Ubuntu + Alfa AP + WEP cracking (general questions)

[still learning]

Hello.. I am new to Ubuntu and recently got a Alfa AP so I can practice on my own wifi networks security, so for my first attempt I set my wifi router to WEP, since that seems to be the easiest. I installed "Wifi-Radar" for Ubuntu but it seems kind of plain, and has no options to try and practice threw a proxy.. I know it will work but how do I try and crack my own WEP key? What programs are good for Ubuntu? Im not good with Bash shell yet..

I guess I would like a tutorial or something so I can learn how to do it.. im sure the Hak5 crew must have a video tutorial laying around somewhere to teach me how to do this. (since i hate reading, videos are much better) something I can go step by step with while im trying on my own network, until I get it. Yes I know im a noob allready so please keep the flames down.. :-)

Thanks

[Seshan]

Use/download aircrack-ng

Here a tut.

http://www.aircrack-ng.org/doku.php?id=simple_wep_crack

Oh, and you can't really go through a proxy, since you are not "connected" to the internet, you can change you mac address.

[still learning]

ahh I see.. any good programs or tutorials to spoof your MAC for Ubuntu? and is aircrack-ng only command line? (so i could do aircrack-ng MAN and get directions?) I am in school for computer programming and this kind of stuff interests me.. thanks

[Seshan]

Yeah it is command line. For help you would type aircrack-ng --help

There site has LOT'S of info. So read through that if you want.

For example some of the stuff you would type in would be:

 airmon-ng stop wlan0

ifconfig wlan0 down

macchanger --mac 00:11:22:33:44:55 wlan0

airmon-ng start wlan0 *Channel*

airodump-ng -c 11 -w <somefilname> --bssid <BSSID of your AP> mon0

airodump-ng wlan0

airodump-ng -c *channel* -w *write file name* --bssid *bssid of AP* wlan0

aireplay-ng -1 0 -a *bssid of ap* -h 00:11:22:33:44:55 -e *ESSID* wlan0

aireplay-ng -3 -b *bssid of ap* -h 00:11:22:33:44:55 wlan0

aircrack-ng -n 64 -b *bssid of ap* *filename -01.cap*

P.S don't follow that, it's no working, and I'm trying to get a working directions for my card. Witch is also a Alfa.

[still learning]

Thanks I found macchanger helpful , so I should replace Wlan0 with the SSID? Im not sure what a "E"SSID is, so im guessing since now i have installed aircrack-ng, all the other commands will work "airmon, aireplay, ect.." with ubuntu bash term? They didnt seem to work just now.. I prob did something wrong.. i tried the --help command on everything related to it..

btw what is the difference between a BSSID and a ESSID?

thanks again!

[Seshan]

Thanks I found macchanger helpful , so I should replace Wlan0 with the SSID? Im not sure what a "E"SSID is, so im guessing since now i have installed aircrack-ng, all the other commands will work "airmon, aireplay, ect.." with ubuntu bash term? They didnt seem to work just now.. I prob did something wrong.. i tried the --help command on everything related to it..

btw what is the difference between a BSSID and a ESSID?

thanks again!

ESSID is the Name like "Linksys" When you type out the ESSID for a command, it is cap sensitive.(I believe). The BSSID would be the number that would look something like 00:11:22:33:44:55. Wlan0 is the card interface, you would replace it with what ever interface is in monitoring mode, it might change too mon0. airmon-ng, aireplay-ng ect. are part of the aircrack-ng download.

What card do you have?

P.S I'm not a expert at this yet.

[still learning]

ESSID is the Name like "Linksys" When you type out the ESSID for a command, it is cap sensitive.(I believe). The BSSID would be the number that would look something like 00:11:22:33:44:55. Wlan0 is the card interface, you would replace it with what ever interface is in monitoring mode, it might change too mon0. airmon-ng, aireplay-ng ect. are part of the aircrack-ng download.

What card do you have?

P.S I'm not a expert at this yet.

Which card do you mean? I have the alfa AP hooked up threw USB. Thanks for the break down of the difference between the two, so basically the ESSID is the name of the router or the name given to the router the "SSID" signal sent showing the name of the wifi routers signal, and BSSID is like the key for the WEP or WPA, which would need to be cracked from there unless it is easy to guess?, is there an easy way to just guess a passphrase for the WPA, instead of decrypting everything? I just seen on the home page Hak5 has a video entitled checking out your neighbors or something like that, so I may just go along with the video and practice on my own wifi router.

[Seshan]

BSSID is the MAC of the target. (Should of just said that the first time. :P )

I haven't really played with WPA yet, so I can't help you there.

What's the model number of you Alfa?

