Guide To Hacking A Wireless Network Home (Or Wep Key Commentexploserune) Windows

WEP KEY DECRYPTION OF WINDOWS
(XP OR 2000)
By Sebastian Maisse
Document dated November 10, 2005
Decrypting a WEP key in Windows by Sebastian Maisse Document created 10-11-2005
- Last Updated 11-11-2005
Contents
Preamble: ................................................ .....................
............................. ........................................ 3 Downloa
d Winaircrack :............................................. ...................
............................... ......... 3 Launch Winaircrack :................
.................... .................................................. ........
................. 4 Decrypting WPA-PSK, a key :............... .................
................................. .................................... 28 Conclu
sion :........... .................................................. ...........
....................................... ......................... 36
Preamble
Welcome to this document is intended to introduce you to the manipulation to cra
ck a WEP key in a Windows environment (XP or 2000 see 98). In this document, I w
ill use the program Winaircrack which is actually a graphical interface for prog
rams airodump, aircrack.
WARNING, THIS DOCUMENT IS PROVIDED AS EDUCATIONAL. IN NO EVENT, YOU ARE AUTHORIZ
ED TO PUT IN PRACTICE THIS TECHNIQUE ON A NETWORK WHICH YOU WILL NOT OBTAINED PR
IOR TO THE AGREEMENT, THE OWNER.
In my case, I performed the test on my wireless network staff, it is up to an ac
cess point, Linksys brand. Regarding the material used to listen to the wireless
network, I used a key brand Sagem WL5061S model (a key supplied with the livebo
x wanadoo home). Before beginning the test, if you want to perform this action,
you can use the live CD (Linux) named WHAX. In addition, a tutorial on the manip
is available at the following URL: http://www.tuto-fr.com/tutoriaux/tutorial-cr
ack-wep-aircrack.php
Download Winaircrack:
In terms of Winaircrack, which I recall is a GUI for aircrack and airodump progr
ams, which the author is Hexanium is available at the following URL: http://www.
subagora.com/subagora/navigate . php? cmd = soft_detail & ret = 1 & soft_id = 13
2 In this case, we will download the full version of Winaircrack (the complete p
ackage), it will not need to download Aircrack extra. http://www.subagora.com/Wi
nAircrack/download/WinAircrackPack.zip Moreover, one can also download the progr
am WlanDrv the same author: http://www.subagora.com/WinAircrack/download/WlanDrv
.zip
- Updated 11-11-2005
Launch Winaircrack:
Before Winaircrack launched, it decompresses the file "WlanDrv.zip" which will p
rovide information on the USB adapter or wireless network card that we will use.
Information about the usb wifi WL5061S Sagem model.
If you have an adapter / wireless network card using a Prism, there is a strong
chance that you had to go your way.
The information about a usb adapter model WUSB54G Linksys brand. Note: The adapt
er has been tested without success, during a second test ... Decrypting a WEP ke
y in Windows by Sebastian Maisse Document created 10-11-2005 - Last Updated 11-1
1-2005
Once the card information or your network adapter retrieved, you can now decompr
ess the file contents "WinAircrackPack.zip" then you run the main program "WinAi
rcrack.exe. You will get a window similar to below:
General tab window.
Here are the windows of tabs WEP, Advanced, and About ...
Wep tab window (above), the Advanced tab window (below).
Window tab About.
The visit made the tabs, we start by listening to our wireless network. To do th
is go to the General tab. Then click on the link "click here to get a capture fi
le. What effect will display the following:
As you can see,Âthere are various links available on a case that presents itsel
f to you. In theory, you should follow the steps in the following order: 1. Gett
ing a drivers 'WildPackets' which are available at the following URL: http://www
.wildpackets.com/support/downloads/drivers 2. Install the driver "WildPackets' o
n its windows. 3. Launch the utility Airodump 4. Return to the Treaty for Winair
crack capture file.
In this case, I have no worries do not concern me in steps 1 and 2. So I went di
rectly to Step 3 which is "captured" data packets through the program Airodump.
Here I therefore takes into consideration that you have completed the necessary
steps 1 and 2 ... before proceeding further in this document. If this is the cas
e, we can continue. First, I choose the network interface that I use for listeni
ng to the network realized.
Select the network interface by the USB key Sagem (choice number 13).
I press the Enter key to confirm my choice.
