Thanks Maz! You’re a lifesaver. I spent a while trying to do this with russix and I couldn’t get it. (Crazy mother-in-law is too cheap to buy internet, she moved, and her new place only has encrypted signals…luckily WEP)

Good tut. Next you might want to share with your readers about packet injection and Kismet for sniffing. I don’t know if they bundle Kismet with BT3 now but I know it was in BT2. Thanks

@Registered99 Thanks for pointing out the mistake, the actual command is macchanger and I’m updating the post as I write this. Goodluck!

I personally do not worry if someone hack into my route go online. What worry me are when the intentions are further, break into my desktop or use my connection do bad things which would got me a surprise knock on the door by FBI. This is a darn good reason I remain connect with troublesome hard wired or the stick to old router b version.

@justgeig if there are active clients on an AP with a hidden SSID, you can usually see it when running airodump-ng by comparing the MAC of the hidden AP with the MAC on packet captures. So generally, it doesn’t offer much more security. Might just be a speed bump in some situations.

i have done exactly as you told my wifi chipset is Intel® PRO/Wireless 3945ABG.

problem is after i use

airplay-ng -3 -b [bssid] -h 00:11:22:33:44:66 [device]

i get no packets from my access point. then i use:

aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b [bssid] -h 00:11:22:33:44:66 [device]

after this i get many packets but like 50000 packets has only 1 IV.

the access point im testing on is Dynalink_Datron.

Hope someone can help

@jones hey, check out the following site for more information about Interactive Packet Replay: http://www.aircrack-ng.org/doku.php?id=interactive_packet_replay

Hopefully that will give you a little more background and assist you in your efforts. Goodluck!

“aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b [bssid] -h 00:11:22:33:44:66 [device]”

If you use interactive packet replay, wouldn’t you need to capture a lot more than just 20,000 packets in order to successfully attempt to crack? As far as I know what you’ll be capturing wont be ARP packets, so the PWT method will not work for you. You’ll probably need to capture about 1,500,000 IVS before having a good chance of getting the key. Or am I mistaken?

This tutorial is wonderful and worked for me!

This line however needed the following changes to work for me.

before:
airodump-ng -c [channel] -w [network.out] –bssid [bssid] [device]

after:
airodump-ng -c [channel] -w [network.out] -–bssid [bssid] [device]

for atheros based chipsets use ath_pci in place of the numbers for the modprobe command. I also had to remove the -r to get it to load- BUT I have no idea what I’m doing yet

Hope this helps someone

can ill use my wifi wireless network kaart that in my laptop ??

Take note of your wireless adapter’s interface name. Then stop the adapter by issuing:

airmon-ng down [interface]

what is the interface
i all i can find is the divice name.

i get the error ‘host name lookup failure’

i think this is why my #data is staying at zero and beacon is at like 30000

great tut. i have also question, or 3 problems? 1.)well after this step : aireplay-ng -3 -b bssid -h 00:11:22:33:44:55 (device) there is a lot of read packets (100 000), but there is no ARP and ACKs requests, and data is 0, or just a few maybe 3 or 4 or 4 etc.
so what’s problem?
2)also, a lot of times this step don’t work: aireplay-ng -10 -a bssid -h 00:11:22:33:44:55 -e essid (device), after that there is no Authentication successful and Association successful. 3.problem is next. after this aireplay-ng -3 -b bssid -h 00:11:22:33:44:55 (device), there is no ARP and ACKs so, with another laptop i tried to connect on the same secure network, and then started ARP and ACK..but there is no data rising, only when i tried to conect with another laptop, then data rising, but when i stop, also Data stops. and after maybe 50 000 od IV’s i can’t crack becouse that+s not enough of IV’s. have you any solution what can i do?

how to increase the speed of injecting packets ??
the #data colums doesnt rise very fast after injecting packets … it would take around 4 hours to rise to about 10000 packets…how to make it risee faster ??

i am using an intel3495 card ….

