really wea% password.
7ow you need to open up a -rd and final 0onsole window. ,his will be where we atually
ra% the password. ,ype(
airra%)ng )b .bssid1 .filename1)[Link]
Remember the filename you made up earlierJ Mine was 6wep6. Don>t put a spae in
between it and )[Link] here. ,ype it as you see it. So for me# I would type wep)[Link]
5ne you ha"e done this you will see airra% fire up and begin to ra% the password.
typially you ha"e to wait for more li%e 38#888 to 48#888 I/>s before it will ra%. If this is
the ase# airra% will test what you>"e got so far and then it will say something li%e 6not
enough I/>s. Retry at 38#888.6 D57>, D5 A72,DI7KG It will stay running...it is $ust letting
you %now that it is on pause until more I/>s are gathered. 5ne you pass the 38#888 mar%
it will automatially fire up again and try to ra% it. If this fails it will say 6not enough I/>s.
Retry at 3:#888.6 and so on until it finally gets it.
If you do e"erything orretly up to this point# before too long you will ha"e the passwordG
now if the password loo%s goofy# dont worry# it will still wor%. some passwords are sa"ed in
ASCII format# in whih ase# airra% will show you e*atly what haraters they typed in
for their password. Sometimes# though# the password is sa"ed in DEL format in whih
ase the omputer will show you the DEL enryption of the password. It doesn>t matter
either way# beause you an type in either one and it will onnet you to the networ%.
,a%e note# though# that the password will always be displayed in airra% with a olon after
e"ery 4 haraters. So for instane if the password was 6seret6# it would be displayed as(
se(r(et
,his would ob"iously be the ASCII format. If it was a DEL enrypted password that was
something li%e 6890;C'4B/96 then it would still display as(
89(0;(C'(4B(/9
Iust omit the olons from the password# boot ba% into whate"er operating system you
use# try to onnet to the networ% and type in the password without the olons and prestoG
2ou are inG
It may seem li%e a lot to deal with if you ha"e ne"er done it# but after a few suessful
attempts# you will get "ery Hui% with it. If I am near a ;E@ enrypted router with a good
signal# I an often ra% the password in $ust a ouple of minutes.