HOW TO HACK A WIFI NETWORK =>

HOW TO HACK A WIFI NETWORK =>
So.. Here’s how we do it..1) First we need to scan foravailable wireless networks.Theres this great tool forwindows to do this.. called“NetStumbler” or Kismet forWindows and Linux and KisMacfor MacIt’ll also show how the Wi-finetwork is secured..The two most commonencryption types are:1. WEP2. WAPWEP i.e Wire Equivalent Privacyis not consideres as safe as WAPi.e Wireless ApplicationProtocol.WEP have many flaws thatallows a hacker to crack a WEPkey easily.. whereasWAP is currently the mostsecure and best option tosecure a wi-fi network..It can’t be easily cracked as WEPbecause the only way to retreivea WAP key is to use a brute-forceattack or dictionary atack.Here I’ll tell you how to CrackWEPTo crack WEP we will be usingLive Linux distribution calledBackTrack to crack WEP.BackTrack have lots ofpreinstalled softwares for thisvery purpose..The tools we will be using onBacktrack are:Kismet – a wireless networkdetectorairodump – captures packetsfrom a wireless routeraireplay – forges ARP requestsaircrack – decrypts the WEP keys1. First of all we have to find awireless access point along withits bssid, essid and channelnumber. To do this we will runkismet by opening up theterminal and typing in kismet. Itmay ask you for the appropriateadapter which in my case isath0. You can see your device’sname by typing in the commandiwconfig.

2. To be able to do some of thelater things, your wirelessadapter must be put intomonitor mode. Kismetautomatically does this and aslong as you keep it open, yourwireless adapter will stay inmonitor mode.3. In kismet you will see the flagsY/N/0. Each one stands for adifferent type of encryption. Inour case we will be looking foraccess points with the WEPencryption. Y=WEP N=OPEN0=OTHER(usually WAP).4. Once you find an access point,open a text document and pastein the networks broadcastname (essid), its mac address(bssid) and its channel number.To get the above information,use the arrow keys to select anaccess point and hit <ENTER> toget more information about it.5. The next step is to startcollecting data from the accesspoint with airodump. Open up anew terminal and startairodump by typing in thecommand:airodump-ng -c [channel#] -w[filename] –bssid [bssid][device]In the above commandairodump-ng starts theprogram , the channel of youraccess point goes after -c , thefile you wish to output the datagoes after -w , and the MACaddress of the access point goesafter –bssid. The command endswith the device name. Make sureto leave out the brackets.6. Leave the above running andopen another terminal. Next wewill generate some fake packetsto the target access point so thatthe speed of the data output willincrease. Put in the followingcommand:aireplay-ng -1 0 -a [bssid] -h00:11:22:33:44:55:66 -e [essid][device]In the above command we areusing the airplay-ng program.The -1 tells the program thespecific attack we wish to usewhich in this case is fakeauthentication with the accesspoint. The 0 cites the delaybetween attacks, -a is the MACaddress of the target accesspoint, -h is your wirelessadapters MAC address, -e is thename (essid) of the targetaccess point, and the commandends with the your wirelessadapters device name.7. Now, we will force the targetaccess point to send out a hugeamount of packets that we willbe able to take advantage of byusing them to attempt to crackthe WEP key. Once the followingcommand is executed, checkyour airodump-ng terminal andyou should see the ARP packetcount to start to increase. Thecommand is:aireplay-ng -3 -b [bssid] -h00:11:22:33:44:5:66 [device]In this command, the -3 tells theprogram the specific type ofattack which in this case ispacket injection, -b is the MACaddress of the target accesspoint , -h is your wirelessadapters MAC address, and thewireless adapter device namegoes at the end.8. Once you have collectedaround 50k-500k packets, youmay begin the attempt to breakthe WEP key. The command tobegin the cracking process is:aircrack-ng -a 1 -b [bssid] -n 128[filename].ivsIn this command the -a 1 forcesthe program into the WEP attackmode, the -b is the targets MACaddress, and the -n 128 tells theprogram the WEP key length. Ifyou don’t know the -n , thenleave it out. This should crack theWEP key within seconds. Themore packets you capture, thebigger chance you have ofcracking the WEP key.