SIGN IN TOP STORIES LATEST STORIES SATURDAY, SEP 1, 2012

TIPS AND DOWNLOADS FOR GETTING THINGS DONE

DIY Conv ert V ideo Files Into Comic Book Sty le Ebooks for Offline Reading WEEKENDHACKER Make Y our Computer More SelfSufficient This Weekend BY GINA TRAPANI
Share Like

WI-FI

How to Crack a Wi-Fi Networks WEP Password with BackTrack

You already know that if you want to lock down your Wi-Fi network, you should opt for WPA encryption because WEP is easy to crack. But did you know how easy? Take a look.
open in browser PRO version

OCT 28, 2011 9:30 AM

5.3k

4,853,004

469

MOTIVATION A Better Way to Practice

GET OUR TOP STORIES FOLLOW LIFEHACKER

Like

VIRTUALIZATION How to Run Mac OS X Inside Windows Using V irtualBox LIFEHACKER U Plan Y our Free Online Education at Lifehacker U: Fall Semester

478,865 people like this. Sign Up to see what your friends like.

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

Note: This post demonstrates how to crack WEP passwords, an older and less often used network security protocol. If the network you want to crack is using the more popular WPA encryption, see our guide to cracking a Wi-Fi network's WPA password with Reaver instead. Today we're going to run down, step-by-step, how to crack a Wi-Fi network with WEP security turned on. But first, a word: Knowledge is power, but power doesn't mean you should be a jerk, or do anything illegal. Knowing how to pick a lock doesn't make you a thief. Consider this post educational, or a proof-of-concept intellectual exercise. Dozens of tutorials on how to crack WEP are already all over the internet using this method. SeriouslyGoogle it. This ain't what you'd call "news." But what is surprising is that someone like me, with minimal networking experience, can get this done with free software and a cheap Wi-Fi adapter. Here's how it goes.

201 2 QUANTIFIED SELF Use Gmail and Google Docs to Easily and Quickly Track Any thing WOLFRAM ALPHA Wolfram Alphas Facebook Report Analy zes Ev ery Dark Corner of Y our Facebook Activ ity SECURITY Heres Ev ery where Y ou Should Enable Two-Factor Authentication Right Now SECURITY How Secure Are Y ou Online: The Checklist ASK LIFEHACKER How Can I Build a Quiet, LowPowered Home File Serv er? COMMUNICATION Y oure Not Listening

What You'll Need

Unless you're a computer security and networking ninja, chances are you don't have all the tools on hand to get this job done. Here's what you'll need: A compatible wireless adapterThis is the biggest requirement. You'll need a wireless adapter that's capable of packet injection, and chances are the one in your computer is not. After consulting with my friendly neighborhood security expert, I purchased an Alfa AWUS050NH USB adapter, pictured here, and it set me back about $50 on Amazon. Update: Don't do what I did. Get the Alfa AWUS036H, not the US050NH, instead. The guy in this video below is using a $12 model he bought on Ebay (and is even selling his router of choice). There are plenty of resources on getting aircrack-compatible adapters out there . A BackTrack Live CD. We already took you on a full screenshot tour of how to install and use BackTrack 3, the Linux Live CD that lets you do all sorts of security testing and tasks. Download yourself a copy of the CD and burn it, or load it up in VMware to get started. A nearby WEP-enabled Wi-Fi network. The signal should be strong and ideally people
open in browser PRO version
Are you a developer? Try out the HTML to PDF API

PRODUCTIVITY Lift Keeps Y ou On Track, Helps Y ou Master Seinfelds Productiv ity Method MOTIVATION The Right Way to Speak to Y ourself

pdfcrowd.com

are using it, connecting and disconnecting their devices from it. The more use it gets while you collect the data you need to run your crack, the better your chances of success. Patience with the command line. This is an ten-step process that requires typing in long, arcane commands and waiting around for your Wi-Fi card to collect data in order to crack the password. Like the doctor said to the short person, be a little patient.

PRODUCTIVITY Work Less to Get More Done

Crack That WEP

To crack WEP, you'll need to launch Konsole, BackTrack's built-in command line. It's right there on the taskbar in the lower left corner, second button to the right. Now, the commands. First run the following to get a list of your network interfaces: airmon-ng The only one I've got there is labeled ra0. Yours may be different; take note of the label and write it down. From here on in, substitute it in everywhere a command includes (interface). Now, run the following four commands. See the output that I got for them in the screenshot below.

RESUMES Turn Work Ex periences into Measurable Achiev ements on Y our Resume FOR WHAT ITS W Remains of the Day : The iOS App Store Gets a Big Redesign PROGRESS Look At Y ourself Objectiv ely

QUOTABLES Geniuses Are Made, Not Born

COOKING HACKS Caramelize Onions in 1 5 Minutes Flat CLEVER USES Clean Up Broken Glass with a Potato CAREER CareerBliss Measures How Happy Y ou Are in Y our Job, Finds Y ou a Happier One HIGHLIGHTS This Weeks Most Popular Posts: August 25th to 31 st

airmon-ng stop (interface) ifconfig (interface) down macchanger --mac 00:11:22:33:44:55 (interface) airmon-ng start (interface) If you don't get the same results from these commands as pictured here, most likely your network adapter won't work with this particular crack. If you do, you've successfully
open in browser PRO version
Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

"faked" a new MAC address on your network interface, 00:11:22:33:44:55.

