Introduction

This method is really designed for beginners and allows for easy cracking of wireless networks without any networking knowledge. It’s not the kind of method I usually prefer since it enables 16-year-olds to think they’re NASA-level hackers with these tools… but anyway.

This method is very practical when you don’t have much time. For the OS, I obviously recommend BackTrack, but Ubuntu can also work. For this tutorial, I’ll use Ubuntu.

Installation

aircrack-ng

Let’s install aircrack-ng to get all the necessary binaries:

1

aptitude install aircrack-ng openjdk-6-jre

Grimwepa

It’s recommended to install grimwepa using this method:

1
2
3

wget http://grimwepa.googlecode.com/files/grimstall.sh
chmod 755 grimstall.sh
sudo ./grimstall.sh install

Configuration

For configuration, we just need to activate monitoring mode on our wireless interface. I’m using a DLINK DWL-G122 with a RALINK chipset that allows me to perform injections, etc. To activate this mode:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22

sudo airmon-ng start wlan1

Found 7 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!

PID	Name
1200	NetworkManager
1202	avahi-daemon
1204	avahi-daemon
1478	wpa_supplicant
3183	dhclient
16461	dhclient
17269	dhclient
Process with PID 16461 (dhclient) is running on interface wlan0
Process with PID 17269 (dhclient) is running on interface wlan1

Interface	Chipset		Driver

wlan0		Intel 4965/5xxx	iwlagn - [phy0]
wlan1		Ralink 2573 USB	rt73usb - [phy1]
				(monitor mode enabled on mon0)

Monitor mode is now active on mon0 :-)

Utilization

Now, let’s launch grimwepa:

1

sudo java -jar grimwepa_X.X.jar

Select the mon0 interface, then click on “Refresh Targets”, you should see it scanning:

WEPA0

Stop after about 3 scans, that’s sufficient. Choose a network with WEP encryption (faster because it’s older and therefore easier to crack). Then select “Fragmentation” as the attack method and choose an available client. Then click on “Start Attack”:

WEPA-1

A window should open that will listen to what’s happening on this network:

Airodump

Once there is enough data (which can take some time depending on traffic), an airmon-ng window will start to launch injections. From this point, it will go relatively quickly. The WEP key cracking will follow. The key will then be displayed in the status.

Resources

Edit this page

Last updated 07 Mar 2010, 21:55 +0200. history