Password Based Attack (THC Hydra)

Password is a secret word that is used for authentication or proves your identity, password is a foundation of security for most computer or computer networks. Usually a normal user do not know the importance of password, many users choose the simplest
password such as a pet’s name to help them remember it.

Nowadays, many services use cryptography technique to secure their information, cryptography is the art of secret communication, by using cryptography techniques you can secure your password and make your password difficult to crack.

There is a different techniques to crack passwords below are the example of different techniques.

Guessing

This is an old but simplest method that an attacker used to crack passwords, as i told earlier that a normal user do not know the importance of password and a normal user do not care about passwords, many of the people use very weak passwords such as their pet’s name, lover name, friend or relative, phone numbers or passport numbers etc.
If your password is so weak than an attacker who knows you personally can easily guess your password, so be careful while choosing your passwords. If an attacker does not you personally so he/she uses some of social engineering technique to get your personal information.

Dictionary Based Attack

Dictionary attack happen when an attacker create a wordlist(a dictionary) which contains some commonly used passwords, name of places, common names, and other commonly used words. To avoid this type of attack you must choose a strong password.
There is various password cracking tools present on the internet like:

● Cain & able
● John the Ripper
● THC hydra
● Aircrack (WEP/WPA cracking tool)
● L0phtcrack
● Brutus
● Or more.

THC hydra

THC hydra is a network authentication cracker which supports many different services, click here for more information.

 

When you will get this screen that ask you to enter the password, if an attacker is not the authorized person than an attacker try to crack it, in our example i will show how to use Thc hydra to pergorm the desired task.

Download thc hydra than use command prompt 

C:\Documents and Settings\user\Desktop>hydra

After that Type "hydra -L userslist.txt -P passlist.txt xxx.xxx.xxx.xxx ftp" and press
enter.

In our case hydra -L wordlist.txt -P passlist.txt 192.168.1.1 ftp and press enter.

 

Hacking A computer With Just IP address!!

Hacking a remote computer is always a hot topic among hackers and crackers, a newbie hacker or someone who wants to learn hacking always ask these questions that how to hack into a computer by just knowing the IP address. Although we have discussed so many methods before and I always insist to learn some basic commands, protocols and their usage. This is my story like I have hacked into a remote by just using IP address (I have not downloaded any file even I have not cleared the logs). This story was not planned it just happened and I am sure you will like it and you will learn a lot of things if you don't know the basic commands and protocols.

It was Saturday night and I was working hard on social engineering toolkit remote attack (WAN,Internet attack) that is why I was playing with my router for port forwarding and other stuffs, remember my ISP using a dynamic mechanism so I have created DNS server to get the static IP. It was almost night and I have decided to get some sleep and than I have saved my browser tabs so that next time I will use them.

Its Sunday evening I have opened my browser and the previous tabs open automatically and then I got pop up window it asked about the user-name and password of my router I have looked to the address bar the IP address was same as it was saved by me, I was shocked that my ISP has not changed my WAN IP (remember ISP using dynamic IP), after this I have open a website about whatismyip and I have seen that my IP is different it means the window that ask about user name and password is the IP of another computer.

Just got an idea why not to brute force it and get the access on the victim router, hydra has been discussed before, but before brute force I have decided to use guessing technique and I than I have entered so many combination but failed than I just used the default user name and password huurraaah I was in.

Security was very low, than I did a quick nmap scan to get the open ports (remember I have turned off the firewall of victim router). According to the nmap result ftp and telnet was open and then I realized how vulnerable this victim is.

 I came across to my terminal and open telnet to the victim by using the default password and I was in and now I was able to take control of this computer but this was not include in the plan.

FTP (file transfer protocol), I came to my terminal again and this time I have used FTP command with the same combination of user name and password and successful. Remember FTP access means you can download and upload files on remote computer means full access. You can use some GUI ftp client but I used command.

Countermeasure

• Always use a strong password
• Turn on your Firewall (both on router and computer)

Binding Exe file with Picture or any file extension

1. Firstly, create a new folder and make sure that the options 'show hidden files' is checked and ‘hide extensions for known file types’ is unchecked. Basically what u need is to see hidden files and see the extension of all your files on your pc.

