Well folks, I can remember just a couple years ago reading in a hack book that 40% of secured wireless networks around were still using WEP. So things have obviously changed a bit in a very short time, but if you’ve done any war driving lately, you know that they are still around here and there. The following is a tutorial on how to get through this security… on your own WEP secured network in your own home, without bothering anyone, right? I will be using Backtrack 5 KDE 32bit for this tutorial.
Gerix Wifi Cracker NG (New Generation), a really complete GUI for Aircrack-NG which includes useful extras. Completely re-written in Python + QT, automates all the different techniques to attack Access Points and Wireless Routers. Currently it is available and supported natively by BackTrack and available on all the different Debian Based distributions (Ubuntu, etc..).
Here We Go:
1) To launch Gerix, open a terminal and type :
a) cd /usr/share/gerix-wifi-cracker-ng/
2) As you can see the screen shown below will appear, click on the Configuration tab.
3) Next to enable monitor mode, press on the Enable/Disable Monitor Mode button.
4) After setting up your monitor mode, click on Set Random Mac Address to spoof your MAC.
5) Next scroll down and click on the Refresh Network button. As you can see from the image below there is a list of networks for me to choose from. For this demonstration i am going after the WEP network keys of the Essid :NH2
6) To begin sniffing, click on the WEP tab followed by the Start Sniffing and Logging button.
7) What we are looking to achieve here is the collection of #Data packets, the more IV (Initialization Vector) packets we collect, the higher the chance of successfully cracking. Most programs recommend waiting till you reach 5000 or more packets before cracking but in all the time i have successfully cracked WEP, i have had to collect a minimum of 10-20k data packets.
8) I got impatient and attempted to start cracking after collecting 13k+ packets, Lets see if it works!
9) Now lets click on the Cracking tab followed by the Aircrack-ng Decrypt WEP password button.
a) Step 1, reading packets
b) Cracking failed, not enough IV packets, oh well…..life goes on. I am going for nap and will be back shortly.
10) After a decent nap, i came back to find 20k++ packets. Lets attempt a crack
11) Once again click on the Cracking tab followed by the Aircrack-ng Decrypt WEP password button.
a) Step 1, reading packets….fingers crossed!
b) Tada! Key Found! All that waiting paid off!
12) If you need to shut down you computer in the middle of sniffing and would like to continue later and not lose the IV packets. Go to the database tab & click on the save button.