Access Protected WiFi Networks – A HowTo

Posted by Samara Sideways | Filed under Uncategorized

We breath in these WiFi signals all day everyday, therefore as part of the air we must breath to survive we in part OWN this internet and therefore in at least my mind have a constitutional RIGHT to access it! FOR FREE! So the question arises HOW does one go about accessing these secured WiFi networks to gain access to that ever longing internet signal? I have the answer for you here! Actually even the most computer illiterate can do it, so fear not! I will walk you through it, least for now WEP encrypted WiFi signals….

First off you need the correct wireless adapter….I personally recommend data-alliance.net and for you to purchase 2 items, first being your new wireless adapter which plugs into your USB port on your computer, and secondly a GOOD antenna for your adapter. All said and done….cost is about $57 with shipping! WOW! that’s about the cost of 1 month EVDO service from Verizon!

Second you need the software to be able to crack these encrypted WiFi signals….I suggest BackTrack 3 Final Release available HERE. It is based on a “live” edition, so all you got to do is pop the freshly burnt CD into your drive and boot from it…NOTHING to install!

Now that you have all the proper and necessary hard and software….lets get started, shall we?

First lets pop that BackTrack 3 live CD into your computers drive…..oops, lets back up for a second….attach that nice new antenna to the new Alfa adapter and plug the adapter into your computer…new we can start it up!

Now here we go…the language most likely will be quite foreign to you, however just follow along, and in no time you will be connected!

Crack That WEP

To crack WEP, you’ll need to launch Konsole, BackTrack’s built-in command line. It’s right there on the taskbar in the lower left corner, second button to the right. Now, the commands.

First run the following to get a list of your network interfaces:

airmon-ng

The only one I’ve got there is labeled ra0. Yours may be different; take note of the label and write it down. From here on in, substitute it in everywhere a command includes (interface).

Now, run the following four commands. See the output that I got for them in the screenshot below.


airmon-ng stop (interface)
ifconfig (interface) down
macchanger --mac 00:11:22:33:44:55 (interface)
airmon-ng start (interface)

If you don’t get the same results from these commands as pictured here, most likely your network adapter won’t work with this particular crack. If you do, you’ve successfully “faked” a new MAC address on your network interface, 00:11:22:33:44:55.

Now it’s time to pick your network. Run:

airodump-ng (interface)

To see a list of wireless networks around you. When you see the one you want, hit Ctrl+C to stop the list. Highlight the row pertaining to the network of interest, and take note of two things: its BSSID and its channel (in the column labeled CH), as pictured below. Obviously the network you want to crack should have WEP encryption (in the ENC) column, not WPA or anything else.

Like I said, hit Ctrl+C to stop this listing. (I had to do this once or twice to find the network I was looking for.) Once you’ve got it, highlight the BSSID and copy it to your clipboard for reuse in the upcoming commands.

Now we’re going to watch what’s going on with that network you chose and capture that information to a file. Run:

airodump-ng -c (channel) -w (file name) --bssid (bssid) (interface)

Where (channel) is your network’s channel, and (bssid) is the BSSID you just copied to clipboard. You can use the Shift+Insert key combination to paste it into the command. Enter anything descriptive for (file name). I chose “yoyo,” which is the network’s name I’m cracking.

You’ll get output like what’s in the window in the background pictured below. Leave that one be. Open a new Konsole window in the foreground, and enter this command:

aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid) (interface)

Here the ESSID is the access point’s SSID name, which in my case is yoyo. What you want to get after this command is the reassuring “Association successful” message with that smiley face.

You’re almost there. Now it’s time for:

aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 (interface)

Here we’re creating router traffic to capture more throughput faster to speed up our crack. After a few minutes, that front window will start going crazy with read/write packets. (Also, I was unable to surf the web with the yoyo network on a separate computer while this was going on.) Here’s the part where you might have to grab yourself a cup of coffee or take a walk. Basically you want to wait until enough data has been collected to run your crack. Watch the number in the “#Data” column—you want it to go above 10,000. (Pictured below it’s only at 854.)

Depending on the power of your network (mine is inexplicably low at -32 in that screenshot, even though the yoyo AP was in the same room as my adapter), this process could take some time. Wait until that #Data goes over 10k, though—because the crack won’t work if it doesn’t. In fact, you may need more than 10k, though that seems to be a working threshold for many.

Once you’ve collected enough data, it’s the moment of truth. Launch a third Konsole window and run the following to crack that data you’ve collected:

aircrack-ng -b (bssid) (file name-01.cap)

Here the filename should be whatever you entered above for (file name). You can browse to your Home directory to see it; it’s the one with .cap as the extension.

If you didn’t get enough data, aircrack will fail and tell you to try again with more. If it succeeds, it will look like this:

The WEP key appears next to “KEY FOUND.” Drop the colons and enter it to log onto the network.

If at first you don’t succeed….keep trying, you will learn this….my best tip, print this out and reference it while in backtrack3 you WILL need it!!!

