Backtrack 5 Manual Revolution with GNOME graphical environment for WEP key
Before entering the field, we must remember that this distribution, as its use depends on the user. These tools and the manual / tutorial are not designed for criminal purposes. Therefore the responsibility of the use made of it depends only on you. Make good use of this information.
The following steps have made a Crotalus USB 2000mW with 3070L Ralink Chipset. However, other compatible cards using these steps may also be valid, such as adapters Realtek 8187L chipset. We have used the latest version, the Backtrack 5 Revolution with the GNOME graphical environment.
- Update: For this method to work properly, there must be at least one client connected to the network that will be audited.
We use a program called Gerix Wifi Cracker. The program is in: BackTrack → Applications → Tools → Wireless Exploitation Exploitation Exploitation → WLAN → gerix-wifi-cracker-ng.
This is the main program screen.
Now we go to the Configuration tab:
The first step is to start the monitor mode wireless card to do that you click where it says:. Enable / Disable Monitor Mode will see that make us another network interface called mon0. This is what we use to decipher the key.
The second step is to scan the networks around us, for that we have to click on Scan Networks.
Observe how we appear several networks, first we put the target network.
Now that we have the chosen network headed to the WEP tab, here we have to choose the option: Start Sniffing and Logging.
We'll see how it opens a terminal with the network that we want to associate. The next step is to authenticate to perform the attack. For that we have to lead WEP Attacks (with clients) and clicking Associate With AP using fake auth.
We note that AUTH puts OPN column. That means that the authentication was successful.
Then we will make an attack on the chosen network, for that click on ARP request replay.
We'll see how other terminal is opened (the left in the picture). This terminal is injecting packets need to decipher the key number of the terminal #Data right increase, we can try to figure out the key from #Data 5000, although there is no exact number, it all depends the length of the key.
When we have enough #Data Cracking headed to the tab and click on Aircrack-ng - Decrypt WEP password If we are successful we will get the following screen.:
We quote some of the cards we've tested and that work perfectly with the steps that follow in this manual:
Obviously these are not the only compatible but these are among the best we've tested.