2. Paste a copy of your server on the new created folder. let's say it's called server.exe (that's why you need the extension of files showing, cause you need to see it to change it)

3. Now you’re going to rename this server.exe to whatever you want, let’s say for example picture.jpeg

4. Windows is going to warn you if you really want to change this extension from exe to jpeg, click YES.

5. Now create a shortcut of this picture.jpeg in the same folder.

6. Now that you have a shortcut, rename it to whatever you want, for example, me.jpeg.

7. Go to properties (on file me.jpeg) and now you need to do some changes there.

8. First of all delete all the text on field START IN and leave it empty.

9. Then on field TARGET you need to write the path to open the other file (the server renamed picture.jpeg) so u have to write this: C:\WINDOWS\system32\cmd.exe /c picture.jpeg

10. The last field, c picture.jpeg is always the name of the first file. If you called the first file soccer.avi you gotta write C:\WINDOWS\system32\cmd.exe /c soccer.avi got it?

11. So what you’re doing is when someone clicks on me.jpeg, a cmd will execute the other file picture.jpeg and the server will run.

12. On that file me.jpeg (shortcut), go to properties and you have an option to change the icon. click that and a new window will pop up and u have to write this: %SystemRoot%\system32\SHELL32.dll . Then press OK.

13. You can set the properties HIDDEN for the first file (picture.jpeg) if you think it’s better to get a connection from someone.

14. But don’t forget one thing, these 2 files must always be together in the same folder and to get connected to someone they must click on the shortcut created not on the first file. So rename the files to whatever you want considering the person and the knowledge they have on this matter.



This method can be applied to ANYTHING....Just use the imagination,mp3, etc etc

Setting Up Darkcomet RAT with pictures (Noob friendly)

                       How To Setup Darkcomet RAT In Depth

I have seen many guides related setting up Darkcomet and even though some have pictures and some don’t they really don’t appeal to me so I am making a nice in depth comprehensive guide.

1. Download Darkcomet Here (took this out of another topic cannot remember which one)
2. Unpack to desktop or other location

Now that you have done those 2 simple steps the next step is rather easy. In order for your server to connect to you, you will need a dns that will update along with your IP so your server will always connect.

Create a account at http://www.no-ip.com/

Create a host by:
1. Clicking on Host/Redirects and then on add host.

2.Click in hostname and create your own for instance test then in the drop down box pick a domain name in this case it is zapto.org so your full hostname would be test.zapto.org. The IP Address etc. will be entered automatically.

 3. Once completed click create host.

The next step is to download No-IP DUC http://www.no-ip.com/downloads.php?page=win

Once it is downloaded installed it enter your username and password for username and then select your domain name and the IP will update automatically.

Part 2: How To Setup Darkcomet + Port Forward

First port forwarding now that is a problem I use a livebox and you use something else so best thing to do is find a guide on here http://portforward.com/. The next thing you do once you are in your router port forward 1604 on TCP and UDP.

Now all that is done lets get on to setting up Darkcomet.

1. Run Darkcomet
2. Once open click Darkcomet on top left and click client settings

3. Once you clicked settings click on No-IP Updater and fill out the relevant information.

 Now all of that is done you are ready to create a server and start spreading!.

Part 3: Creating A Server

This next part is really simple! And rather quick.

1. On the top left click Darkcomet RAT got to server module then full editor

 2. Now you will see the screen below!

 • Process Mutex: Click it a few times
• Server ID: Give it a ID so you know what it is
• Profile Name: Pretty self explanatory.

3. Click network settings.

 Ok this one is a important step

• IP/DNS put in your No-IP.com host you made and the port 1604 which is what you portforwarded and then click add.

Ok now you want to click build the stub and tada you created your server if all is done correctly you should see a slave if they open your file if not test it on your self using sandboxie.

If all goes well you should see this:

 I also forgot to add that the server will not be FUD you will need to encrypt it so anti-viruses will not detect it. (This will be a new tutorial) {HERE}

How to find Admin Login page Of a website

In this tutorial We will Use a Perl script and Use it to Find the admin page of a website

First:Download HERE It is script You will use to Find the admin page
Second:Download and install Activeperl From their Website,Its free

Procedure:
 After installation Of Active perl ,Extract the Admin Script In C:\perl\bin Folder and Then Goto Start>RUN>Type CMD and hit enter. Type in command Prompt "cd C:\perl\bin"

Now Type "admin.pl"

Now type The Url of website You wish to Find the admin Page of ,And Its done.