These instructions were brought to you by: lifehacker.com Ya, so what I copied and pasted….but your link is here…get over it lifehacker! :)

Permalink | February 7th, 2010

8 Responses to “Access Protected WiFi Networks – A HowTo”

  1. timmymac Says:
    February 7th, 2010 at 8:09 PM

    — In a yahoo forum, Samara Sideways wrote:
    >
    > To my educated (I am a certified Paralegal) knowledge, as long as the keys
    snipped….

    and quoting from Samara’s blog: “[W]e in part OWN this internet and therefore in at least my mind have a constitutional RIGHT to access it! FOR FREE!”

    I gotta ask… **Are you SERIOUS!!**
    You’re a paralegal who advocates the electronic equivalent of breaking and entering, and that we have a constitutional right to do so. Yet in your instructions you specifically include steps to spoof your MAC address in an attempt to avoid identification/prosecution.

    http://seclists.org/pen-test/2007/May/188

    {headshake}
    Sure, WEP encryption is insecure. So are cabinet locks to anyone armed with a paperclip and a little knowledge. That doesn’t mean using other people’s network (or opening locked cabinets which aren’t yours) is right or legal.

  2. Samara Sideways Says:
    February 7th, 2010 at 9:26 PM

    Yes I approve of it….got a issue with my beliefs? Please take it elsewhere…..

  3. Samara Sideways Says:
    February 7th, 2010 at 9:29 PM

    Timmymac….I quote you “Yet in your instructions you specifically include steps to spoof your MAC address in an attempt to avoid identification/prosecution. ” That IS part of the steps taken….like it or not….if you dont like it, then why dont you start a campaign for FREE universal internet access for all in the US?

  4. timmymac Says:
    February 7th, 2010 at 11:16 PM

    Samara, I was under the impression that you had written the article, but I see that you copied it from Lifehacker, who in turn had copied it from another source. So, it wasn’t you that originated the spoofing of the MAC address.
    Just for clarity, changing the MAC address of your network connection is not required to do decryption and cracking of the password. It’s only to make it harder to identify the computer that is doing the injection. This was not made clear in the Lifehacker article, hence it wasn’t clear in yours.

    Something to keep in mind is that changing the MAC while cracking the key will likely prevent positive identification of your computer. However if you subsequently power off your computer and reboot into your OS of choice, your MAC address will reset back to it’s normal unique value. So, if you use that password to connect to the encrypted network while you’re running windows, your MAC will be logged. This MAC address is specific to your hardware, and will make the prosecutors job much easier.

    Sure, if the network belongs to someone without a clue, you’ll get away with it. But you’ll leave tracks which can uniquely identify your computer. If the admin figures out who you are, and want’s to press charges, you’re gonna be in a world of trouble.

    If the admin knows what they are doing (and for some crazy reason they are using WEP without MAC filtering, who knows why… They should be using WPA/AES, not WEP) and is feeling malicious, you’re gonna be in a different world of trouble. You’re connecting your computer to their network. Your computer is now open to attack from their systems.

    To put a funny slant on it (and put it into perspective):
    http://xkcd.com/341/

    There are actions which are legal in the US, and others that I wish were legal in the US but aren’t. The important thing is to be able to tell the difference and act accordingly.

    To quote from the intro of the LifeHacker article:
    “But first, a word: Knowledge is power, but power doesn’t mean you should be a jerk, or do anything illegal. Knowing how to pick a lock doesn’t make you a thief. Consider this post educational, or a proof-of-concept intellectual exercise.”

    The comments in the lifehacker article should be rather enlightening as to the pros and cons of cracking WEP.

    Seriously, I’m not picking on you or trolling, I’m just providing a different viewpoint on this particular issue.

    Best wishes on your van conversion and I hope you’re staying warm in Denver.
    Have fun, and be safe.

  5. Samara Sideways Says:
    February 8th, 2010 at 9:55 AM

    Yes, i understand the MAC address issues, however think of it not in those terms…..typing 00:11:22:33:44:55 is MUCH easier than likely your MAC address….most networks do not have MAC address filtering…..on the WPA/AES note you bring up, I agree this is the most secure…I don’t have 5000 years to wait to crack that one, however the TKIP can be cracked in about 15 minutes, and after just a coursery review of the 12+ networks I can see right now, 8 are WEP and 6 are TKIP and the last ore either unsecured or are AES/TKIP. I do not condone cracking WiFi networks…if I have to breath the air they are in, then as I stated it is my right….laws be damned! 99.9% of the networks you crack and access will never know you were on them! I have never had an issue doing this! I would not suggest doing this to a monitored network tho….BIG TROUBLE there!

  6. making bird feeders Says:
    February 18th, 2010 at 7:28 AM

    Thank you for the sound critique. Me and my neighbor were just setting up to do some research about this. I am very glad to see such great info being shared freely out there.

  7. Alphonso Auber Says:
    February 18th, 2010 at 2:32 PM

    I posted your article to my myspace profile.

  8. growth hormone Says:
    February 20th, 2010 at 10:03 PM

    Great Post. Really it will help lot of people. Thanks for the post.

Leave a Reply