I have tried to explain each step and what goes with it for a clearer understanding of how this works. There are no screenshots, just a video at the end. Most of you will want to just jump to the video and be done with. Frankly, it’ll tell you what to do to hack an access point not how to. So I’d advise you to go through the text too. It’s not boring I promise
Lets first understand how wireless networks work. In case of a wired connection, it is the job of the router to send relevant information to the computers.
Suppose 5 computers are connected through a wired connection.
Computer 1 wants to access facebook, Computer 2 wants google.
The router sends data packets(IVs-Initialisation Vectors) that are relevant to facebook to Computer 1 and google to Computer 2.
But in case of a wireless connection this isn’t possible. In extremely simple terms, any information requested by a number of computers from a wireless router is simply thrown out into the air and caught by whichever computer needs it.
Now in the same 5 computer example, Computer 1 will recieve data packets from facebook as well as google but since it needs only facebook, it dumps packets coming from google.
Similarly Computer 2 keeps google and throws facebook.
In WEP (Wired Equivalent Privacy), each data packet has a part of the WiFi access point password in them(sub pass key). What is our job?
We pull out the different sub passkeys from a sufficient number of data packets apply permutations and combinations and find the right password.
We need access to the access point’s data packets to have the sub-passkeys.
By default, the computer keeps only those packets that are relevant to its request when connected to a network and receiving packets.
There are basically seven modes in which your computer can be wirelessly connected to a network.We need something that helps us keep as many packets as possible.
The default mode will definitely not allow this as it dumps packets the computer hasn’t asked for.
However, in promiscuous mode, the computer may keep all packets sent to it including information other computers asked for .The drawback is that we still need to be connected to the network in this mode to receive all packets. We are trying to hack this network, we aren’t connected to it yet!
The solution is monitor mode. This mode enables us to receive all packets from all wireless access points within range while being connected to just a single one of them.When we activate monitor mode, our computer begins to receive data packets from all access points.
Before you get down to executing the commands , have a look at this article: WiFi Hacking Pre-Requisites
Lets get to hacking the network.
So the steps finally,
Step 1:
We type airmon-ng to check which interfaces are up and running in the computer.
Step 2:
We see wlan0 is up. This is our default interface on the default mode. Let’s start monitor mode on this. Type in airmon-ng start wlan0
Step 3:
Type in airmon-ng again . We now see a new interface: mon0 . This kids, is the monitor mode.
Step 4:
Well since hacking is illegal and all, we gotta hide right. There is no IP here as we aren’t connected to the network we are hacking. The only way we can be traced is through our Mac Address. Not a problem. As we hackers here in India say ,Backtrack Zindabad
We can easily change our Mac Address. Type in the following sequence of commands:ifconfig mon0 down
macchanger -m 00:11:22:33:44:55 mon0
ifconfig mon0 up
The number 00:11:22:33:44:55 is a hexadecimal code that represents your spoofed Mac Address. This can be any value in the same format. It can have digits from 0-9 and letters from A-F.
Step 5:
Starting off on the real hacking (
)We gotta sniff what networks are available to hack.
Type in airodump-ng mon0 . This gives us all the networks/ access points available.
Step 6:
Choose a network, note down two things- the channel its running on and its bssid.
Next, we have to specifically sniff the network we want to crack. Here’s what you type in:
airodump-ng -c [Number] -w[String] –bssid[HexaDecimal] mon0
Now it gets a little complex. This particular command has various parameters associated with it.
-c [Number] —————— Specifies the channel the network is on. You will see the channel when you run the simple airodump command.
-w [String] ——————– Here you specify a filename in place of the string(I have specified WEP). This is the file that stores all the hacking you’re going to do and ultimately be cracked to tell you the password.
–bssid [Hexadecimal]——-This is where you specify the mac address of the router you are about to hack.
mon0—————————Almost all commands end with mon0 now since this is the interface you want to work with(Monitor Mode).
Step 7:
This gives you a list of the devices connected to the Access point we are cracking. Also it gives you a lot of other stuff that is useless for now except the #data column . You need this column to reach a value of 20000-30000 before you can really do something.
Step 8:
Why do we need 20-30k data packets? So we have enough data packets/IVs to apply combinations to and find the passkey.
Now we have two options. Wait it out . Hope someone has put a movie to download through uTorrent or some one is streaming a really long YouTube video.
Or.. OR,
We could do something hacker like to increase the data flow
Personally, I think its cool to do hacker things.
So here’s what we do, We make the router believe we are connected to it by hitting it with a fakeauth attack:
aireplay -1 0 -a [bssid of ap being cracked] -h [Your Computer’s Fake Mac] mon0 (open a new terminal/konsole/terminator window for this, let the airodump-ng run)
This makes the router momentarily believe that we are part of its privileged few. We take advantage of that to make it talk to us a lot(send data packets). Remember how your dad was real patient with you when you asked what a particular button in the car did 50 times? He told you each time as though it was the most normal thing in the world. Well a router is probably 64536 times more patient. We ask it to tell us our IP again and again and it tells us. Giving us vital IVs.
Step 9:
Here’s how:
aireplay-ng -3 -b[bssid of ap being cracked] -h [Your Computer’s Fake Mac] mon0
This gives a hell lot of IVs.
STEP JUDGEMENT DAY(Step 10 was just too mainstream)
Well, if you followed Sensei’s instructions to the word and were patient, Here’s your reward.
If not, well here it is but won’t work so no point. Anyway,
KAAAAMEEEEHAAAAAMEEEE HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Type this in :
aircrack-ng -b[bssid of ap being cracked] Filename-01.cap
As soon as you press enter, duck and roll to your left. Stand up, Do 50 squats. Now, take a peep at the screen.It will take approximately the amount of time it takes for the squats to hurt you for aircrack to crack your .cap file.You’ll see a wifi password.
Yeah. Free Surfing, No parental restrictions, No Bandwidth Tensions. If only it were legal to hack. Sigh.
Credits to Dhruv Pasricha-Tech Feast
Here’s the video:
No comments:
Post a Comment