Hacking a website with SQL injection

SQL injection:

SQL injection is a technique often used to attack data driven applications. This is done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g., dump the database contents to the attacker). SQL injection is a code injection technique that exploits a security vulnerability in an application's software More On Wikipedia.

 Now the point is that we are going to use a tool for Hacking a website By SQL injection Method.

Requirements:

• This Software Here
• A website That is Exploitable.

Lets Begin !!

Now After you have found a vulnerable site Copy the link to the Havij Bar and leave every thing in that software Exactly the same.

Click analyze And after It has finished Click The "Tables" column

And Then Get DBs It will then download the databases from the website, After completion Select The database and then click Tables Tab It will Bring some Tables On the database server.

Select Any Table Involving Name like 'Users' 'Admin' etc and click Get Columns Tab, After the columns are loaded explore the and Find the username Or User column and password column.And click "Get data" You will get the data of columns you selected So There you are You have got the username and password of accounts ,Find The Id Number "1" Which is usually the Id Of the Admin ,Use the username and Password to go to Admin Panel of website.

 Thats It !!! Now you Can deface The website Using this Method .(Here)

And You can find the Admin Login Page Of a Website (Here)

How To Deaface A Website

How to find out if a website is vulnerable to SQL Injection?

As we had discussed earlier about the SQL injection, it  is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. We discussed there about the login screen bypassing, that might have been beneficial to the so called script kiddies, who approach hacking just through available scripts and codes on the web, without particular interest in the field. Anyways, you came to know, who exactly are the script kiddies.
We learnt the basics about what is SQL Injection but how can you find out if a website you are testing on, is vulnerable to SQL injection or not? Fine!! Some might be knowing, but for those who don’t know, I am going to quantify the whole process.
1. Use google dorks to find out the vulnerable sites, putting the following queries on google search engine:

inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=

Now you get a list displayed on the result page. Select one by one. Suppose we select the first result.Click on it.
2. Put  ‘ (single quote) at the extreme end of the link displayed on the address bar and press ‘enter’.Or after The "Equal to(=)" Sign
3. Now if a page opens up saying there is an SQL Error, that means the website is 110% vulnerable to SQL Injection.

How To Hack Facebook Account

Facebook now a days is not easy to hack,But I attempted to hack a account and it was good to work.

Requirements:

• A facebook accont
• A little bit of information about the victim
• A fake email (yahoo easiest)
• 3 facebook fake accounts

Lets start!
The 3 fake accounts you made ,add them to the victim account after its accepted then
Login to Facebook,Locate the victim timeline.Copy the username of the victim In the address bar.Now just log out of the account.

On facebook login page click forgot your Password Button,It will take you to a page enter the username of victim there.

Now click the search button and click this is my account Button on next page.

Now on next page click No longer have access to these As illustrated in the image

It will take you to a page "How we can reach you" Type an email that you made for the victim.

Now you come to the screen where you have to answer the secret question,In my case I known the answer ,Don't worry you don't have really to know the answer of the question.

Now on this page Click "Recover your account with help from friends"
 On next page you have to select 3 friends In our case the fake ones we made and added to the victim's account.Select Those accounts and Facebook will send each account a security code ,note those codes and then it Takes 5 minutes to hack the account.Follow the procedure facebook gave you.Easy!!

How to secure a facebook account! The best way!

Today lets begin with Facebook!
My Id on facebook is very much protected Because I have given them my Phone number and I have no security Questions!!!

Here are the steps you should do to secure your account:

1. Login to Facebook :Goto Settings tab -->Account settings -->Security menu
   Here what you do is first remove your Secret Question,It help Hackers.
2. Add A phone number In Mobile menu:
   Get back to security menu ,And turn on login notifications For both text and email.
3. In security tab Turn on login approvals .
   
   
   

Now when you will login this screen will show(whenever You login from different device)









Hope you guys understand the basics,For advance Goto your email and change the security settings to maximum extend.
When you activate this feature Facebook take your computer information, if you log in from this computer it goes via simple process but when ever someone even you will try to log in this account from a new(Unknown) computer it will send you the code to authenticate this log in. So let suppose if your account stole than the hacker does not able to log in into your account.

