theDisclaimer v1.0disclaimer: This article is for informational and educational purposes only. Hacking into a private security enable wireless network is illegal and is not the intent of this article.
With the advent of Wifi technology and the use of 802.11x it is very likely that your Wifi enabled device (laptop, pda, etc.) lights up like the 4th of July when you power it on. Many Wifi networks are not secured to begin with (not because users don’t see the relevance, rather because end-users are typically oblivious to the security ramifications of having an open door into their own private networks). In today’s technology age, where malicious users are around every corner, more and more people are seeing the benefits of security. For most end-users, with little or no computer experience, setting up wireless networks is as simple as going to the nearest brick and mortar (i.e., Bestbuy) and having an in-house technician (i.e., Geek Squad) come out to your place of residence and setting up your wireless router. Although most of these individuals will not leave you completely vulnerable to malicious users on the Internet, they will however take the easiest route to create a perception of security. Most of these technicians will recommend that you should set up wireless security and their first line of defense is always WEP key encryption. The explanation of Wired Equivalent Privacy (WEP) is beyond the scope of this article; click here if you would like to read more about this technology. Security in any sense (whether it be network security, application security, etc.) is best when layered, and simply creating a single point of failure is not always “best practice”. This article will discuss how to crack WEP encryption using an open source to utility called Airowizard. Airowizard is a GUI enabled utility (written on top of CommView) that will allow you to crack or recover a lost or misplaced WEP key. Although this utility seems like a very useful tool, in the wrong hands it can provide malicious users the ability to crack your WLAN security in a matter of minutes. First you need to install the Commview driver that is included in the .rar file shown above (verify if your wirless device is compatible from the CommView site).
Start Airowizard and refresh/enable your Wifi adapter you just installed in the “Adapter List and MAC Changer”.
Click the ”Monitor Mode” tab. Under the “Airserv-ng” section click the Debug mode check box and click the “Start Airserv-ng” button.
A command prompt will appear and ask you to verify the adapter, type ‘Y’ for yes and click enter.
Next, click “Start Airodump-ng” button under the Airodump-ng initial scan section. You will see a list of available networks. Click Ctr+C to stop the scan and note the following information; 1) Channel, 2) MAC, and 3) SSID.
On the AP details and Airodump-ng tab enter the Channel, MAC, and SSID in the appropriate fields and click “Start Autodump-ng”.
On the Authentication and packet replay\injection tab click the “advanced” checkbox under the Fake Authentication section and apply when the dialogue box appears. Next click “Authenticate”. Wait until an association is successful (this should appear in a command prompt after you click the Authenticate button).
Next, click the Fragmentation button to retrieve an XOR stream (that is what we want). Note this XOR stream (unique number). After you have successfully retrieved an XOR stream, you want to create an ARP packet by clicking the “Create Packet” button. A dialogue box will appear asking for a file name, you want to name it so it’s easily identifiable (I like to name it the SSID).
Next, click Inject and select the file you just created.
You will notice that it is bombarding the AP with data packets at the rate of 5000 ppm.
Refresh your Airodump-ng under the AP details and Airodump-ng tab to show the number of received packets. Wait 5-10 minutes until the AP has received 50,000 packets (no less). Once this has occured click Ctrl+C to stop Airodump-ng. When you stop this process Airowizard will have created 2-3 dump files with a .cap extension.
Close out all other command prompts (do not close AiroWizard).
Under the WEP crack\recovery tab, under “WEP crack” click the ellipse to select your dump files.
Click “Start Aircrack-ng” (DO NOT check Disable PTW).
If you have done everything successfully, Airowizard should crack WEP in a matter of seconds.
Test your WEP key by trying to authenticate to the wireless network.
So what’s the point of this article? The point of this article is not to breed hackers; it’s to prove a point. Security is best dealt in layers. In today’s technology centric society, where many can be victims of identity theft or fraud, we need to take a proactive stance in protecting our data and intangible assets. Ask questions, don’t be naive and most importantly take added measure to protect what is most important to you.
