- Wep Cracking Wireless Hacking Live Cd Download Fbi Version Number Free
- Wep Cracking Wireless Hacking Live Cd Download Fbi Version Number 2
- Wep Cracking Wireless Hacking Live Cd Download Fbi Version Number 1
- Wep Cracking Wireless Hacking Live Cd Download Fbi Version Numbers
Wep Cracking Wireless Hacking Live Cd Download Fbi Version Number Free
11 Responses to OSWA Assistant – Wireless Hacking & Auditing LiveCD Toolkit the BMX guy June 9, 2008 at 11:28 am # Nice thing to have, especially if you are like with only a basic understanding of how WiFi works and the need to be secure. Wireless Hacking Live - FBI version ISO 635.24 MB Live Cd For Wireless Hacking, Also Used By The FBI This version is for all systems except systems with the Intel B/G wireless cards (IPW2200). - Live CD with all the tools you need to hack a WLAN / wireless Access point - Linux Live-CD - OS runs from CD - 635 mb -.iso - also used by the FBI. Wep Cracking Wireless Hacking Live Cd Download Fbi Version. Securing information, there are tools and techniques. In this white paper. Finally a brief about wireless security has been described here. The evolving Internet and its related. Internet service providers. Regardless of the number of. Internet, each has.
BackTrack is a distribution based on the Debian GNU/Linux distribution aimed at digital forensics and penetration testing use. It is named after backtracking, a search algorithm. The current version is BackTrack5r3History
The BackTrack distribution originated from the merger of two formerly competing distributions which focused on penetration testing:- WHAX: a Slax based Linux distribution developed by Mati Aharoni, a security consultant. Earlier versions of WHAX were called Whoppix and were based on Knoppix.
- Auditor Security Collection: a Live CD based on Knoppix developed by Max Moser which included over 300 tools organized in a user-friendly hierarchy.
Tools
BackTrack provides users with easy access to a comprehensive and large collection of security-related tools ranging from port scanners to password crackers. Support for Live CD and Live USB functionality allows users to boot BackTrack directly from portable media without requiring installation, though permanent installation to hard disk is also an option.Releases
Date | Release |
---|---|
February 5, 2006 | BackTrack v.1.0 Beta |
May 26, 2006 | The BackTrack project released its first non-beta version (1.0). |
March 6, 2007 | BackTrack 2 final released. |
June 19, 2008 | BackTrack 3 final released. |
January 9, 2010 | BackTrack 4 final release. (Linux kernel 2.6.30.9) |
May 8, 2010 | BackTrack 4 R1 release |
November 22, 2010 | BackTrack 4 R2 release |
May 10, 2011 | BackTrack 5 release (Linux kernel 2.6.38) |
August 18, 2011 | BackTrack 5 R1 release (Linux kernel 2.6.39.4) |
March 1, 2012 | BackTrack 5 R2 release (Linux kernel 3.2.6) |
August 13, 2012 | BackTrack 5 R3 release |
A. SCOPE
This tutorial is intended for user’s with little or no experience with linux or wifi. The folks over at remote-exploit have released “Backtrack” a tool which makes it ridiculously easy to access any network secured by WEP encryption. This tutorial aims to guide you through the process of using it effectively.Required Tools
- You will need a computer with a wireless adapter listed here
- Download Backtrack and burn it’s image to a CD
B. OVERVIEW
BACKTRACK is a bootable live cd with a myriad of wireless and tcp/ip networking tools. This tutorial will only cover the included kismet and aircrack-ng suite of tools.Tools Overview
- Kismet – a wireless network detector and packet sniffer
- airmon – a tool that can help you set your wireless adapter into monitor mode (rfmon)
- airodump – a tool for capturing packets from a wireless router (otherwise known as an AP)
- aireplay – a tool for forging ARP requests
- aircrack – a tool for decrypting WEP keys
- iwconfig – a tool for configuring wireless adapters. You can use this to ensure that your wireless adapter is in “monitor” mode which is essential to sending fake ARP requests to the target router
- macchanger – a tool that allows you to view and/or spoof (fake) your MAC address
Glossary of Terms
- AP: Access Point: a wireless router
- MAC Address: Media Access Control address, a unique id assigned to wireless adapters and routers. It comes in hexadecimal format (ie 00:11:ef:22:a3:6a)
- BSSID: Access Point’s MAC address
- ESSID: Access Point’s Broadcast name. (ie linksys, default, belkin etc) Some AP’s will not broadcast their name but Kismet may be able to detect it anyway
- TERMINAL: MS-Dos like command line interface. You can open this by clicking the black box icon next to the start key in backtrack
- WEP: short for Wired Equivalency Privacy, it is a security protocol for Wi-Fi networks
- WPA: short for WiFi Protected Access. a more secure protocal than WEP for wireless networks. NOTE: this tutorial does not cover cracking WPA encryption
C. DISCLAIMER
Hacking into someone’s wireless network without permission is probably against the law. I wouldn’t recommend doing it. I didn’t break into anyone else’s network while learning how to do this.D. IMPLEMENTATION
STEP 1
Monitoring Wireless Traffic With Kismet
Place the backtrack CD into your cd-rom drive and boot into Backtrack. You may need to change a setting in your bios to boot from cd rom. During boot up you should see a message like “Hit ctrl+esc to change bios settings”. Changing your first boot device to cdrom will do the trick. Once booted into linux, login as root with username: root password: toor. These are the default username and password used by backtrack. A command prompt will appear. Type startx to start KDE (a ‘windows’ like workspace for linux).Once KDE is up and running start kismet by clicking on the start key and browsing to Backtrack->Wireless Tools -> Analyzers ->Kismet. Alternatively you can open a Terminal and type:
kismetKismet will start running and may prompt you for your wireless adapter. Choose the appropriate adapter, most likely ‘ath0′, and sit back as kismet starts detecting networks in range.
