This document shows two tools for testing the security of your wireless network, personally for me the two best there are, they are LiveCDs, Just reboot with them to hack a WiFi network, In this case we will see how to check the security of our own network, we will not use it to steal passwords from neighbors or anything like that.

First, see if our wireless adapter can inject, In this list we can check if our WiFi network card can hack WiFi networks or not- HERE.
Second, Download the version that interests us the most, Wifiway 0.8 o Wifislax 3.1.
After, we burn it to a CD or a pen drive and boot the PC or laptop that has a wireless device that can inject.

So in this example, we will see how from a laptop with the Intel card(R) PRO/Wireless 3945ABG Network Connection we can decrypt the WEP key of one of my neighbors (I said no! just kidding, I will attack my AP), so I put the Wifiway CD in my laptop and boot from it,

During boot, We must indicate a series of data, How the time zone, In my case I select “Europe/Madrid” & “OK”,

“Localtime”

Select the locale, for the keyboard… “Spanish (ISO-8859-1)” & “OK”,

“OK”

GOOD, Wifiway has already started, Now you just have to execute the commands or if you are a clumsy user, we can use the X environment, To this end, we execute: “startx”,

Now, In my case I will load with a script that brings the drivers and configuration for my adapter, Running. ipw3945_es.sh

When I run this script it asks me for the channel for the wifi0 interface (In this case we put any one in, x example 6), We indicate the capture rate (2) and we must put the MAC of the AP to attack, But for now we put in: 00:11:22:33:44:55.

With the drivers already loaded and with the command “Airodump-ng wifi0” We will see the WiFi networks that our adapter detects and we will see the data we need.

It shows us all the Wi-Fi networks it detects, We select one to attack (Ours!), so we need to point x there its MAC address (BSSID), The channel (CH) and the name of the network (ESSID), in this case we will attack the AP of WLAN_52, we look at your MAC (00:02:CF:66:92:XX) and his channel (8).

Now again we run the script to change the channel and enter the MAC of the AP that we will attack… So we run again “ipw3945_es.sh”

We introduce the AP channel, what is the 8, We introduce the capture rate (always 2), and now we introduce the MAC of the AP (00:02:CF:66:92:XX), and so we are ready to inject code!

GOOD, now we are going to associate the AP with the n1 attack, with the following command: “aireplay-ng -1 0 -e NOMBRE_AP -a MAC_AP -h MI_MAC wifi0”

Eye, it is recommended to change our MAC address, so that in the event that he sees that he is being attacked, he does not know who he is and there can be no records of us, or if you directly have a MAC filter enabled on your AP, to put a MAC of yours on us (We'll see who connects with Airodump-ng), all this with MACCHANGER -m MAC_NUEVA wifi0.

Perfect! authenticates us well, if it wouldn't, it's because we're far from the AP or because it has a MAC filter enabled and we should change our MAC. This means that the AP will accept all traffic sent to it encrypted with WEP, so we'll capture encrypted packets with your WEP and forward them to you, and we'll copy them to our HD and then get the key out of there,

This is when we will actually inject packets into the AP to generate traffic and be able to get ARP traffic, that will help us to inject more traffic, and the more traffic we have, easier to get the WEP key out. So with the command: “aireplay-ng -3 -b MAC_AP -h MI_MAC wifi0” We will get it,

We wait while you try to inject to generate traffic… we see that ARP requests is at 0, We give him a few seconds and we'll see how he starts to run!

GOOD, It's starting to rise! Now we must record all traffic.

We open a new terminal, And we're going to record the traffic, for this, We'll do it with the command “Airodump-ng -w /tmp/dump RTAP0”

And here we will see that the value of Data begins to rise, Need 200.000 data packets for 64-bit keys or 400.000 for keys 128 Bit, in 15 minutes we will have enough…

And with the command “aircrack-ptw /tmp/dump-01.Cap” we can remove the WEP key from the Wi-Fi network… in a couple of seconds we will have it! “Found key…”, Not bad, now we have the key in Hexadecimal, we have to pass it to ASCII to connect to the Wi-Fi network, even though I think I remember that we can also put it in Hexadecimal…

However, there are many programs or websites that change you from Hexadecimal to ASCII, and that's it, It is already connected to the Wi-Fi network and provide the key that we have just taken out, We can now surf the Internet for free! P-)

www.bujarra.com – Héctor Herrero – Nh*****@bu*****.cOm – v 1.0