UPDATE (01/26/09 @ 8:03 pm):
For Windows instructions, see this comment.
—
On an earlier post, I mentioned I recently cracked a WEP protected network. There are many tutorials on this topic. Here’s a method that worked for me which doesn’t require you to use the command line.
For this tutorial, I’ll be using a MacBook. It’s a MB062LL/A running Mac OS X 10.5.5 to be exact, but this method should work with any x86 Mac running Leopard with an AirPort card.
—
Overview
—
Find Available Wireless Networks
To find available wireless networks…
- Click the AirPort Icon
- Click each network that has a lock icon next to it
- Make note of the networks that require a WEP password
If you don’t see any WEP networks, try moving your computer to a different location for more networks to scan until you find one.
—
You will need the following…
- BackTrack 3 Live CD
- Compatible USB WiFi Adapter
You can download BackTrack here. I downloaded the CD Image named “bt3-final.iso” and burned it to a CD.
To Burn the BackTrack 3 ISO File…
- In Finder, right-click the downloaded “bt3-final.iso” file
- Choose “Open With”
- Click “Disk Utility”
- In Disk Utility, click “bt3-final.iso”
- Click the “Burn” icon
- Insert a blank CD and wait for it to be recognized
- Click “Burn”
You should now have a BackTrack 3 live CD.
The MacBook’s Airport Card that I’m using can’t be used with BackTrack to crack WEP. Instead, I used a USB WiFi adapter. You can find a list of compatible ones here.
I chose the Hawking HWUG1.
—
- Insert BackTrack 3 Live CD
- Restart Mac
- When you hear the chime, hold down the “c” key until BackTrack starts to automatically boot. It’ll play a sound when it’s done loading.
- Connect the USB WiFi Adapter
—
- Click the blue KDE icon on the bottom-left of the screen
- Choose “Backtrack” then “Radio Network Analysis” then “80211″ then “All” then click “Kismet”
- Select network device (“rausb0″ for the Hawking HWUG1) and click “OK”.
- After kismet lists available networks, press the “s” key then the “w” key to group the WEP networks together. You should see the WEP networks you noted earlier.
- Navigate to the WEP network you want to crack first and press “enter”. You should now see the network’s details.
—
- Click the KDE icon again then choose “Backtrack” then “Radio Network Analysis” then “80211″ then “All” then click “SPoonWep”
- You should now have both the kismet and SpoonWep windows showing
- In SpoonWep, enter the “Victim Mac” by typing the “BSSID” address you see from the kismet window
- Click “CHOOSE A CARD”
- Click your card (“RAUSB0″ for the Hawking HWUG1)
- Check the “Ath” box
- Match the “Channel” with the one from the kismet window
- Set the “Inj Rate” to “1000″
- Click “LAUNCH”
- “Currently” should say “Nothing” then “ASSOCIATING” then “ATTACKING then “GATHERING ARP”. After “Captured” reaches “20000 IV S” it should say “Cracking WEP”
- Make note of the resulting WEP Key for that particular network
- In kismet, press the “q” key to get back to the network list. Repeat the steps for as many WEP protected networks you want.
- Disconnect the USB WiFi Adapter
- Restart the comptuer
—
Congratulations, now you can enter the WEP key (without the colons) as the password for the wireless networks.
Some WEP protected networks take less than 5 minutes to crack. If the first WEP network you try takes too long, try moving on to another one.
Please comment if this method worked for you, or if you know an easier way. At a later date, I’ll try to put up a video tutorial.
~~~~
- More of my tutorials (feed)
- Alpha Nerd (feed)
Pingback: House Call: WEP Cracking « jorel314
thank you for choosing my picture! And thank you for citing my name!
sara
does laptop works out? i need a laptop hacking programme..! pls inform me
@andy
I’m not sure I understand your question. Could you please rephrase?
none of the compatible wireless adapters in the list say theyre compatible with MAC..
how can i know if they will work or not?
Using the BackTrack LiveCD, you are bypassing Mac OS X, so the wireless adapter you choose needs only to be compatible with Linux which the LiveCD is based on. Hope that helps.
Any tutorail on windows xp
@vinod
To find available wireless networks on Windows, you can click the wireless network icon on the bottom right of the screen. It should bring up a list of wireless networks in range, so you can see which ones are WEP protected.