NOTE: We use kismet for two reasons.
- To find the bssid, essid, and channel number of the AP you are accessing.
- Kismet automatically puts your wireless adapter into monitor mode (rfmon). It does this by creating a VAP (virtual access point?) or in other words, instead of only having ath0 as my wireless card it creates a virtual wifi0 and puts ath0 into monitor mode automatically. To find out your device’s name just type:
iwconfigWhich will look something like this:
While kismet detects networks and various clients accessing those networks you might want to type ‘s’ and then ‘Q’ (case sensitive). This sorts all of the AP’s in your area by their signal strength. The default ‘autofit’ mode that kismet starts up in doesn’t allow you much flexibility. By sorting AP’s by signal strength you can scroll through the list with the arrow keys and hit enter on any AP you want more information on. (side note: when selecting target AP keep in mind this tutorial only covers accessing host AP’s that use WEP encryption. In kismet the flags for encryption are Y/N/0. Y=WEP N=Open Network- no encryption 0= other: WPA most likely.) Further reading on Kismet is available here.
Select the AP (access point) you want to access. Copy and paste the broadcast name(essid), mac address(bssid), and channel number of your target AP into a text editor. Backtrack is KDE based so you can use kwrite. Just open a terminal and type in ‘kwrite’ or select it from the start button. In Backtrack’s terminal to copy and paste you use shift+ctrl+c and shift+control+v respectively. Leave kismet running to leave your wireless adapter in monitor mode. You can also use airmon to do this manually.
airmon-ng -h
for more help with thisSTEP 2
Collecting Data With Airodump
Open up a new terminal and start airodump so we can collect ARP replies from the target AP. Airodump is fairly straight forward for help with this program you can always type “airodump-ng -h” at the command prompt for additional options.
airodump-ng ath0 -w /mnt/hda2/home/ryan/belkin_slax_rcu 9 1Breaking down this command:
- ath0 is my wireless card
- -w tells airodump to write the file to
/mnt/hda2/ryan/belkin_slax_rcu - 9 is the channel 9 of my target AP
- 1 tells airodump to only collect IVS – the data packets with the WEP key
STEP 3
Associate your wireless card with the AP you are accessing.
aireplay-ng -1 0 -e belkin -a 00:11:22:33:44:55 -h 00:fe:22:33:f4:e5 ath0
- -1 at the beginning specifies the type of attack. In this case we want fake authentication with AP. You can view all options by typing
aireplay-ng -h
- 0 specifies the delay between attacks
- -e is the essid tag. belkin is the essid or broadcast name of my target AP. Linksys or default are other common names
- -a is the bssid tag(MAC address). 00:11:22:33:44:55 is the MAC address of the target AP
- -h is your wireless adapters MAC addy. You can use macchanger to view and change your mac address.
macchanger -s ath0
- ath0 at the end is my wireless adapters device name in linux
STEP 4
Start packet injection with aireplay
aireplay-ng -3 -b 00:11:22:33:44:55 -h 00:fe:22:33:f4:e5 ath0
NOTES:
- -b requires the MAC address of the AP we are accessing.
- -h is your wireless adapters MAC addy. You can use macchanger to view and change your mac address.
macchanger -s ath0
- if packets are being collected at a slow pace you can type
iwconfig ath0 rate auto
to adjust your wireless adapter’s transmission rate. You can find your AP’s transmission rate in kismet by using the arrow keys up or down to select the AP and hitting enter. A dialog box will pop up with additional information. Common rates are 11M or 54M.
If you get a message like this:
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Just reassociate with the AP following the instructions on step 3.