[shonen]

In all honesty don't bother with ubuntu, you are only going to have to update your repo's and apt-get all the required programs. I would just get myself a copy of Backtrack which will cover your WEP cracking needs and then some.

Bash can be a bit of a sod at first but I learnt alot of nix cli through learning how to use Back track (I am still a n00b though). In anycase use the tutorial I posted some time ago on WEP cracking. It was written from a beginner learning/explaining it point of view and should give you everything you need to know.

Linkage to my Tut

[Seshan]

In all honesty don't bother with ubuntu, you are only going to have to update your repo's and apt-get all the required programs. I would just get myself a copy of Backtrack which will cover your WEP cracking needs and then some.

Bash can be a bit of a sod at first but I learnt alot of nix cli through learning how to use Back track (I am still a n00b though). In anycase use the tutorial I posted some time ago on WEP cracking. It was written from a beginner learning/explaining it point of view and should give you everything you need to know.

Linkage to my Tut

Nice tut I like it. I also like that antenna and the fact everyone around you uses WEP. There's only 2 out of the 5 or 6 near me that I can see that use WEP, but 2 are also Open.

I ordered some N connectors, going to make me some antennas :D

[still learning]

Yeah, props on the tutorial very nicely explained.

I followed all directions, except one step which i had to do not listed on the tutorial is set up my AP manually.. BT3 did not recognize the Alfa AP so i had to do a "ifconfig wifi0 up"

and pressing the "?" mark in kismet is a life saver lol I still have a question though..

I got to the part airodump-ng ath0 -w NAME YOUR SAVE FILE HERE -c CHAN NUMBER

and it should have been cracking my WEP wifi router which i set up with a simple 8 char num/letter combo PW.. it was on like 2 and a half hours so i exited out.. i seen where it was done in like 5 minutes, for a simple PW that i put on it it should not take that long, I have a pretty fresh laptop.. or does it take that long?

It found something that said BSSID not associated - probes hpsetup - and a station which looks like a MAC address. my wifi router is not a hewlett packard though.. abd why under the ESSID does it have two, one being my routers SSID and another saying "bcc" which reminds me of when you forward an email.. is this normal? what does the bcc man which has a diffrent BSSID?

also how do you track the progress of how much longer it will take? There is no signals being sent across my wifi network right now, except for me trying to hack it, so is that why its not working? thanks

[5ive]

Check out Airoscript - http://airoscript.aircrack-ng.org - it combines all of the aircrack-ng utilities into one very easy to use script. I'm pretty sure it comes with backtrack 3.x +

[5ive]

Yeah, props on the tutorial very nicely explained.

I followed all directions, except one step which i had to do not listed on the tutorial is set up my AP manually.. BT3 did not recognize the Alfa AP so i had to do a "ifconfig wifi0 up"

and pressing the "?" mark in kismet is a life saver lol I still have a question though..

I got to the part airodump-ng ath0 -w NAME YOUR SAVE FILE HERE -c CHAN NUMBER

and it should have been cracking my WEP wifi router which i set up with a simple 8 char num/letter combo PW.. it was on like 2 and a half hours so i exited out.. i seen where it was done in like 5 minutes, for a simple PW that i put on it it should not take that long, I have a pretty fresh laptop.. or does it take that long?

It found something that said BSSID not associated - probes hpsetup - and a station which looks like a MAC address. my wifi router is not a hewlett packard though.. abd why under the ESSID does it have two, one being my routers SSID and another saying "bcc" which reminds me of when you forward an email.. is this normal? what does the bcc man which has a diffrent BSSID?

also how do you track the progress of how much longer it will take? There is no signals being sent across my wifi network right now, except for me trying to hack it, so is that why its not working? thanks

Airodump-ng does not do the cracking, it captures packets and creates a file that you then have to use aircrack-ng to actually crack and get the key with. airodump-ng will run forever, collecting packets until you tell it to stop. You should have a *.cap file that was created by airodump during those 2.5 hours. Run it threw aircrack and see if it comes up with a key. If you had 5K+ IV's you should be good. Chances are though that if you didn't successfully do the fake association and injection that your cap file won't have enough good IV's, even after 2.5 hours. A non-active router can be the hardest to crack since you don't have any real traffic to capture IV's from. This is where the attacks come into play.

[still learning]

Check out Airoscript - http://airoscript.aircrack-ng.org - it combines all of the aircrack-ng utilities into one very easy to use script. I'm pretty sure it comes with backtrack 3.x +

Ok, yeah this seems like alot easier method. The only thing is when i try to run a command in airoscript is opens another window and that window closes instantly.. any ideas? Im guessing that is the window that is suppose to be doing the scan.. thanks