How to Find An Email Address of Facebook Friend

How to find an email on Facebook ? This question is most famous and there are so many people out there who are asking this question. One of our reader has asked the same question on our Facebook page and we know that many readers also want to know the procedure to get email from facebook so in this tutorial we will discuss the best way to get the email address of a friend from Facebook profile.

Facebook has an advance and smart privacy setting and you can easily hide your email and other information from any person. So let suppose your friend is a master of Facebook privacy and you want to know his/her email address for whatever purpose. 

 

          Tutorial to get email address from facebook!! 

Things You will need !

1. Yahoo account
2. The person should be your friend on facebook
3. The Brain(most Important)

Go to address.yahoo.com and click the Facebook icon, a dialog box will be appear that will ask your permission.

 

It takes some time and than you are done, you can see email addresses of your friends. Check the name of the person to whom you have to find the email and than you can easily find any email of Facebook friend.

  

How to Crack a Wi-Fi Network’s WPA Password with Reaver

Your Wi-Fi network is your conveniently wireless gateway to the internet, and since you're not keen on sharing your connection with any old hooligan who happens to be walking past your home, you secure your network with a password, right? Knowing, as you might, how easy it is to crack a WEP password, you probably secure your network using the more bulletproof WPA security protocol.
Here's the bad news: A new, free, open-source tool called Reaver exploits a security hole in wireless routers and can crack most routers' current passwords with relative ease. Here's how to crack a WPA or WPA2 password, step by step, with Reaver—and how to protect your network against Reaver attacks.

In the first section of this post, I'll walk through the steps required to crack a WPA password using Reaver. You can follow along with either the video or the text below. After that, I'll explain how Reaver works, and what you can do to protect your network against Reaver attacks.
First, a quick note: As we remind often remind readers when we discuss topics that appear potentially malicious: Knowledge is power, but power doesn't mean you should be a jerk, or do anything illegal. Knowing how to pick a lock doesn't make you a thief. Consider this post educational, or a proof-of-concept intellectual exercise. The more you know, the better you can protect yourself.

What You'll Need

You don't have to be a networking wizard to use Reaver, the command-line tool that does the heavy lifting, and if you've got a blank DVD, a computer with compatible Wi-Fi, and a few hours on your hands, you've got basically all you'll need. There are a number of ways you could set up Reaver, but here are the specific requirements for this guide:

• The BackTrack 5 Live DVD. BackTrack is a bootable Linux distribution that's filled to the brim with network testing tools, and while it's not strictly required to use Reaver, it's the easiest approach for most users. Download the Live DVD from BackTrack's download page and burn it to a DVD. You can alternately download a virtual machine image if you're using VMware, but if you don't know what VMware is, just stick with the Live DVD. As of this writing, that means you should select BackTrack 5 R1 from the Release drop-down, select Gnome, 32- or 64-bit depending on your CPU (if you don't know which you have, 32 is a safe bet), ISO for image, and then download the ISO.

• A computer with Wi-Fi and a DVD drive. BackTrack will work with the wireless card on most laptops, so chances are your laptop will work fine. However, BackTrack doesn't have a full compatibility list, so no guarantees. You'll also need a DVD drive, since that's how you'll boot into BackTrack. I used a six-year-old MacBook Pro.
• A nearby WPA-secured Wi-Fi network. Technically, it will need to be a network using WPA security with the WPS feature enabled. I'll explain in more detail in the "How Reaver Works" section how WPS creates the security hole that makes WPA cracking possible.
• A little patience. This is a 4-step process, and while it's not terribly difficult to crack a WPA password with Reaver, it's a brute-force attack, which means your computer will be testing a number of different combinations of cracks on your router before it finds the right one. When I tested it, Reaver took roughly 2.5 hours to successfully crack my password. The Reaver home page suggests it can take anywhere from 4-10 hours. Your mileage may vary.

Let's Get Crackin'

At this point you should have BackTrack burned to a DVD, and you should have your laptop handy.

Step 1: Boot into BackTrack

To boot into BackTrack, just put the DVD in your drive and boot your machine from the disc. (Google around if you don't know anything about live CDs/DVDs and need help with this part.) During the boot process, BackTrack will prompt you to to choose the boot mode. Select "BackTrack Text - Default Boot Text Mode" and press Enter.

