HACKING WEP ENCRYPTED WIFI PASSWORDS!

[shax0r]

@Acidic , @BossMan. , @GeneSimmons , @iPewPew , @Cthulhu ,
@ArchHacker , @

PLEASE DO NOT COMMENT UNTIL YOU FINISH READING EVERY WORD!
CREDITS: ME FOR THIS COMPLETELY HOMEMADE TUTORIAL
AND MAZE (not from mpgh) FOR CRACKING A $400 PROGRAM!

How to hack an encrypted WEP password ONLY FOR WINDOWS 7 (HAVN'T TRIED ON WINDOWS XP BUT IT SHOULD WORK)
The attachments will include:
Commview For Wifi 6.3 ($499 packet analyzer) CRACKED by Maze

https://www.tamos.com/order/index.php?js=1

And the Second Attachment is aircrack-ng-1.1-win ... Very IMPORTANT TO HAVE BOTH OF THESE

IF THIS DOESN'T WORK FOR YOU, OH WELL YOU TRIED!
THIS PROCESS REQUIRES PACKET INJECTION, WHICH COMMVIEW ONLY SUPPORTS THESE WIFI DRIVERS:

CommView for WiFi // Supported Hardware

I am using Atheros AR9380 wifi driver, and have already cracked 3 wifi's in 1 day.

ALSO, THIS WILL ONLY WORK FOR CONNECTIONS WITH AT LEAST 2 BARS!!!
ALSO, DO NOT RUSH BECAUSE EVERY WORD AND STEP I SAY IS IMPORTANT FOR SUCCESS!
ALSO, PLEASE READ AND UNDERSTAND HOW TO BEFORE JUMPING RIGHT INTO IT STEP BY STEP!!!!
FINALLY, I THINK A WRITTEN TUTORIAL IS BETTER THAN A VIDEO BECAUSE I HAVE NO PLAYBACK SOUND..

So, first thing's first: Aircrack is developed to use a method called KOREK attack,
which reads and decrpyts all the packets you save and finds an algoritm displaying the WEP password.
Also, this WILL ONLY WORK FOR WEP, since WPA is a bit tricky and requires a "4-way handshake"
I will try to make this tutorial as simple as I can, but it does require some common sense. Microsoft Security Essentials doesn't pick it up, but some antiviruses might see Aircrack as a hackertool and will delete it!

Please Extract both rar's onto ur desktop so you have 2 folders there.
Ok, install the setup.exe within the Commview For Wifi folder



Go though the setup, accepting terms and all. It will ask you if you want to do VoIp as well, you can if you want, but voip isnt necessary.
Next, AFTER installation, open the Commview for Wifi, and it will go through the driver setup
If your driver isn't supported, then oh well at least you tried! Once you registered and everything,
Activate the Commview for Wifi 6.3, you will be given a PRODUCT ID during activating your Commview, because so far it is a 30 day trial.
Copy your product ID given to you, and run keymaker-maze.exe AS ADMINISTRATOR! Next, paste your product key, and click activate.
AN ACTIVATION CODE will be shown and you copy and paste that to activate your commview for wifi to full edition!

Also, IF YOU GET ANY ERRORS WHILE SCANNING PACKETS AND ALL THAT, PLEASE UNINSTALL COMMVIEW AND INSTALL IT AGAIN! THE ERRORS WILL GO AWAY AND COMMVIEW WILL "APPEAR AS EVAULATION" BUT will NEVER expire!

Ok, so if you gotten this far, you should have NO PROBLEM hacking that WEP!

Once you have commview for Wifi up and running, you should see the window as follow:



First, click settings>options>memory usage
change maximum packets in buffer to 20000 ! which is the max, your BUFFER is the main window that will display all your packets! you can clear your packets by right clicking anywhere in the main part of the program and clicking "CLEAR PACKET BUFFER"
NOW look back at the picture and make sure only the data tab is checked AND THE OTHER 2 TABS ARE UNCHECKED!

