Manual 5 Revolution Backtrack with GNOME graphical environment for WEP key
Before entering the field, we must remember that this distribution, its use depends on the user. These tools and the manual / tutorial is not designed for criminal purposes. Thus the responsibility of the use made of it, depends only on you. Make good use of this information.
The following steps we have done with a USB Crotalus Ralink 3070L Chipset 2000mW with. However, using other cards supported these steps could also be valid, such as adapters Realtek 8187L chipset. We used the latest version, the Backtrack 5 Revolution with GNOME graphical environment.
- Update: For this to work correctly, you must be at least one client connected to the network that we audited.
We use a program called Wifi Cracker Gerix. The program can be found at Applications → BackTrack → Tools → Wireless Exploitation → Exploitation → Exploitation WLAN Gerix-wifi-cracker-ng.
This is the main screen.
Now we go to the Configuration tab:
The first step is to start the monitor mode wireless card to do that we click where it says: Enable / Disable Monitor Mode. We will see that we create another network interface called mon0. This is what we use to decrypt the key.
The second step is to scan the networks around us, for that we have to click on Scan Networks.
Note how we are several networks, we first target network.
Now that we have chosen network we address the WEP tab, here choose the option: Start Sniffing and Logging.
We'll see how it opens a terminal with the network you want to bind us. The next step is to authenticate to perform the attack. For that we have to run WEP Attacks (with clients) and click on Associate with AP using fake auth.
We note that the AUTH column puts OPN. That means that the authentication is successful.
Then we will have a network attack is chosen, for that press in ARP request replay.
We will see how to open another terminal (on the left in picture). This terminal is the injected packets in order to decrypt the key we need the number of # Data from the terminal to the right increases, we can try to find the key from the 5000 # Data, although there is no exact number, it all depends the length of the key.
When we have enough # Data we went to the Cracking tab and click on Aircrack-ng - Decrypt WEP password. If we succeed we will get the following screen:
We quote some of the cards we've tested and work perfectly with the steps we take in this manual:
Obviously these are not the only compatible but these are the best we've tested.