I chose this type of interface, namely the pilots 'generic' catch that will be u
sed.
My choice is a key for that I will use.
This is valid only if your hardware is working with its drivers "generic", other
wise you will have taken care to install the driver "WildPackets' appropriate fo
r your card / adapter.
Here, we choose the channel that will listen .. it goes 1-14. 0 to listen to all
available channels automatically.
0 to listen to all channels.
If you know the channel that is used by the network ... In this case, you can sp
ecify it directly instead of 0.
We determine the name of the output file that will be used for recorded data cap
ture.
Here, I set the output file name "nomdufichierdesortie.
I decide if my file is intended only in the context of cracking a WEP key. In th
is case, it is the case so I answered Y (yes = yes)
I answered it and I press the Enter key.
If all went well you should Airodump throwing wave listening ...
BSSID: MAC address of access point (known as XX: XX: XX: XX: XX: XX). CH: Channe
l used (example: 11). DATA: Number of packages that have been circulating on the
network. ENC: Type of encryption used (in this case WEP). ESSID: Wireless Netwo
rk Name (eg WIFIDEMO).
Remember: 3 BSSID information are needed, CH, ESSID.
If instead Airodump posted a screen similar to the one below:
I got error with the USB adapter Linksys.
This means that the adapter or the wireless card used is not compatible with the
PEEK protocol. So, you are advised to install a driver to correct this. Go ahea
d, we have our catch which is being shown as our capture below:
As you can see here, I have a little more than 400,000 packets recovered.
That said, I am still far short of what is to crack a key with a size of 128 bit
s. To decrypt a key to 64bit, I need about 300,000 packets (or IVs). To decrypt
a 128-bit encryption, I need about 1 million packets (or IVs). That said, if you
have a wireless network that will not generate as much traffic it can take a wh
ile before reaching the proper amount of package. To this solution, either you'r
e patient ... and you let it. Whether you use software that allows packet inject
ion on the network. Under windows, there are 2 software available depending on w
hether you use a card / adapter Atheros chipset or Prism. For cards with Atheros
chipset: CommView for WiFi Tamos society. Website: http://www.tamos.com / produ
cts / commwifi / For cards with a Prism: Packet Generator AirGobbler Tucasoftwar
e society. Official website: http://www.tuca-software.com/transmit.php For my pa
rt, given the fact that I was on my home network, I made some file transfers to
allow me to reach the minimum of one million IVs captured.
1 million packets captured.
That said, I have started to launch the calculation of the key while continuing
to capture new package.
So while on my window open Airodump, I went back Winaircrack. To do this, click
on the link "Click here to return to Winaircrack" in the "Capture Files".
This has the advantage of allowing the return to the program while leaving the w
indow open Airodump.
Once back in Winaircrack, and wish to begin unraveling the WEP key. I have provi
ded the following information in the General tab window:
Type key encryption: WEP (default). Name of the AP (ESSID): here, I put WIFIDEMO
. AP MAC Address (BSSID): XX: XX: XX: XX: XX: XX I also have to provide the file
or files that are harvest to use for cracking the key. To do this, I click on t
he button is then selected the file with the extension. Ivs we will use, attenti
on, by default, the extension. Headland is selected. And you click on Open.
And finally you click on the button to add our file to the list of capture files
. You should have a result similar to this:
If you want to delete from the list of files capture a file, you press this in m
ind, we now launched the Aircrack will allow us to discover the WEP key. To do t
his you click on the button
What effect will launch a window like this:
As we can see, the capture file contains 1,021,950 IVs.
Airodump top of captured spirits, aircrack right spirit to unscramble. Decryptin
g a WEP key in Windows by Sebastian Maisse Document created 10-11-2005 - Last Up
dated 11-11-2005
After a moment sooner or later you'll take to other things, we can have two answ
ers to decrypt the WEP key. Let first bad news ...
In this case, there is not a significant number of IVs ... Therefore, we must co
ntinue to listen to the network. Either the answer is positive, it is happiness
...
KEY FOUND! No doubt ...
Note that in my case, the initial response was negative, insufficient number of
package.
Also, I enabled an option in the tab Wep ...
I put the MAC address filter.
