Friday, 22 July 2011

Cracking a Wi-Fi network

I had always heard that cracking a Wi-Fi network was really easy, but I never tried to do it. Yesterday I decided to give it a go. Could someone get in my network easily?

Remember that using somebody else's Wi-Fi is probably illegal, so you should probably do this only with your own Wi-Fi networks or with the owners' permission.

I am a complete newbie to this sort of thing, so I started with the easy part: cracking a WEP Wi-Fi. I guess nobody should be using WEP anymore, since according to Wikipedia "The Wi-Fi Alliance defined these [WPA and WPA2] in response to serious weaknesses researchers had found in the previous system, WEP (Wired Equivalent Privacy). " But WEP is still everywhere... Right now my laptop detects 5 Wi-Fi spots, and the only one that uses WPA is my own!

Next step was to do some research, since "wifi crack" gives you about 31,000,000 results in Google... A key aspect of this is to have a network adapter capable of "packet injection". There are many cheaps models available, but it turned out that my modest netbook comes with a "Intel Corporation WiFi Link 5100" adapter, which is able to do it. In order to make it work with my standard Linux distribution, I should probably need to update the firware and/or patch the kernel. But safer and easier was to just grap a copy of BackTrack Linux (version 5), make a LiveUSB out of it and reboot the netbook. With it, the Link 5100 was apparently ready for packet injection....

Then, after a failed attempt I stumbled upon this guide, which made the process very easy. I was not sure that my network adapter was 100% up to the task, so I decided to go for a field test. I just walked around the town in search of a good WEP Wi-Fi. After a few attempts in which I got the "Association successful" message but then the Data collection was very slow, I hit a busy WEP Wi-Fi network which made the whole process a breeze, and in 10-15 minutes I had the key (hidden below):

Aircrack-ng 1.1 r1899

[00:00:00] Tested 676 keys (got 68393 IVs)

KB depth byte(vote)
0 0/ 1 5A(99328) 1B(78336) 54(78080) EB(77568) 66(76032)
1 11/ 1 B5(75264) 2C(75008) 35(75008) 8F(75008) C2(75008)
2 2/ 7 8A(80128) 26(79104) 0C(77824) 4B(77056) BF(76800)
3 14/ 3 04(75264) 00(74752) 6E(74752) 60(74240) 15(73984)
4 0/ 5 1C(94720) 74(80384) 77(79872) 18(78592) 8B(78336)

Decrypted correctly: 100%

The person in the guide mentioned above says that she could not get to the stage where enough data was collected for aircrack-ng to succeed, and it looks like that is quite common in networks with very low wi-fi traffic. Out of the 10 or so networks that I tried, only in this one I was getting data at a very high rate. In other ones perhaps I should wait hours in order to get to the recommended 10k data mark.

So, I'm happy that my Wi-Fi network (and all the ones at work) are not WEP-protected, since getting into them seems a piece of cake. Next turn, my own WPA network (which I hope it will be much more difficult).

1 comment:

jaspreet singh said...

you can also use backtrack to crack wi fi password.

redes wifi