Arciduca - Alphabay
EVERYTHING ABOUT WIFI CRACKING, Table of Contents
Executive Summary ………………………………………………………..……. 2
Before the fun part Start ……………………………………………………..…... 3
ARP Protocol …………………………………………………………………….. 4
Discovery of Networks ….……………………………………………………….. 6
Wireless Networks ….……………………………………………...…………….. 7
Software …………….……………………………………………...…………….. 11
Wireshark …..……….……………………………………………...…………….. 13
Wireless Deauthentication Attack ………………………………...…………….... 21
Fake Authentication ……………………………….………...…..……………….. 23
MAC Filtering ……………………………….………...…..………………….….. 27
Cracking WEP with a connected client (OPEN System) ……………….…….….. 29
Cracking WEP without a connected client (OPEN System) ……...…….…….….. 35
Cracking WEP (Shared Key Authentication) ……………….…….…….…….…. 41
Cracking WPA (Dictionary Mode) ……………….…….…….…………….….… 46
Cracking WPA (Database Mode) ……………….…….…….…………….…...…. 50
Hidden ESSID ……………….…….…….…….………………………….…...…. 55
Cracking WPA (Wi-Fi Protected Setup) ……………….………….…..............…. 57
1
, Arciduca - Alphabay
Executive Summary
Over the past months I’ve been learning about Network Security. I’ve started reading
documents like this and so I’m writing this tutorial not to teach anyone how to break
into their neighbor’s network and get free internet or valuable information. No. I’m
writing this because even not being an expert, I hope that this could be useful to those
who don’t know where to begin learning about it.
Backtrack, currently in it fifth version, Backtrack 5, is an operating system based on
Ubuntu GNU/Linux distribution and it is aimed at digital forensics and penetration
testing use. It is named after backtracking, a search algorithm.
Backtrack have tons of tools that could be useful, I’ll be talking about some that already
come with Backtrack and some other that you need to install if you are using an older
version than Backtrack 5 R2. I’ll add to this document how to install those programs.
Through the Document let’s imagine I’m an attacker, attacking Wireless Networks.
In this tutorial I’ll be using one Computer, with Windows 7 and VMware installed with
Backtrack 5 R2, the attacker computer.
I will use two routers through the Tutorials because my old Router (Conceptronic
c54brs4) doesn’t support WPS to use against Reaver so I’ll use a TP-LINK TL-
WR841ND.
Don’t forget, the attacker pc must be using a Wireless Card that supports “packet
injection” in order to perform some attacks.
2
, Arciduca - Alphabay
My Setup
Router (Conceptronic C54BRS4)
Attacker Antenna (TP-LINK TL-
WN722N)
Router (TP-LINK TL-WR841ND)
Before the fun part start
Before we start the fun part I would like to write about some network basics. Thus, this
paper will be helpful even you don’t have a really good knowledge of what it is a
network and how it works. Even if you know how a network works, you might find the
texts bellow interesting anyway.
3
, Arciduca - Alphabay
The ARP Protocol
In networks there are a variety of protocols. One of them is the ARP Protocol.
ARP stands for Address Resolution Protocol.
Before we start with the ARP Protocol, let’s just remember what are Physical Addresses
and Logical Addresses.
Physical Addresses – It’s what we know as MAC (Media Access Control) which is
associated to a device. This address is composed by 48 bits (12 hexadecimal characters)
Logical Addresses – They are what we often call as IP Address.
How does the ARP Protocol works?
In a network when a computer wants to find another one it has to know the IP of that
computer but the information inserted in the packets is the MAC Address of the
destination computer.
When you only know the IP you need to ask for the MAC. Using the ARP Protocol, that
resolves IP Addresses into MAC Addresses.
For example
Imagine a computer, let’s just say Computer A, with an IP 192.168.2.105 and it wants
to communicate with a computer with an IP 192.168.2.100, Computer B.
4
EVERYTHING ABOUT WIFI CRACKING, Table of Contents
Executive Summary ………………………………………………………..……. 2
Before the fun part Start ……………………………………………………..…... 3
ARP Protocol …………………………………………………………………….. 4
Discovery of Networks ….……………………………………………………….. 6
Wireless Networks ….……………………………………………...…………….. 7
Software …………….……………………………………………...…………….. 11
Wireshark …..……….……………………………………………...…………….. 13
Wireless Deauthentication Attack ………………………………...…………….... 21
Fake Authentication ……………………………….………...…..……………….. 23
MAC Filtering ……………………………….………...…..………………….….. 27
Cracking WEP with a connected client (OPEN System) ……………….…….….. 29
Cracking WEP without a connected client (OPEN System) ……...…….…….….. 35
Cracking WEP (Shared Key Authentication) ……………….…….…….…….…. 41
Cracking WPA (Dictionary Mode) ……………….…….…….…………….….… 46
Cracking WPA (Database Mode) ……………….…….…….…………….…...…. 50
Hidden ESSID ……………….…….…….…….………………………….…...…. 55
Cracking WPA (Wi-Fi Protected Setup) ……………….………….…..............…. 57
1
, Arciduca - Alphabay
Executive Summary
Over the past months I’ve been learning about Network Security. I’ve started reading
documents like this and so I’m writing this tutorial not to teach anyone how to break
into their neighbor’s network and get free internet or valuable information. No. I’m
writing this because even not being an expert, I hope that this could be useful to those
who don’t know where to begin learning about it.
Backtrack, currently in it fifth version, Backtrack 5, is an operating system based on
Ubuntu GNU/Linux distribution and it is aimed at digital forensics and penetration
testing use. It is named after backtracking, a search algorithm.
Backtrack have tons of tools that could be useful, I’ll be talking about some that already
come with Backtrack and some other that you need to install if you are using an older
version than Backtrack 5 R2. I’ll add to this document how to install those programs.
Through the Document let’s imagine I’m an attacker, attacking Wireless Networks.
In this tutorial I’ll be using one Computer, with Windows 7 and VMware installed with
Backtrack 5 R2, the attacker computer.
I will use two routers through the Tutorials because my old Router (Conceptronic
c54brs4) doesn’t support WPS to use against Reaver so I’ll use a TP-LINK TL-
WR841ND.
Don’t forget, the attacker pc must be using a Wireless Card that supports “packet
injection” in order to perform some attacks.
2
, Arciduca - Alphabay
My Setup
Router (Conceptronic C54BRS4)
Attacker Antenna (TP-LINK TL-
WN722N)
Router (TP-LINK TL-WR841ND)
Before the fun part start
Before we start the fun part I would like to write about some network basics. Thus, this
paper will be helpful even you don’t have a really good knowledge of what it is a
network and how it works. Even if you know how a network works, you might find the
texts bellow interesting anyway.
3
, Arciduca - Alphabay
The ARP Protocol
In networks there are a variety of protocols. One of them is the ARP Protocol.
ARP stands for Address Resolution Protocol.
Before we start with the ARP Protocol, let’s just remember what are Physical Addresses
and Logical Addresses.
Physical Addresses – It’s what we know as MAC (Media Access Control) which is
associated to a device. This address is composed by 48 bits (12 hexadecimal characters)
Logical Addresses – They are what we often call as IP Address.
How does the ARP Protocol works?
In a network when a computer wants to find another one it has to know the IP of that
computer but the information inserted in the packets is the MAC Address of the
destination computer.
When you only know the IP you need to ask for the MAC. Using the ARP Protocol, that
resolves IP Addresses into MAC Addresses.
For example
Imagine a computer, let’s just say Computer A, with an IP 192.168.2.105 and it wants
to communicate with a computer with an IP 192.168.2.100, Computer B.
4
