Lab 8: Hacking wireless password of modem

For this lab, Mr Zaki set up a wireless network using DLink. Then, he ask us to search for the wireless network. Then, we connect it by using ‘1a2b3c4d’ as a password. In this lab, we need a backtrack and a wireless NIC(USB). Mr. Zaki ask us to download a backtrack from the website diven and required to login by username “root” and password “toor”. Then, we need to get to know whether the wireless card has been switched on by type ‘ipconfig’ to know whether the network card can be used and type ‘iwconfig’ to know whether the wireless network card be used.

Mr. Zaki told us that real key is set on wireless AP (access point) where 24 key is given by the IV and 40 key is given by ourselves. To switch on the rausb 0, type “ipconfig rausb0 up' in the command prompt. To ensure rausb 0 is switch on, type “ipconfig”. Then, type “iwconfig rausb0 mode monitor' follow by type 'iwconfig', the results of ‘Mode: Monitor’ will be seen. After that start backtrack and plugin usb.

Mr. Zaki also shows us about ‘Kismet’. ‘Kismet’ is typed to scan the wireless and the result is DLink was seen and all information of DLink is displayed. Mr. Zaki told us that ‘s’ is for sorting and ‘b’ is to sort according the BBSD. We need an encryption key here. Then we press 'q' to reach to Network List screen. Use airodump to cache the packet and save it in some path. Then, 'airodump-ng --ivs -w output-abg rausb0' is typed where the 'output' is the filename and rausb0 is the wireless network card. Follow by, 'aireplay-ng -3 -b 00:1E:58:FB:57:ED -h 00:22:6B:A9:59:AF -x 1024 rausb0' is typed where the first address is the MAC address, while the second address is local MAC address. After send a lot of packet, it will send back response. In order to know how many IDs have cached, 'aircrack-ng -0 -n 64 -f 4 output-06.ivs' is typed where output is the file name. This command is used to get the password.