Author: Andy Yeun
With the advent of Wifi technology and the use of 802.11x it is very likely that your Wifi enabled device (laptop, pda, etc.) lights up like the 4th of July when you power it on. Many Wifi networks are not secured to begin with (not because users don’t see the relevance, rather because end-users are typically oblivious to the security ramifications of having an open door into their own private networks). In today’s technology age, where malicious users are around every corner, more and more people are seeing the benefits of security. For most end-users, with little or no computer experience, setting up wireless networks is as simple as going to the nearest brick and mortar (i.e., Bestbuy) and having an in-house technician (i.e., Geek Squad) come out to your place of residence and setting up your wireless router. Although most of these individuals will not leave you completely vulnerable to malicious users on the Internet, they will however take the easiest route to create a perception of security. Most of these technicians will recommend that you should set up wireless security and their first line of defense is always WEP key encryption. The explanation of Wired Equivalent Privacy (WEP) is beyond the scope of this article; click here if you would like to read more about this technology. Security in any sense (whether it be network security, application security, etc.) is best when layered, and simply creating a single point of failure is not always “best practice”. This article will discuss how to crack WEP encryption using an open source to utility called Airowizard. Airowizard is a GUI enabled utility (written on top of CommView) that will allow you to crack or recover a lost or misplaced WEP key. Although this utility seems like a very useful tool, in the wrong hands it can provide malicious users the ability to crack your WLAN security in a matter of minutes. First you need to install the Commview driver that is included in the .rar file shown above (verify if your wirless device is compatible from the CommView site).
Start Airowizard and refresh/enable your Wifi adapter you just installed in the “Adapter List and MAC Changer”.
Click the ”Monitor Mode” tab. Under the “Airserv-ng” section click the Debug mode check box and click the “Start Airserv-ng” button.
A command prompt will appear and ask you to verify the adapter, type ‘Y’ for yes and click enter.
Next, click “Start Airodump-ng” button under the Airodump-ng initial scan section. You will see a list of available networks. Click Ctr+C to stop the scan and note the following information; 1) Channel, 2) MAC, and 3) SSID.
On the AP details and Airodump-ng tab enter the Channel, MAC, and SSID in the appropriate fields and click “Start Autodump-ng”.
On the Authentication and packet replay\injection tab click the “advanced” checkbox under the Fake Authentication section and apply when the dialogue box appears. Next click “Authenticate”. Wait until an association is successful (this should appear in a command prompt after you click the Authenticate button).
Next, click the Fragmentation button to retrieve an XOR stream (that is what we want). Note this XOR stream (unique number). After you have successfully retrieved an XOR stream, you want to create an ARP packet by clicking the “Create Packet” button. A dialogue box will appear asking for a file name, you want to name it so it’s easily identifiable (I like to name it the SSID).
Next, click Inject and select the file you just created.
You will notice that it is bombarding the AP with data packets at the rate of 5000 ppm.
Refresh your Airodump-ng under the AP details and Airodump-ng tab to show the number of received packets. Wait 5-10 minutes until the AP has received 50,000 packets (no less). Once this has occured click Ctrl+C to stop Airodump-ng. When you stop this process Airowizard will have created 2-3 dump files with a .cap extension.
Close out all other command prompts (do not close AiroWizard).
Under the WEP crack\recovery tab, under “WEP crack” click the ellipse to select your dump files.
Click “Start Aircrack-ng” (DO NOT check Disable PTW).
If you have done everything successfully, Airowizard should crack WEP in a matter of seconds.
Test your WEP key by trying to authenticate to the wireless network.
So what’s the point of this article? The point of this article is not to breed hackers; it’s to prove a point. Security is best dealt in layers. In today’s technology centric society, where many can be victims of identity theft or fraud, we need to take a proactive stance in protecting our data and intangible assets. Ask questions, don’t be naive and most importantly take added measure to protect what is most important to you.
Author: Andy Yeun