Eventually BackTrack will boot to a command line prompt. When you've reached the prompt, type startx and press Enter. BackTrack will boot into its graphical interface.

Step 2: Install Reaver

Reaver has been added to the bleeding edge version of BackTrack, but it's not yet incorporated with the live DVD, so as of this writing, you need to install Reaver before proceeding. (Eventually, Reaver will simply be incorporated with BackTrack by default.) To install Reaver, you'll first need to connect to a Wi-Fi network that you have the password to.

1. Click Applications > Internet > Wicd Network Manager
2. Select your network and click Connect, enter your password if necessary, click OK, and then click Connect a second time.

Now that you're online, let's install Reaver. Click the Terminal button in the menu bar (or click Applications > Accessories > Terminal). At the prompt, type:

apt-get update

And then, after the update completes:

apt-get install reaver

If all went well, Reaver should now be installed. It may seem a little lame that you need to connect to a network to do this, but it will remain installed until you reboot your computer. At this point, go ahead and disconnect from the network by opening Wicd Network Manager again and clicking Disconnect. (You may not strictly need to do this. I did just because it felt like I was somehow cheating if I were already connected to a network.)

Step 3: Gather Your Device Information, Prep Your Crackin'

In order to use Reaver, you need to get your wireless card's interface name, the BSSID of the router you're attempting to crack (the BSSID is a unique series of letters and numbers that identifies a router), and you need to make sure your wireless card is in monitor mode. So let's do all that.
Find your wireless card: Inside Terminal, type:

 iwconfig 

Press Enter. You should see a wireless device in the subsequent list. Most likely, it'll be named wlan0, but if you have more than one wireless card, or a more unusual networking setup, it may be named something different.



Put your wireless card into monitor mode: Assuming your wireless card's interface name is wlan0, execute the following command to put your wireless card into monitor mode:

airmon-ng start wlan0 

This command will output the name of monitor mode interface, which you'll also want to make note of. Most likely, it'll be mon0, like in the screenshot below. Make note of that.

Find the BSSID of the router you want to crack: Lastly, you need to get the unique identifier of the router you're attempting to crack so that you can point Reaver in the right direction. To do this, execute the following command:

airodump-ng wlan0 

(Note: If airodump-ng wlan0 doesn't work for you, you may want to try the monitor interface instead—e.g., airodump-ng mon0.)
You'll see a list of the wireless networks in range—it'll look something like the screenshot below:

When you see the network you want, press Ctrl+C to stop the list from refreshing, then copy that network's BSSID (it's the series of letters, numbers, and colons on the far left). The network should have WPA or WPA2 listed under the ENC column.(If it's WEP, use our previous guide to cracking WEP passwords.)

Now, with the BSSID and monitor interface name in hand, you've got everything you need to start up Reaver.

Step 4: Crack a Network's WPA Password with Reaver

Now execute the following command in the Terminal, replacing bssid and moninterface with the BSSID and monitor interface and you copied down above:

reaver -i moninterface -b bssid -vv

For example, if your monitor interface was mon0 like mine, and your BSSID was 8D:AE:9D:65:1F:B2 (a BSSID I just made up), your command would look like:

 reaver -i mon0 -b 8D:AE:9D:65:1F:B2 -vv 

Press Enter, sit back, and let Reaver work its disturbing magic. Reaver will now try a series of PINs on the router in a brute force attack, one after another. This will take a while. In my successful test, Reaver took 2 hours and 30 minutes to crack the network and deliver me with the correct password. As mentioned above, the Reaver documentation says it can take between 4 and 10 hours, so it could take more or less time than I experienced, depending. When Reaver's cracking has completed, it'll look like this:

A few important factors to consider: Reaver worked exactly as advertised in my test, but it won't necessarily work on all routers (see more below). Also, the router you're cracking needs to have a relatively strong signal, so if you're hardly in range of a router, you'll likely experience problems, and Reaver may not work. Throughout the process, Reaver would sometimes experience a timeout, sometimes get locked in a loop trying the same PIN repeatedly, and so on. I just let it keep on running, and kept it close to the router, and eventually it worked its way through.
Also of note, you can also pause your progress at any time by pressing Ctrl+C while Reaver is running. This will quit the process, but Reaver will save any progress so that next time you run the command, you can pick up where you left off-as long as you don't shut down your computer (which, if you're running off a live DVD, will reset everything).