After you download the BackTrack ISO file, you can burn it to a CD using InfraRecorder. You can find instructions for burning an ISO with InfraRecorder here…
https://help.ubuntu.com/community/BurningIsoHowto
Booting from a CD differs on different Windows computers. Some will boot up the CD automatically. Others, you have to change a setting in the BIOS to boot from a CD. Check your computers manual on how to enter the BIOS settings.
After you get the BackTrack live CD to boot, the instructions are exactly the same as the rest of the tutorial.
Was wondering if you knew what might be causing my wsdunp window not to initialize. I’m running the same hardware as you, and I can’t find anything about that specific problem. Thanks.
@MattDC
Are you booting up the live CD with the USB adapter already plugged in? I remember it would only work if I let BackTrack boot up all the way, and then plug the USB adapter in afterwards.
I also tried using the .iso within virtualbox, so I wouldn’t need a physical CD, but that wasn’t working for me either.
Other than that, I’m not too sure what the problem might be.
please help …
in trying to load the bt3 iso from restart .
i’ve copyed the iso to dvd ,left it in the computer, restarted , held down the ‘c’ key after the chime an all it dose is nothing ,,,,,? i really dont under stand why its not starting up the bt3 iso …
@shroom911
My guess would be…
1) You burnt the .iso as a data disc instead of creating an exact copy of the bootable disc.
or
2) The Mac you are using is a PowerPC instead of an Intel.
or
3) There are errors on the disc. Try burning it at a lower speed.
you were right i burned a data copy ..
but now i have a new problem . after bt3 loads it asks me to login with a password … it say up top to use ( root ) then for the password use some other word that i cant remember .. but they dont work ?? am i doing some thing wrong ?
thx for ur help
@shroom911
When I load the BackTrack CD, it doesn’t ask for a password.
It sounds like it’s loading into a command line instead of the KDE desktop.
In the screen where you can select the mode it boots into, try selecting “BT3 Graphics mode (VESA KDE)” instead of the default.
hello i was wondering if anyone knows how to hack wi-fi on an ipod touch if anyone finds out my email is nyia_kiuan@yahoo.com thank your help is greatly appreciated
@shroom911: login name is root, pw is toor. After type startx to get into the shell.
@jorel314: followed your instructions but cannot get spoonwep to work – it just says “Gathering ARP” forever. everything works fine in terminal though.
Actually, I just now got it working if you issue the following after you obtain the bssid & channel from airodump-ng:
ifconfig rausb0 down
modprobe -r rt73
modprobe rt73
Hope this helps!
Thanks for the tips.
I can’t get kismet to launch.
I get the following error:
Please configure at least one packet source. Kismet will not function if no packet sources are defined in kismet.conf or on the command line.
I am not advanced enough to figure out which commands to use to get it launched. Any advice and do you know why you didn’t run into this problem?
@Andrew – not 100% sure. Kismet automatically recognized my usb adapter (RT73). If you run “ifconfig” from a terminal window do you see your wireless adapter listed?
how i will creck wep key pls help me iam useing windows xp
Does not work, can not boot gives error
@Nyia
I don’t think it’s currently possible to receive packets from a secured network to crack WEP on an iPod touch.
@Dan
Thanks for your helpful comments.
@Andrew
If you are using a USB adapter, make sure you plug it in after BackTrack fully starts. Kismet won’t see the USB adapter if your USB adapter is already plugged in when you boot from the CD.
@bala
See this comment for Windows instructions…
http://jorel314.wordpress.com/2008/12/13/tutorial-how-to-crack-wep-on-a-mac/#comment-325
@Johan
I’m thinking you burnt the .iso file as a data file which wouldn’t create a bootable disc. Try using ISO Recorder to burn the .iso correctly.
http://isorecorder.alexfeinman.com/isorecorder.htm
hi
everthing seems to work right up to the point where in spoonwep, i press launch is ays nothing, then attacking then gathering arp but never seems to get past this point. does it normally take a long time to get to the next command which is captured?
@rubuncrack
It usually goes rather quickly. When it doesn’t seem to go, it’s usually because I’m too far from the access point I’m trying to crack. Try cracking your own router first to make sure your setup is functioning correctly.
hi jorel
this doesnt seem to be working either. it still gets stuck at the gathering arp point. is there another program like spoonwep i could use? on bt3 there are numerous “cracking” programs like airsnort etc… also, i have a new macbook pro but when the cd boots, it run goes through a lot of code on screen then says there was an error. it says im using an invalid boot device eg ssci (or something like that) i have had the same cd working on my pc laptop. is it a certain version of bt3 for mac? u=you said that you had it running on yours. i downloaded from the link you supplied at the top of this thread.