What to uncovered the WEP key in 2 minutes 06 seconds on a laptop with a Pentium
IV at 2 GHz with a total of just over 1.4 million IVs.
Note the WEP key in a corner office.
That is, if everything went well for you as you should have discovered your WEP
key.
You can leave now and Aircrack Airodump pressing the CTRL and C simultaneously.
Having now we have the WEP key of wireless network, we will wish to establish a
connection on it. 1: the network that you want to connect is DHCP, in this case
the IP will be provided to me and besides, there is no MAC address recognition.
2: the network that you want to connect is DHCP, but an acknowledgment of the cl
ient's MAC address is enabled. 3: the network that you want to connect is in sta
tic IP, in this case, it must determined the IP range used by the network. Moreo
ver, there is no MAC address recognition. 4: The network to which you want to co
nnect is in static IP, in this case, it must determined the IP range used by the
network. Moreover, there is a MAC address recognition. To change your MAC addre
ss you can use the program EtherChange which is available at the following URL:
http://ntsecurity.nu/downloads/etherchange.exe
EtherChange in action ...
The MAC address that I created will be active but before I take off the card or
adapter to accommodate the new MAC address.
You must enter the MAC address without separation ":" that is to say like this:
XXXXXXXXXXXX If you want to restore the original MAC address of the card is simp
le, choose 2 Go back to the built-in ethernet address of thermal network adapter
, do not forget the latter for disabled activated again the old MAC address. For
my part I just had to replace the MAC address of my USB adapter for a wireless
network connection in view of the fact that DHCP is enabled.
The MAC address that I used was noted in the capture file while listening to the
network. To do this take a look at the file with the same name as your file. Iv
s.
If you're in the situation where the DHCP is not enabled or there is none, and t
herefore he will have determined the network address. To do this, we will need a
network sniffer ... Ethereal is good in this area. Official website: Ethereal h
ttp://www.ethereal.com Once installed if not already done. Launch Ethereal is go
to the menu Edit / Preferences, then in the IEEE 802.11 Protocol section, there
you go back the WEP key was discovered. Check first "Assume packets Have FCS" .
.. then in the WEP key # 1 to return the key.
Click the OK button.
Here, go to the Capture menu / Options and configured like this: Choose the netw
ork interface that will be used, here the key Sagem. Select "Capture packets in
promiscuous mode" if not already done so. Uncheck "Enable MAC name resolution".
Check "Enable network name resolution". Check that "Update list of packets in re
al time" and "Automatic scrolling in live capture" is well checked. Then start t
he capture by clicking the Start button.
You should have a lot of motion, allowing you to identify the network address.
A filter that lets you find most interesting queries in this case is (bssid == w
lan.bssid of ap) & & (TCP) Request that you enter in the Filter field.
In this case, the access point IP is 192.168.0.20
From there, it only remains to connect to the network equipped with a hand on th
e WEP key and also a valid IP for the network. Note: In many cases the address i
s either 192.168.0.x or 192.168.1.x is the address type used most frequently on
the wireless network equipment.
Decryption of WPA-PSK key:
Further to decrypt the WEP key, I wanted to test the decryption key to a WPA-PSK
. For a description of what a WPA key on the following link: http://fr.wikipedia
.org/wiki/WPA That said, I configured a Linksys WAG54G via the web administratio
n page is available the IP 192.168.1.1. SSID: WIFIDEMO - Wireless Channel: 10 -
Security mode: WPA Pre-shared WPA Algorithms: TKIP - WPA pre-shared key: W0I1F2I
3D4E5M6O
This done, I save the change and I am looking to Winaircrack to start working. F
irst of all I am setting up airodump.
An information exchange relative to the configuration I had done a snapshot for
WEP. Here the question "Only write WEP IVs (y / n), I answered n (no = no). What
effect will record all the data ... therefore my capture file will be of a size
larger. In my case, at the end of the capture, the file size presented a 1.4 GB
to 2.7 million packets. Furthermore, the extension is. Cap and no. Ivs as befor
e with WEP.
The setup made, I started catching ...
Here is my access point I set all-and-by (WIFIDEMO). We see that it uses WPA enc
ryption and it communicates on channel 10.
Being in a wireless network running for the event and therefore may not generate