How Reaver Works

Now that you've seen how to use Reaver, let's take a quick overview of how Reaver works. The tool takes advantage of a vulnerability in something called Wi-Fi Protected Setup, or WPS. It's a feature that exists on many routers, intended to provide an easy setup process, and it's tied to a PIN that's hard-coded into the device. Reaver exploits a flaw in these PINs; the result is that, with enough time, it can reveal your WPA or WPA2 password.

How to Protect Yourself Against Reaver Attacks

Since the vulnerability lies in the implementation of WPS, your network should be safe if you can simply turn off WPS (or, even better, if your router doesn't support it in the first place). Unfortunately, as Gallagher points out as Ars, even with WPS manually turned off through his router's settings, Reaver was still able to crack his password.

In a phone conversation, Craig Heffner said that the inability to shut this vulnerability down is widespread. He and others have found it to occur with every Linksys and Cisco Valet wireless access point they've tested. "On all of the Linksys routers, you cannot manually disable WPS," he said. While the Web interface has a radio button that allegedly turns off WPS configuration, "it's still on and still vulnerable.

So that's kind of a bummer. You may still want to try disabling WPS on your router if you can, and test it against Reaver to see if it helps.
You could also set up MAC address filtering on your router (which only allows specifically whitelisted devices to connect to your network), but a sufficiently savvy hacker could detect the MAC address of a whitelisted device and use MAC address spoofing to imitate that computer.
Double bummer. So what will work?
I have the open-source router firmware DD-WRT installed on my router and I was unable to use Reaver to crack its password. As it turns out, DD-WRT does not support WPS, so there's yet another reason to love the free router-booster. If that's got you interested in DD-WRT, check their supported devices list to see if your router's supported. It's a good security upgrade, and DD-WRT can also do cool things like monitor your internet usage, set up a network hard drive, act as a whole-house ad blocker, boost the range of your Wi-Fi network, and more. It essentially turns your $60 router into a $600 router.

How to Crack a Wi-Fi Network’s WEP Password with BackTrack

You already know that if you want to lock down your Wi-Fi network, you should opt for WPA because WEP is easy to crack. But did you know how easy? Take a look.

Note: This post demonstrates how to crack WEP passwords, an older and less often used network security protocol. If the network you want to crack is using the more popular WPA encryption, see our guide to cracking a Wi-Fi network's WPA password with Reaver instead.

Today we're going to run down, step-by-step, how to crack a Wi-Fi network with WEP security turned on. But first, a word: Knowledge is power, but power doesn't mean you should be a jerk, or do anything illegal. Knowing how to pick a lock doesn't make you a thief. Consider this post educational, or a proof-of-concept intellectual exercise.

Dozens of tutorials on how to crack WEP are already all over the internet using this method. Seriously—Google it. This ain't what you'd call "news." But what is surprising is that someone like me, with minimal networking experience, can get this done with free software and a cheap Wi-Fi adapter. Here's how it goes.

Unless you're a computer security and networking ninja, chances are you don't have all the tools on hand to get this job done. Here's what you'll need:
    A compatible wireless adapter—This is the biggest requirement. You'll need a wireless adapter that's capable of packet injection, and chances are the one in your computer is not. After consulting with my friendly neighborhood security expert, I purchased an Alfa AWUS050NH USB adapter, pictured here, and it set me back about $50 on Amazon. Update: Don't do what I did. Get the Alfa AWUS036H, not the US050NH, instead.

   A BackTrack Live CD. Or A USB Boot Of Backtrack:
Linux Live CD that lets you do all sorts of security testing and tasks. Download yourself a copy of the CD and burn it, or load it up in VMware to get started(you dont have to worry about VMware Yet).

   A nearby WEP-enabled Wi-Fi network. The signal should be strong and ideally people are using it, connecting and disconnecting their devices from it. The more use it gets while you collect the data you need to run your crack, the better your chances of success.

   Patience with the command line. This is an ten-step process that requires typing in long, arcane commands and waiting around for your Wi-Fi card to collect data in order to crack the password. Like the doctor said to the short person, be a little patient.