STEP 5
Decrypting the WEP Key with Aircrack
Find the location of the captured IVS file you specified in step 2. Then type in a terminal:aircrack-ng -s /mnt/hda2/home/belkin_slax_rcu-03.ivsChange /mnt/hda2/home/belkin_slax_rcu-03.ivs to your file’s location
Once you have enough captured data packets decrypting the key will only take a couple of seconds. For my AP it took me 380k data packets. If aircrack doesn’t find a key almost immediately, just sit back and wait for more data packets.
If this guide doesn’t fully answer your questions you can always refer to the forums at remote-exploit.org
Wep Cracking Wireless Hacking Live Cd Download Fbi Version Number 2
Last week we showed you how to crack a Wi-Fi network's WEP key using a live CD and some command line fu. Today we've got other cracking options—but more importantly, clarification on the point of all this.
Even Easier Ways to Crack WEP
The cracking method we covered last week involved typing in 10 tedious commands you can easily fat-finger. While there's no super-simple GUI with a giant button that says 'Crack this network' and plays James Bond theme music, a couple of windowed options are much more usable.
Advertisement
SpoonWep in BackTrack 3 (booted on a PC or Mac or in VMware)
With the same BackTrack 3 live CD or VMware image that we used last week, you can bypass almost all the commands you see there and use SpoonWep instead. When you're booted into BackTrack 3, from the KDE menu, choose BackTrack>Radio Network Analysis>80211>Cracking>SpoonWep. You'll get the window you see in the screenshot here. All you need to run SpoonWep against a Wi-Fi network is its channel and BSSID. (I used the previously-mentioned
With the same BackTrack 3 live CD or VMware image that we used last week, you can bypass almost all the commands you see there and use SpoonWep instead. When you're booted into BackTrack 3, from the KDE menu, choose BackTrack>Radio Network Analysis>80211>Cracking>SpoonWep. You'll get the window you see in the screenshot here. All you need to run SpoonWep against a Wi-Fi network is its channel and BSSID. (I used the previously-mentioned
airodump-ng
command to get the BSSID of my router; you can also use Kismet in the BackTrack>Radio Network Analysis>80211>Analyser folder of BackTrack's KDE menu to get that info.)Advertisement
Enter the BSSID in the 'Victim Mac' field of SpoonWep. Choose your Wi-Fi adapter from the drop-down, set the channel, and launch your attack. Increase or decrease your injection rate using the slider. (Thanks to thehacker123, PrunellaIguana and RamonHans for pointing out SpoonWep.)
As for the BackTrack 4 pre-release, commenters point out that it supports more wireless cards and can crack passwords faster using aircrack-ptw. BT4 consistently froze on me, but I believe it was the version of the Alfa USB adapter I was using that caused the problem, so your mileage will likely vary.
Advertisement
KisMAC for Mac OS X
If you want to get your crack on Mac-style, download the free KisMAC. KisMAC cannot crack WEP with your regular old built-in Airport card; you'll still need a card that works with a KisMAC driver which supports packet injection. Here's a list of the built-in drivers KisMAC comes with, and the list of wireless adapters that work with those drivers. If you're using an Alfa 500mw like I am, you can use the USB RTL8187L driver. The YouTube video below walks you through the steps. From KisMAC's Preferences pane you add the driver that works with your wireless adapter. Scan for networks, choose the one you want to crack, and from the Network menu choose 'Deauthenticate.' Then, also from the Network menu, choose 'Reinject packets.' Once your 'Unique IVs' number is high enough, from the Network menu, choose Crack and then pick your attack.
If you want to get your crack on Mac-style, download the free KisMAC. KisMAC cannot crack WEP with your regular old built-in Airport card; you'll still need a card that works with a KisMAC driver which supports packet injection. Here's a list of the built-in drivers KisMAC comes with, and the list of wireless adapters that work with those drivers. If you're using an Alfa 500mw like I am, you can use the USB RTL8187L driver. The YouTube video below walks you through the steps. From KisMAC's Preferences pane you add the driver that works with your wireless adapter. Scan for networks, choose the one you want to crack, and from the Network menu choose 'Deauthenticate.' Then, also from the Network menu, choose 'Reinject packets.' Once your 'Unique IVs' number is high enough, from the Network menu, choose Crack and then pick your attack.
The clip demonstrates a 'Weak Scheduling Attack' against a 40-bit key in action with KisMAC. Go full screen and high quality for best legibility.
Advertisement
Windows: aircrack-ng suite
As far as I can tell, there is no non-command line software you can install on Windows to crack WEP. There are plenty of tutorials on how to install the aircrack-ng suite on Windows and run it. I half-heartedly tried a few on my own but just went back to BackTrack 3. (If you've got to use the CLI anyway, might as well do it from a Linux image.) If your Cygwin-devoted heart is braver than mine, here's how to install Aircrack-ng for Windows and a longer tutorial on how to crack WEP on Windows XP Pro SP2.