@rubuncrack
It works fine on my macbook. I just used it the other day.
I don’t know of any other tools that are as easy to use as spoonwep.
Here are some tutorials that may help you out though…
http://www.aircrack-ng.org/doku.php?id=tutorial
Still not working getting this error: Fatal Error BT3 data not found, this should never happen press ctrl+alt+delete to reboot,
I burned the backtrack.iso as described, have intel mac??
im getting the same message as johan. fatal error etc… did you burn the iso onto a dvd? keeps telling me im using a wrong boot device on my mac.
I’ve burned the iso to a cd-r and also a dvd-r. They both work.
Try reading this thread…
http://forums.remote-exploit.org/showthread.php?t=18570&highlight=Fatal+Error
Looks like others are having similar problems. They say running the vmware version works fine in fusion. You can get fusion here…
http://thepiratebay.org/torrent/4398730/VMWare_Fusion_2.0_Final
@ johan,
i managed to get bt3 booted on my mac book pro osx. first burn the image to a disk, the get a usb flash drive, download the bt3 usb file, install on flash drive. boot mac from cd, with usb stick in the usb port. when it get to the “fatal error” part it should boot from usb drive. my problem now is that my new macbook pro has its two usb ports right next to each other, not allowing two wide usb devices to be plugged in at the same time, and you need to have both usb stick and usb wireless stick in at the same time!!! bloody problems driving me mad!! maybe a usb multi port is the solution…… let me know if you have any luck.
@jorel
on your mac are you using a usb wireless stick or did you manage to get the built in card from your mac to work in bt3?
@rubuncrack
I’m using a Hawking HWUG1 wirless usb adapter.
I have a big problem with backtrack. I was able to get into it and login but I have absolutly no access to the internet. I am using linksy router with wpa encryption. Please tell me if i need to change it to wep. I do not know how to access the internet and its been very frustrating. I am using an atheros AR5007 card in my vaio laptop. Please HeLP
Sorry forgot to add that when I type ifconfig in the konsole it says i have local loopback with address of 127.0.0.1 and mask 255.0.0.0. UP LOOPBACK RUNNING MTU: 16436
hey guys, first time poster, im a nub. Though i could help tho with the problem of how it keeps sayin “gathering arp”. have u tried pressing the deauth button? I think it can deauthenticate and issue a new arp request, resulting in a return arp (the packet you need). give it a shot.
Hi guys,
same for me, can’t pass the “gathering arp” step, tried several things to get through, no way, if anyone finds something satisfying…
cya
Pingback: Am I doing it right? « jorel314
how long is too long? when should i move on to the next network(so to speak)?
@gabol
I usually move on to the next network if it takes longer than 20 minutes.
Pingback: Weekly Digest for August 22nd | The WebZappr
The fact that it freezes on GATHERING ARP is very annoying. I have tried all the steps suggested here in the comments, but no luck. I am running Backtrack3. I’ve heard that there is a Backtrack4 out. Have there been any relevant changes in that one ?
Here is the new version from backtrack, it is backtrack 4 pre, i found a very god install howto.
look here:
http://backtrack.1rss.de
i hope you can read this one, the have screenshots and a pdf file, so you can download this one.
the works perfekt for me.
i hope you like it.
Ciao
I’ve heard of another automated WEP cracking tool. It’s called WEPBuster. I haven’t tried it myself though.
http://code.google.com/p/wepbuster/
Hi. What if start few windows of spoonWep? Let say 2. Will it find the key double slower? Or it will work just fine with many windows running at the same time?
Or where can I see how much is processor loaded?
@Krestic
You’ll need more than one compatible wifi device to be able to run multiple sessions of spoonwep at the same time I believe.
do you know how to do it with OSX.4 or any version earlier than leopard
@OSX.4
You should be able to boot from the BackTrack LiveCD from any intel based Mac.
Hi guys, I have a problem. I followed all the instructions concerning the CD burning and downladed the right file (i think so at least…) (bt3-final.iso). I burned it according your instruction.
Then restart my computer, press c, get a first screen, then a lot of lines going on and then i get a message like “Fatal error occured – BT3 data not found” they tell me I might be using a old pcmcia tool or something..
I’m really not a crack in computers so I don’t understand what could be wrong.. Any help would be great :)!
As for my computer, I have a MacBook (1st aluminium generation, from October 2008) – Mac OS X 10.5.8 (9L31a)
I have Bootcamp installed and Windows Vista as well, I had to install it for school, so it might be because of that? or not?