HIVE FIVE CALL F Best Audio Editing Application?

DOWNLOADS Headphones Automatically Downloads, Processes, and Conv erts Any Music Y ou Want

Now it's time to pick your network. Run: airodump-ng (interface) To see a list of wireless networks around you. When you see the one you want, hit Ctrl+C to stop the list. Highlight the row pertaining to the network of interest, and take note of two things: its BSSID and its channel (in the column labeled CH), as pictured below. Obviously the network you want to crack should have WEP encryption (in the ENC) column, not WPA or anything else. Like I said, hit Ctrl+C to stop this listing. (I had to do this once or twice to find the network I was looking for.) Once you've got it, highlight the BSSID and copy it to your clipboard for reuse in the upcoming commands.

ANDROID Play Play station Games on Y our Rooted Nook Simple Touch DISCUSSIONS OF What makes y our commute easier?

Now we're going to watch what's going on with that network you chose and capture that information to a file. Run:
open in browser PRO version
Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

airodump-ng -c (channel) -w (file name) --bssid (bssid) (interface) Where (channel) is your network's channel, and (bssid) is the BSSID you just copied to clipboard. You can use the Shift+Insert key combination to paste it into the command. Enter anything descriptive for (file name). I chose "yoyo," which is the network's name I'm cracking.

You'll get output like what's in the window in the background pictured below. Leave that one be. Open a new Konsole window in the foreground, and enter this command: aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid) (interface) Here the ESSID is the access point's SSID name, which in my case is yoyo. What you want to get after this command is the reassuring "Association successful" message with that smiley face. You're almost there. Now it's time for:

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 (interface) Here we're creating router traffic to capture more throughput faster to speed up our crack. After a few minutes, that front window will start going crazy with read/write packets. (Also, I was unable to surf the web with the yoyo network on a separate computer while this was going on.) Here's the part where you might have to grab yourself a cup of coffee or take a walk. Basically you want to wait until enough data has been collected to run your crack. Watch the number in the "#Data" columnyou want it to go above 10,000. (Pictured below it's only at 854.) Depending on the power of your network (mine is inexplicably low at -32 in that screenshot, even though the yoyo AP was in the same room as my adapter), this process could take some time. Wait until that #Data goes over 10k, thoughbecause the crack won't work if it doesn't. In fact, you may need more than 10k, though that seems to be a working threshold for many.

Once you've collected enough data, it's the moment of truth. Launch a third Konsole window and run the following to crack that data you've collected:
open in browser PRO version
Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

aircrack-ng -b (bssid) (file name-01.cap) Here the filename should be whatever you entered above for (file name). You can browse to your Home directory to see it; it's the one with .cap as the extension. If you didn't get enough data, aircrack will fail and tell you to try again with more. If it succeeds, it will look like this: The WEP key appears next to "KEY FOUND." Drop the colons and enter it to log onto the network.

Problems Along the Way

With this article I set out to prove that cracking WEP is a relatively "easy" process for someone determined and willing to get the hardware and software going. I still think that's true, but unlike the guy in the video below, I had several difficulties along the way. In fact, you'll notice that the last screenshot up there doesn't look like the othersit's because it's not mine. Even though the AP which I was cracking was my own and in the same room as my Alfa, the power reading on the signal was always around -30, and so the data collection was very slow, and BackTrack would consistently crash before it was complete. After about half a dozen attempts (and trying BackTrack on both my Mac and PC, as a live CD and a virtual machine), I still haven't captured enough data for aircrack to decrypt the key.
open in browser PRO version
Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

So while this process is easy in theory, your mileage may vary depending on your hardware, proximity to the AP point, and the way the planets are aligned. Oh yeah, and if you're on deadline Murphy's Law almost guarantees it won't work if you're on deadline. To see the video version of these exact instructions, check out this dude's YouTube video.

Got any experience with the WEP cracking courtesy of BackTrack? What do you have to say about it? Give it up in the comments.

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

Contact Gina Trapani:

DISCUSSIONS

COMMENT

FACEBOOK

TWITTER ALL

FEATURED

Discussion now closed.

evilegg2000

25 Oct 2010 1:09 PM

My wi-fi is completely open. It makes my life easier and I figure I would notice the guy sitting on my lawn. prom oted by freedom weasel freedomweasel @evilegg2000
open in browser PRO version
Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

@evilegg2000: Y ou computer can save your wifi passwords. Y ou only need to type it in once. xaronax @evilegg2000 @evilegg2000: Enjoy that kiddie porn that a random person driving by your house uploads to your computers right before they call the FBI. kellanpan @evilegg2000 @evilegg2000: It's really easy to put a password on your router, and as freedomweasel mentioned, that's all you'll ever have to do. paravorheim @evilegg2000 @evilegg2000: Right now, as we speak, I can access the router from 2 houses down from me. I'm fairly positive they can't see me on their lawn. evilegg2000 @freedomweasel @freedomweasel: I have to remember what it is when one of my friends stops by with his laptop, iPod... and wants to go online. freedomweasel @evilegg2000 @evilegg2000: Sticky note on the router. If you give out your password to everyone who asks, it does no harm to have it written down on the router. It'll still keep the random neighbor from hogging bandwidth. aliskaba @evilegg2000 @evilegg2000: Sweet, time to go connect and try out firesheep!