Can i run BackTrack 3 in windows Vista? please tell me how. Thanks.

Nice job on the tutorial. I am having some trouble with the airmon-ng and airodump-ng. The apps start but are not finding any data and seem unstable. The first few times they did find some networks. But now they don’t find anything. I have the same Centrino wireless card cited in the tutorial. Kismet is working fine and finding many networks. Any help would be appreciated. Z.

For all of you people asking about ifconfig, it’s not

ifconfig down [interface]

is

ifconfig [interface] down

have a good day ;)

thx m8, great tutorial, although I had some problems with it after few hours playing with it I succeeded in hacking WEP key of desired network…once again many thx 2 u and browncardboard how wrote version for my card, based on Atheros chipset.

What Backtrack version specifcally? 3 beta? or 3 final?

I’m asking because I downloaded 3 final from the link you provided for CD version and when it boots it’s not live, its just a terminal, and it works fine until I have to open a new shell, which I can’t or don’t know how to do.

So in essence I’m wondering if my download is corrupt or if I downloaded the wrong version.

Hi all, I’m trying to inject packets for increase de data captures (for crack the wep key), however the number ofd data never increase, I tried using the aireplay-ng command mentioned above with 3 APs (no mac filtering) and it didn’t work.
Thanks for your help

ok i understand the program and had no problem using it on my desktop but having a huge issue with it on my laptop…im guessing that my Intel(R) Wireless Wifi Link 5100 chipset is not compatible unless there is something i can do to fix it. Can someone recommend a external wireless card that i can use in my express card slot on my laptop, if so i would appreciate if you would drop me an email at generalj14@yahoo.com

i got stuck at:
aireplay-ng -1 0 -a 00:00:00:00:00:00 -h 00:11:22:33:44:66 -e XXXXX ath0

response:
18:13:29 Waiting for beacon frame (BSSID: 00:00:00:00:00:00) on channel 1
For the given BSSID “00:00:00:00:00:00″, there is an ESSID mismatch!
Found ESSID “XXXX’X” vs. specified ESSID “XXXXX”
Using the given one, double check it to be sure its correct!
18:13:30 ath0 is on channel 1, but the AP uses channel 9

any idea on what to do?

hi there.

Thanks for this tutorial great job.
However it is a great tutorial, i would have few problems, and i would really appreciate if someone could help me.

First of all there are few type mistake in the tutorial.
It says ifconfig down interface but the correct is ifconfig interface down.
No im not smart ass, but it took me 2 hours to reealize thats why i got the error message:)

On the other hand for some reason i cannot capture packages. I mean, i can see the traffic, but when i try to generate traffic there, basically nothing happen. Everything seems working fine but the packages dont seem like growing. does anyone can help me regarding this?

I have tried this command : aireplay-ng -1 0 -a [bssid] -h 00:11:22:33:44:66 -e [essid] [device]
it is successful but when i try to use this: airplay-ng -3 -b [bssid] -h 00:11:22:33:44:66 [device]

OOOOORRRRRR this

aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b [bssid] -h 00:11:22:33:44:66 [device]

seems like the numbers are growing but not the IVs data is keep counting paintfully slow. like 2 value up in an hour.

It would be appreciated if someone could help me what to do and how to do.

Cheers

gomika

Maz said,

11-16-2008 in 13:26:17 at 208.120.217.126 @guest
…. You are obviously not going to crack WEP for any legitimate security purpose.

————————————————–

What do you think most people do with this tutorial? 99% chance that people crack WEP for illegal purpose… I don’t understand your reasoning!

Hi commasbug,

Can you help me with this ?
I have no ARP. I receiving many packets and data , but the ARP is still 0

thx

Hmm, disregard that comment. It’s right there…. Hehehe

I have an intel Pro/wireless 2915abg in a dell latitude D610 and when I typr modeprobe -r iwl2195 I get Module not found.