Next, click the play button and a window will show
Click start scanning!
It should look like this now, and will take about a minute because it's looking for all wifi drivers in each "channel" Because each router broadcasts from different channels, saving airspace.
ALSO, RIGHT CLICK THE ACCESS POINT (WIFI ROUTER) YOU WANT TO HACK AND CLICK COPY MAC ADDRESS! Paste the mac address in an empty text pad for reference!
If you clicked the router , the channel will automatically be assigned as your channel to start "Capturing"



Now, notice how IN MY CASE, the NAME OF THE ROUTER, NOT THE ACCESS POINT ITSELF, IS CISCO-LI:NUMBERS

This is also important to notice!

Next, click the CAPTURE button once you have it set to the channel the wifi spot is on, and you should start receiving packets looking like this:



NOW AS YOU CAN SEE, I have some Cisco-LI packets in there, AND I want to make sure that this packet is from the router im capturing
Look at your Mac Address you copied and pasted from the Scanning Window, IN MY CASE, ITS 00:25:9C:2C:E4:32
now in order to check to see if you have the right packet, CLICK THE PACKET, and info will show on the bottom, looking like this:



ONCE YOU KNOW THAT THIS PACKET belongs to The router you want to hack (mac address ALSO KNOWN AS BSSID) scroll down to the very bottom, and you will see encrypted data:
IV: 2B, 68, 9B OR SOMETHING LIKE THAT AS SEEN IN THE NEXT IMAGE:



These are IV's which are the main part of cracking WEP!
We need to collect 500,000- 1,000,000,000 IV's! Sounds hard, but can be done in >30 minutes if done right!

NOW THE NEXT TASK IS A HIT AND MISS TASK, AND MAY TAKE A COUPLE TRIES FOR SUCCESS!
AS YOU CAN SEE, THE PACKETS ARE FLOWING, BUT ARE THEY FLOWING ENOUGH?
If you are receiving less than 100 a second, than you are not getting enough packets! To fix this issue,
you need to packet inject! Easy though just follow these instructions!

1.) CLICK TOOLS> NODE REASSOCIATION! A NODE IS THE ACCESS POINT (ROUTER) YOUR HACKING!

MAKE SURE YOU CHANGE THE SETTING TO 100 TIMES AND "SEND BROADCAST" SHOULD LOOK LIKE THIS ( REMEMBER THE WIFI IM HACKING IS NAMED EXERTUS)



PLEASE, BEFORE YOU CLICK SEND AND OK, RIGHT CLICK THE BUFFER WINDOW AND "CLEAR BUFFER PACKETS"
Now you have to have a good eye! , click send, and then ok!

As you can see , the most recent packets are BROADCAST PACKETS
you want to FIND THE PACKET that has FF:FF:FF:FF:FF:FF AS THE DESTINATION ADDRESS!
AND THE BSS ID: HAS TO BE THE MAC ADRESS YOU COPIED EARLIER, IN MY CASE IS 00:25:9C:2C:E4:32

as you can see from the next pic, I HAVE THE RIGHT PACKET HIGHLIGHTED!



NEXT, WE WANT TO SEND THAT PACKET BACK, SO RIGHT CLICK THE PACKET> SEND PACKET > SELECTED, AND A WINDOW WILL POP UP

If it shows FF:FF:FF:FF:FF:FF IN THE PACKET SENDER, YOU HAVE THE RIGHT PACKET! Change the settings to 1500 times a second, OR 1000 TIMES A SECOND WORKS BEAUTIFULLY, and Continously,
Like this:



CLICK SEND , AND LOOK AT YOUR PACKET BUFFER WINDOW, it will START FLOODING BY THE THOUSANDS!

IF IT DOES NOT START FLOODING, ITS BECAUSE you've been reading this tutorial, and you need to send ANOTHER node reassociation and find the packet, sending it 1000, or 1500 times a second


IF YOUR DOING IT RIGHT, YOU SHOULD SEE THOUSANDS OF PACKETS LIKE THIS (IN MY CASE ITS NAMED DIFFERENTLY):



As you can see, the packet numbers are instantly in the 6000's range!

ONCE YOU ARE REACHING 17,000 PACKETS, GO TO FILE>SAVE PACKET LOG AS, AND SAVE YOUR FIRST 20,000 BY THE NAME OF 1 AND SAVE IT AS A .CAP!!!



now right click anywhere in the packets > Clear Packet Buffer, and thousands MORE PACKETS WILL FLOOD, and repeat this grueling process of SAVING 20,000 PACKETS AT A TIME! name them 1-30, which 30 capture files will hold 600,000 packets, an instant success in most of all cases!!