Crack That WEP

 To crack WEP, you'll need to launch Konsole, BackTrack's built-in command line. It's right there on the taskbar in the lower left corner, second button to the right. Now, the commands.
If you can't get to desktop then type "startx" on the root.
After you have opened a Konsole Terminal Type :

airmon-ng

It will give you list of network interfaces.
The only one I've got there is labeled ra0. Yours may be different; take note of the label and write it down. From here on in, substitute it in everywhere a command includes (interface).

Now, run the following four commands. See the output that I got for them in the screenshot below.

airmon-ng stop (interface)
ifconfig (interface) down
macchanger --mac 00:11:22:33:44:55 (interface)
airmon-ng start (interface)

If you don't get the same results from these commands as pictured here, most likely your network adapter won't work with this particular crack. If you do, you've successfully "faked" a new MAC address on your network interface, 00:11:22:33:44:55.







Now it's time to pick your network. Run:

airodump-ng (interface)

In my Case Its some thing like :

airodump-ng ra0

To see a list of wireless networks around you. When you see the one you want, hit Ctrl+C to stop the list. Highlight the row pertaining to the network of interest, and take note of two things: its BSSID and its channel (in the column labeled CH), as pictured below. Obviously the network you want to crack should have WEP encryption (in the ENC) column, not WPA or anything else.

Like I said, hit Ctrl+C to stop this listing. (I had to do this once or twice to find the network I was looking for.) Once you've got it, highlight the BSSID and copy it to your clipboard for reuse in the upcoming commands.

Now we're going to watch what's going on with that network you chose and capture that information to a file. Run:

airodump-ng -c (channel) -w (file name) --bssid (bssid) (interface)

Where (channel) is your network's channel, and (bssid) is the BSSID you just copied to clipboard. You can use the Shift+Insert key combination to paste it into the command. Enter anything descriptive for (file name). I chose "yoyo," which is the network's name I'm cracking.

You'll get output like what's in the window in the background pictured below. Leave that one be. Open a new Konsole window in the foreground, and enter this command:

aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid) (interface)

Here the ESSID is the access point's SSID name, which in my case is yoyo. What you want to get after this command is the reassuring "Association successful" message with that smiley face.

 You're almost there. Now it's time for:

aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 (interface)

Here we're creating router traffic to capture more throughput faster to speed up our crack. After a few minutes, that front window will start going crazy with read/write packets. (Also, I was unable to surf the web with the yoyo network on a separate computer while this was going on.) Here's the part where you might have to grab yourself a cup of coffee or take a walk. Basically you want to wait until enough data has been collected to run your crack. Watch the number in the "#Data" column—you want it to go above 10,000. (Pictured below it's only at 854.)

Depending on the power of your network (mine is inexplicably low at -32 in that screenshot, even though the yoyo AP was in the same room as my adapter), this process could take some time. Wait until that #Data goes over 10k, though—because the crack won't work if it doesn't. In fact, you may need more than 10k, though that seems to be a working threshold for many.

Once you've collected enough data, it's the moment of truth. Launch a third Konsole window and run the following to crack that data you've collected:

aircrack-ng -b (bssid) (file name-01.cap)

Here the filename should be whatever you entered above for (file name). You can browse to your Home directory to see it; it's the one with .cap as the extension.

If you didn't get enough data, aircrack will fail and tell you to try again with more. If it succeeds, it will look like this:

The WEP key appears next to "KEY FOUND." Drop the colons and enter it to log onto the network.

Problems Along the Way:

With this article I set out to prove that cracking WEP is a relatively "easy" process for someone determined and willing to get the hardware and software going. I still think that's true, but unlike the guy in the video below, I had several difficulties along the way. In fact, you'll notice that the last screenshot up there doesn't look like the others—it's because it's not mine. Even though the AP which I was cracking was my own and in the same room as my Alfa, the power reading on the signal was always around -30, and so the data collection was very slow, and BackTrack would consistently crash before it was complete. After about half a dozen attempts (and trying BackTrack on both my Mac and PC, as a live CD and a virtual machine), I still haven't captured enough data for aircrack to decrypt the key.

So while this process is easy in theory, your mileage may vary depending on your hardware, proximity to the AP point, and the way the planets are aligned. Oh yeah, and if you're on deadline—Murphy's Law almost guarantees it won't work if you're on deadline.

Got any experience with the WEP cracking courtesy of BackTrack? What do you have to say about it? Give it up in the comments.