You are on page 1of 2

Aircrack-2.

3 Windows (Wireless WEP


crack)
Aircrack is a set of tools for auditing wireless networks:

airodump: 802.11 packet capture program


aireplay: 802.11 packet injection program
aircrack: static WEP and WPA-PSK key cracker
airdecap: decrypts WEP/WPA capture files

Wireless Card Installation


1. Download Aircrack from http://100h.org/wlan/aircrack/
2. Read the documentation (README.html) and follow. It has the most comprehensive
explanation.
3. I have a CISCO Aironet 350 and PrismGT card (Corega WLCB-54GT) but only
CISCO works fine on Windows. PrismGT does not work on Windows. Aironet 350
works for 11b network.

How to capture (airodump)


1. Search WLANs. 0 to hop between channels.
2. > airodump.exe
3. airodump 2.3 - (C) 2004,2005 Christophe Devine
4.
5. usage: airodump [ivs only flag]
6.
7. Known network adapters:
8.
9. 18 Cisco Systems 350 Series PCMCIA Wireless LAN Adapter
10. 2 Intel(R) PRO/100 VE Network Connection
11. 3 1394 Net Adapter
12.
13. Network interface index number -> 18
14.
15. Interface types: 'o' = HermesI/Realtek
16. 'a' = Aironet/Atheros
17.
18. Network interface type (o/a) -> a
19.
20. Channel(s): 1 to 14, 0 = all -> 0
21.
22. (note: if you specify the same output prefix, airodump will resume
23. the capture session by appending data to the existing capture
file)
24.
25. Output filename prefix -> out
26.
27. (note: to save space and only store the captured WEP IVs, press y.
28. The resulting capture file will only be useful for WEP cracking)
29.
30. Only write WEP IVs (y/n) -> y
31. From this screen, you select the channel
32. BSSID PWR Beacons # Data CH MB ENC ESSID
33.
34. 00:0D:0B:98:96:7F 48 2 0 11 54 WEP? 4B18E8C83ABD
35. 00:A0:B0:40:5C:84 87 13 16 1 54 WEP HOGE
36.
37. BSSID STATION PWR Packets ESSID
38.
39. 00:A0:B0:40:5C:84 00:04:23:52:80:41 86 4 HOGE
40. Press Ctl+c. Next we will capture only channel 1 (ESSID HOGE), and specify only
caturing unique WEP IVs. It saves space.
41. BSSID PWR Beacons # Data CH MB ENC ESSID
42.
43. 00:A0:B0:40:5C:84 87 36 48 1 54 WEP HOGE
44.
45. BSSID STATION PWR Packets ESSID
46.
47. 00:A0:B0:40:5C:84 00:04:23:52:80:41 87 38 HOGE

How to crack (aircrack)


1. Open a new console, and type following command. Aircrack can read the updated file
automatically so you can run airodump and aircrack at the same time.
2. # aircrack.exe -x -0 out.ivs
3. For 104bit WEP needs about one million IVs. You may need one day or more time to
capture the packets. However if you use aireplay by airocrack on Linux and inject, you
need only few hours.
4. This is the result. It needed only a quarter a million. Aircrack can also run on Windows
but aireplay is not supported though.

Note: In my experience, using Aircrack is the best tool compare to others. Aircrack on Linux
supports packet injection which means we can increase the traffic, so we need only few hours
to capture sufficient packets. Otherwise you will need several days.

Here is other my reports.

CPU NIC Packet My


Tool OS Encryption 802.
usage Support injection recommendation
Airsnort Not
Windows High WEP 11b? Few Low
(note) supported
Airsnort Not
Linux High WEP 11b? Few Low
(note) supported
Not
Aircrack Windows Low WEP, WPA 11a/b/g Many Mid
supported
Aircrack
Linux Low WEP, WPA 11a/b/g Many Supported! Recommended!
(note)

You might also like