Once you have these .cap files saved it should look like this in your directory:



NOW ONCE YOU'VE GOTTEN THIS FAR, THERE IS NOT TURNING BACK YOUNG HACKAAHHH!

FINALLY, go to your aircrack folder > BIN FOLDER> and RUN Aircrack-ng GUI.exe

Now, click choose next to the filenames, and drag and select ALL YOUR .CAP FILES AND LOAD EM ALL IN AT ONCE!

Next, keep the option at WEP, and 128 bit, if it fails, try the other bits (secondly at 64)

CHECK THE BOX THAT SAYS ADVANCED OPTIONS!
CHECK THE BOX THAT SAYS SPECIFIC BSSID: NOW ENTER YOUR MAC ADDRESS YOU SAVED IN THE BOX!

MINE LOOKS LIKE THIS:



NOW CLICK LAUNCH, SHOULD SHOW THIS:



This may take some time, just wait!

IF IT SAYS YOU NEED MORE IV'S, TRY THE OTHER BITS, IF THOSE DONT WORK, YOU OBVIOUSLY NEED MORE IV'S, GO CAPTURE MORE PACKETS!

If its Success, then you will get something LIKE this:




WRITE DOWN ALL THE NUMBERS, IN MY CASE, WOULD BE: 81E7D85E5B009EB9890B31A976

now POWER DOWN COMMVIEW FOR WIFI, AND TRY ENTERING THE PASSWORD IN :



I HOPE I HELPED SOMEONE OUT THERE! HELP ME BY INCREASING MY WRONGFULL DECREASE IN REP THANKS!

[Azathᴏth]

Approximately how long does it take to crack one router.

[shax0r]

Approximately how long does it take to crack one router.

if you know what your doing, you average 20,000 packets every 3 minutes, you need 25-30 sets of 20,000 so an hour 2 hours tops

[Azathᴏth]

if you know what your doing, you average 20,000 packets every 3 minutes, you need 25-30 sets of 20,000 so an hour 2 hours tops

I was hoping for something like, "It's going to take 9min".

[shax0r]

[/COLOR]

I was hoping for something like, "It's going to take 9min".

It could, it all depends on how fast the router spits info to you, and how many times you practiced this method of sending a node reassociation and injecting it back. Mac/linux systems are the fastest to do this, windows 7 makes you buy a 500$ program and some sense to do it I'm sorry there is no other way I know of.
There was no tut for windows, so I decided to release one, ALSO, Once you get the packets, aircrack only takes seconds!

The process of capturing the packets takes time, reading them and decrypting...seconds!

[Azathᴏth]

How do you differentiate a WEP from WPA encryption?

[Polo]

Holy fucking shit this is so long

Thanks tho i guess, got you back to a green bar.

[Acidic]

Thanks. Complicated but ill work on hacking one tomorrow if i remember
+rep'd you

[shax0r]

How do you differentiate a WEP from WPA encryption?

When you try to log into a network via your network interface card (driver) it will normally tell you WEP or WPA. But The way you differentiate is by determining which packets belong to the WPA network and the name of the network.

---------- Post added at 04:12 PM ---------- Previous post was at 04:09 PM ----------

Thanks for all the rep!

Also, if anyone else is successfull in getting a key, please post your picture.

[Kprizzy]

Woah nice tut but soo long will try tm.

[Azathᴏth]

@arunforce

Approve please.

[shax0r]

I think you should sticky this cuz its so sexy

[[MPGH]Dave84311]

Warez removed by whoever deleted this before.

@shax0r please reupload everything except the warez in your first post. Also great tutorial, esp for windows.

To everyone else: If you need ComView, find it ELSEWHERE

[sungram]

buddy u r great..it really works for me...it got my nebr password....but i want to give some suggestion.......

1-i run commview on window 7 plateform(bec commview is not running on my window vista) and crack those file on window vista by aircrack-ng GUI bec aircrack is not running on window 7............and finally.huurraaaaaaaah............got the password after a 10-12 hrs of capturing.............


have fun...........

[roberton]

where are the downloads