Thank you very much for your time and help!
@tiro04
I haven’t seen an error like that before. Maybe, try redownloading and burning the iso again. Or test it on another computer to see if it’s the disc or your computer causing the error.
Please can you help me.
I have used Backtrak3 and cracked the wep kep at 100% but when the i put in the key without colons it connects but with limited access. I have changed my mac address to one that is on the list but still the same “connected with limited access” I cannot access the router to configure it. But i thought that as long as i have the allowed mac address on the router and the 100% correct wep key i should be fine. Please tell m what else i can do. I have tried to crack other wep enabled connections and so far have 40% sucess. ie. cracked 2 so far
@joe smith
Maybe whomever’s router you are connected to didn’t pay their internet bill.
Let’s say your notebook is registered on one network – a university student network, for instance – and there’s another network that belongs to staff that is infinitely faster and doesn’t block certain webpages.
Is there any risk of the IT department of this hypothetical university tracking one down – that is, is there any risk in doing this?
In the network log, it’ll show your computers IP, Mac Address, Computer Name, and visited websites. I’d suggest spoofing your mac address, changing your computer name to something generic like “laptop”, and connecting to a VPN to browse the web.
thanks, very nice info. i use kubuntu and windows xp to try this and its work just fine.
i use windows 7 and this program works great
I’m working on windows vista but this error occurs “Fatal error occured – BT3 data not found”. How I can solve it?
Dear friend,
I have a laptop with windows 7. now i getting more wi-fi signals. But all are prottected. How i can hack. I can use internet on the windows 7. or i need to install linux.
if i follow the above steps.. i get the password/access.
i want to use internet in my windows 7. if possible pls replay
regards,
Rafeeq
is there a windows one? NOBODY has mac anymore
@windowsrules
is there a windows one? NOBODY has mac anymore
Thats pretty funny. Mac’s numbers are actually stronger than ever and it is a far superior OS over windows according to the majority of IT Professionals but I digress.
There does not need to be a windows one. This goes for all of those who have asked if there is one for whatever OS. This tutorial is not OS Specific, it is hardware specific.
As long as you have a computer (Mac or PC) with an Intel Processor that can boot from the Optical Disk (CDROM, DVDROM) and you have a wireless card capable of packet injection under tools like Back Track (which uses aireplay-ng) then you can use this tutorial.
I try this on Win7, it works great. Thank You very much
At first it got stuck at “GATHERING ARP” for a few minutes, change to a different connection and it worked. Then I try the first connection and it’s working
I need the software for hacking wireless network and the tutorials in addition.I am using windows xp. i’ll be glad if i get this software and very thankful to u.
anyone looking to crack wep keys or anyone need the fully working cd for craking wep keys, contact me.
krugur@live.com
@jorel314 lol, well done. You’ve probably responded to about 50 comments. Thats all I wanted to say :P
dear frens, i have no prob running bt3 final at any windows flatform, but the prob is in my powermac G5, i’m not able to run my live iso cd there, although using unetbootin or vmware i’m still not able to run the bt3. guys pls help me coz i’m new with mac.
powermac G5
mac os x 10.4
@windowsrules
srsly?
just give one info : good tool to use Nmap as network scanner. u can download in http://adf.ly/2E5aN
salam dari http://www.delavega.blogspot.com, semoga mempermudah hidup anda.
Please help me on hacking wlan with symbian phone guidline.Please help me on hacking wlan with symbian phone guidline.
I write WEP Crack tutorial using ubuntu, but your one looks easier :D
http://colekcolek.com/2012/01/20/crack-wep-hotspot-password-ubuntu/
hi chap, thanks for writting this, is bootable option is mendatory ? can i install back trak 3 and kismet on my window7 , will it works? please help
@abdul I’ve tried backtrack running in a virtual machine via virtualbox, and it works fine. Using virtualbox, you won’t need to burn a physical disc to boot from. You just boot the virtual machine using the .iso image file of backtrack.
hi there its not working at all for me i cant seem to find backtrack 3 only 5 and when i burnt it to cd and restart and help c butten does nothing iv red over and over all these posts about help and still cant work out a solution im running mac os x 10.5.8…is it still possible to do on this and any addition help would be much appreciated….cheers
Glenn
@Glenn
My new method is to use SpoonWEP2 which is included with nUbuntu.
http://thepiratebay.se/torrent/5576475/nUbuntu_8.12_Beta
I create a virtual machine using VirtualBox and boot from nUbuntu, so no need to burn any discs.