Sunday, 19 July 2009

Cracking WEP With Spoonwep On The Eee Pc 900.

I have BackTrack 3 Final running from a 4GB SDHC card which resides in my 900's SD slot. It's handy having a live distro to call on and BT3 works well with both the 900 and the 701. Apart from the sound. There's no sound. Like I care.

Anyway, I tend to use it for testing WEP encrypted networks (purely for educational purposes, mind) and I've learned how to do it using the command line. Then someone pointed out that a utility called Spoonwep will do the job using a simple GUI.

So I gave it a go. You won't learn much from it, I would strongly recommend you learn the command line way (which is a lot more powerful), but it is a bit of a time saver.

Here's how to do it:

01) Open a terminal:

airmon-ng stop ath0

02) Next:

airmon-ng start wifi0

03) Next:

airodump-ng ath0

04) Choose the AccessPoint(AP) you want to hack and remember the channel number. The AP will need to have a PWR rating of above 20 to have any chance of this working.

05) Hit CTRL+C to stop

06) Then copy the AP MAC address

07) In the same terminal:


08) In Victim MAC, paste the AP MAC Address

09) Choose your network card. On the EeePC 701 and 900 it's Ath0

10) Set the AP Channel Number

11) Set the Injection Rate to maximum

12) Use Fragmentation and Forge Attack

13) Use 128 Bits Key Length

14) Click launch. It does take some time, usually between ten and twenty minutes. Just be patient.

15) If it works, the key will appear as a string of characters punctuated by colons. Remove the colons and your key is what remains.

Example: 12:34:56:78:90 should be read as 1234567890.

Here's some screen shots of Spoonwep in action on my brother's network:

Not bad, eh? Fifteen minutes to crack my brother's WEP key.

Wasn't he surprised!! Needless to say he's changed his encryption to WPA...

No comments:

Post a Comment