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

blue_solace @evilegg2000 @evilegg2000: With the right antenna, a person can be more than a mile away and steal your bandwidth. senshikaze @freedomweasel @freedomweasel: also your traffic will be encrypted. the advantage to using wpa is not to keep mooches off, it is to encrypt your traffic. prom oted by freedom weasel acutelyaware @evilegg2000 @evilegg2000: if you live on a property that has enough land for neighbours to not pick it up, then yeah id keep it open. i hate the time i waste trying to remember the password for friends.
prom oted by tchrm an3 5

tkuhl87 @evilegg2000 @evilegg2000: and with WPA you can just create some easy to remember phrase like say your address, or lyrics or something like that. Simple, easy to remember and very secure. For fun I've accessed open routers and added a password, or blocked very specific websites like Google...sick sense of humor I guess, but there are far more nefarious things someone could do. guyston @evilegg2000 @evilegg2000: Used to take this view and it is pretty good providing you live remotely but I opted for a password recently because I was suspicious of my pesky neighbours. jddf @evilegg2000 @evilegg2000: What about the guy that is 1 mile away siffing your traffic to steal your identity. I does happen to real people. Secondly make it something easy like your phone number.
open in browser PRO version
Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

[www.ihacked.com] Salax is dealing with the redesign @evilegg2000 @evilegg2000: Just set your WPA password to "EvilEgg2000" or something. It's secure, and you'll always remember it. tchrman35 @acutelyaware @acutelyaware: People, if it's that much trouble to remember a short passphrase, and if sticky notes aren't your thing, buy some printable Business Cards, throw down 100 of them, and put them in a little business card holder in your kitchen junk drawer. I think you can go overboard with security, but I still throw the deadbolt when I'm away or asleep. It doesn't mean I don't trust my neighbors. It does mean I am willing to believe there might be people out there who care more about their wants/needs than about my safety/property rights. Just secure the network. Or be prepared to live with the consequences, should they bite you. freedomweasel @senshikaze @senshikaze: Very true. For some reason I always focus on people stealing bandwidth. jeffeb3 @freedomweasel @freedomweasel: I put it on my fridge. I large print that can be read from across the room. My friends still ask for the password (because they can't read I guess). Joel @freedomweasel @freedomweasel, et al: If you don't care about sharing internet, and just want encryption, and don't want to forget the password, make the SSID something like PWis(Insert Password Here).
open in browser PRO version
Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

No stickies, no remembering, easy! And you can turn on AP isolation if you're not sharing across the router. (Sorta - draw a network graph as always, helps you figure stuff out.) zakany001 @evilegg2000 @evilegg2000: I hope you don't mind me changing your router's settings, because I will do so to keep my children from bypassing my home network. SmarchHare @xaronax This comment shows up on any discussion of open wifi. Has this ever happened in the history of ever? belch @zakany001 Just because my wifi is open, does not mean my router is set to the default password. In fact it is not. If you want me to block your mac addresses, just let me know and I'll do it for you. RossLH @evilegg2000 A friend showed me how to leave a network free of password protection, yet still protected from unauthorized access. It was set up such that anyone could connect to the router, but they had no access to the internet or the other computers on the network. When someone tried to connect, the administrator would get a popup on their computer saying [computer name] is trying to connect to [network name], and from there you could give them access or deny it. Once they had access, they never had to ask again. Astrogirl @evilegg2000 Ours is too, but since we live in the woods a quarter mile away from anyone, I figured we were safe. Alas, distance isn't a viable security strategy for everyone.
open in browser PRO version
Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

IAmMarchHare @SmarchHare @SmarchHare [o.seattletimes.nwsource.com]

Edited by IAm MarchHare at 1 0/2 8/1 1 3 :3 4 PM

Make Y our Computer More SelfSufficient This Weekend

Watch Dan Rather Say Farewell to Recapping The New sroom, The Best Show Ev er Created

"I May Hav e A Small Dick, But I Hav e Big Fucking Balls": The Unsentimental Education Of A Harv ard Football Play er

The Cosplay Of PAX: Day One

Week In Rev iew 8/31

Best of the Week: August 25-31 , 201 2

$1 .1 Million Worth Of Ferraris Left In Foreclosed Warehouse Now For Sale

The RoomTemperature Cocktail Y ou Will Swear Is Ice Cold

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

A bou t

Help

Jobs

Leg a l

Pr iv a cy

Per m ission s

A dv er t isin g

Su bscr ibe

Sen d a t ip

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com