much traffic, I used all the software first AirGobbler Packet Generator Tucasof
tware society that I discussed in the part concerning WEP. This software allowed
me to generate traffic, but minutes later I had the idea to use the software th
at usually iperf can test the usable bandwidth on a network. Iperf is available
at the following URL: http://www.noc.ucf.edu/Tools/Iperf/ So I used both as a se
rver on a workstation and as a client on the another position. iperf server side
: iperf-s client-side iperf: iperf-c 192.168.1.100-t 1000 t = 1000-MB or 1 GB of
data transfer This can then be quickly generate a substantial number of packets
a few minutes after transfer.
A little more than 400,000 packages ..
After 20-30 minutes, I reached the minimum number package for a key of this type
.
A little more than 1 million packets.
What in the Absolute was a good start to begin in parallel decryption of the key
WPA-PSK. So I went back to Winaircrack. There, I selected the type of encryptio
n key, in this case WPA-PSK, I returned the ESSID (WIFIDEMO) and BSSID (XX: XX:
XX: XX: XX: XX). Furthermore, I chose the capture file that I used.
To add the catch: you click on the button
then click the button
.
From there I went to the window tab WPA to add a dictionary that will be used to
crack the passphrase I made when configuring my Linksys.
The dictionaries are not supplied with Winaircrack cons but share the link "Clic
k here for an online dictionary is available. One of the url's where you find di
ctionaries is: http://ftp.se.kde.org/pub/security/tools/net/Openwall/wordlists/
For my part, I downloaded the complete dictionary ( 11 MB) bearing the name "all
.tgz", so the content is a file all.lst (42MB) and this will give you a dictiona
ry for multiple languages and specific dictionaries. Once chosen my dictionary,
I have started Aircrack ... By clicking on the button
For information, the passphrase may have a size between 8-63 characters. The dic
tionary contains over all.lst 4 million words. Aircrack Loading ...
We see the time spent and the number of key tested. Furthermore, we have the pas
sphrase (current passphrase) that is currently being tested. Note that the passp
hrase to decrypt the encryption type WPA-PSK ... this is very random, or the pas
saphrase is not a word about the life of every day, or a name of a person, there
will be little chance that the latter is in a dictionary. This could cause seve
ral hours of computing time for nothing. Conversely, if the passphrase is of typ
e name or word used frequently, you'll have great chance to discover it. For my
part, even with the dictionary of 4 million words, after 2:30, I dropped the exe
rcise, since the passphrase was not generic type (word or name, etc. ...). I rec
all that in this case I had to put W0I1F2I3D4E5M6O passphrase, which was not, I
presume in the dictionary that I downloaded.
As usual, I did work together and Airodump Aircrack simultaneously.
For information, when I stopped the calculation of the passphrase, I got 2.7 mil
lion packages.
If I put a passphrase might be in one of the dictionaries that are available, we
would get a screen similar to the one below:
KEY FOUND! What happiness ... Hence, it remains only to do as the WEP key, once
you get past that, it integrates the network. For the record, I got KEY FOUND ma
king a dictionary file with a few words "bogus" and the passphrase I configured
the Linksys. Note that a Linux program (WPA cracker) for decryption of WPA-PSK p
assphrase is available at the following URL: http://www.tinypeap.com / pdf / wpa
_cracker.html
Conclusion
Here, I hope that this document has enabled you to apply the decryption key wep
see the WPA-PSK key for your wireless network. As you probably noticed, WEP is e
asily deciphered, to the contrary, WPA-PSK passphrase that if properly configure
d (a65g8hD9j2d style) can take more time before being discovered. If you have qu
estions / suggestions about this document, I encourage you to contact me either
by e-mail to thecyberseb@hotmail.com or by leaving a message on the forum which
is at the following URL: http:// forum.monserveurperso.com For more papers on va
rious subjects, made a trip to the url below ... http://tutorial.monserveurperso
.com Thank you for taking the time to read this :-) Thanks to the author of this
tutorial (Link below) that inspired my tutorial. http://www.tuto-fr.com/tutoria
ux/tutorial-crack-wep-aircrack.php

Guide To Hacking A Wireless Network Home (Or Wep Key Commentexploserune) Windows

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Guide To Hacking A Wireless Network Home (Or Wep Key Commentexploserune) Windows

Uploaded by

Copyright:

Available Formats

WEP KEY DECRYPTION OF WINDOWS

You might also like