Monday, January 14, 2008

The final step - Aircrack

Now for the finale. We should have at least a few thousand IVs captured. We can start the aircrack program, and see if we have enough. If not, aircrack will wait for more IVs to be captured and try again. So let's get it started. It's pretty simple. Open a fourth Konsole shell. At the prompt,

Type : aircrack-ng *.ivs

That's it. That was easy. *.ivs means aircrack should open all files (in the root folder) that end with .ivs. Being that we chose --ivs when we ran airodump, it saved the captured data in a file ending with .ivs. If you don't specify --ivs in airodump, the file will end with .cap, so in that case we would type *.cap when using aircrack.

Aircrack will now start and open all .ivs files. If you followed our guide all the way through, there will be at least 2 files. Anyway, once it opens the files, it will give you a list of all AP that were found. It will give you the BSSID, ESSID, and the amount of IVs captured. Type the number at the beginning of the line of your target AP, and press Enter.

You may have the key in under a second, or it may have to work for a while to crack it. If you don't have enough IVs, aircrack will wait until you have more IVs and try again. You don't have to do anything, just wait.

Here's my screen:

As you can see in the screenshot, aircrack let's you know when it has the key. KEY FOUND ! [35:45:45:45:37].

Congratulations!!! We did it. When you enter the key into your internet connection manger, you can leave out the colons(:). Just type : 3545454537, or whatever your key is. If you look at my screenshot, aircrack also displayed an ascii key, which is the same as the first key converted to ascii. You can enter that in the Backtrack internet manger, and click on the checkbox 'ascii'. Please note that the ascii key will not always work well, so you may want to use the regular key.

Warning!!!!!!! Do not log in to someone else's internet connection. It is illegal in some countires and just plain unethical in all countries. I jus t made this guide so that you realize the shortcomings of WEP encryption. Maybe you'll switch over to WPA.

I will still write a couple of posts on the topic of WEP cracking for some of the situations that can arise, causing this not to work as prescribed.

We'll be in touch. Please comment on this post if you have any requests regarding what I should post about next. I am not fully decided, and I will take all suggestions into consideration. Also, please vote in the poll on the side of the page. I would like to know if I should shorten my posts and not write every, every step. Thanks for reading.


Blackcabs said...

Give that Man a Cigar
After searching hi and low on the net this guide is the best by far, Simple easy to understand instructions "BRILLIANT"
Please don't change anything !! The only thing that i thought could have been added is a guide on how to patch the MadWifi-ng drivers that you use on Atheros based cards.
Thanks again Paul (another Linux Noob)

andy said...

hey dude, thanks so much for your tutorial, I really really appreciate the patience and work you put into this. Its been so hard finding stuff on the internet for noobs like me, thanks man.

superfly said...

this was great
id love a tutorial on wpa cracking
also i dont think you should shorten the posts
the steps help a lot

MayhemX said...

This looks very promising - cant wait to try it out !

Only critisism is that is hard to find your way between pages. Maybe a "Jump To Page x" option, or breadcrumbs ?

(Oh, and the Captcha sux!)