As far as I can tell, there is no non-command line software you can install on Windows to crack WEP. There are plenty of tutorials on how to install the aircrack-ng suite on Windows and run it. I half-heartedly tried a few on my own but just went back to BackTrack 3. (If you've got to use the CLI anyway, might as well do it from a Linux image.) If your Cygwin-devoted heart is braver than mine, here's how to install Aircrack-ng for Windows and a longer tutorial on how to crack WEP on Windows XP Pro SP2.
The Point: Now You Know How to Better Secure Your Wireless Network
Knowing how to crack WEP keys doesn't mean you go out and actually break into people's Wi-Fi networks. It means you've seen, firsthand, exactly how crackable WEP keys are. I've 'known' for years now that WPA is more secure than WEP, but the bridge on my network offered WPA but couldn't authenticate with it on my (old, cheap) router. It wasn't until I wrote the article last week that I got an updated router that did work. That's the power of seeing something in action you've normally got to wade through nefarious blackhat web sites to dial into.
Advertisement
This is a sticky issue, of course. But thanks to all of you, the comment thread on last week's howto illuminated some of the best points about the wireless security issue. To recap:
Advertisement
WEP doesn't actually keep anyone out. I like MaribelAlligator's comparison of a WEP key to a home bathroom lock, the one you can open just using a bent paperclip. Everyone knows how to unlock it, but when it's locked everyone who walks by understands they should stay out. Glenn Fleishman likens WEP to a 'No Trespassing' sign—a clear indicator the people inside don't want the uninvited in, but nothing that will actually keep people out.
Wep Cracking Wireless Hacking Live Cd Download Fbi Version Number 1
WPA is crackable as well, but it's more difficult (especially WPA2). A wired network is more secure than a Wi-Fi network because it's more difficult to connect to it. But if wiring up your home isn't an option—and let's face it, it really isn't something any one of us wants to do—opt for WPA2 where possible. As several commenters pointed out, WPA has been cracked in some circumstances as well, but it's not done as easily as WEP. To explain, MaribelAlligator continues the 'bathroom lock' analogy:
WPA is like a standard door lock; it's a lot more secure, but it is still possible to get by for someone with the right tools, knowledge, and circumstances. WPA2 is like a bank safe. It may be possible to defeat, depending on how it's been set up, but it's not realistically possible for anybody to actually do so... yet.
Advertisement
Filtering MAC addresses and hiding SSID's doesn't matter to folks who want to get in. A few commenters said they've stopped broadcasting their router's SSID, and set up MAC address filtering, which only allows particular devices to connect to it. These measures will stop folks who don't know what they're doing, but not those who do. Spoofing a MAC address is very easy, and any network scanner worth its salt (including free ones like NetStumbler) detect networks with hidden SSIDs. To continue the bathroom lock analogy, MaribelAlligator said:
Not broadcasting your SSID is like taking the numbers off of your house - The house is still there and everyone can see it, it's just a bit harder to find for people that don't know what they are looking for already. Filtering by MAC address is like having a guard at the door that checks everyone's name against a list to see if they can enter. The only problem is, he doesn't ask for ID or remember what people look like, so anybody can and can listen in to see what names are allowed and then claim to be anybody else.
Wep Cracking Wireless Hacking Live Cd Download Fbi Version Numbers
Advertisement
The bottom line: Protect your stuff using multiple layers of security. Whether your network is wired or wireless, open, WEP, WPA, or WPA2, take several measures to secure your important stuff. Password your network shares (choose good ones!), do virus and malware sweeps, back up your data, run firewalls—in short, don't rely entirely on your wireless router's password (whether it's WEP encryption or not) to keep out intruders.
If you've got old devices that ONLY support WEP... Like everything in life, you've got to balance risk and reward. If your Nintendo DS only speaks WEP, and you want wireless access, use WEP knowing what the risks are. Ben D. makes a great point about WEP-only devices:
Make sure your firmware is up-to-date, and if it is, lobby the heck out of the manufacturers to start supporting WPA2. 'I saw this article on Lifehacker'... It's totally outrageous that any manufacturer-supported wireless device, in 2009, would only offer WEP.
Advertisement
Thanks to everyone who dropped knowledge in the comments on the previous tutorial. Now go forth and configure your wireless network as it should be.
Gina Trapani, Lifehacker's founding editor, is finished with this Wi-Fi encrypted key-cracking business. For now. Her weekly feature, Smarterware, appears every Wednesday on Lifehacker. Subscribe to the Smarterware tag feed to get new installments in your newsreader.
Advertisement