Cracking WEP with the Alfa AWUS036NH

Alright so I did the unboxing of the Alfa AWUS036NH a few months ago and have been putting off making a post on how to cracking WEP passwords with it...

Alright so I did the unboxing of the Alfa AWUS036NH a few months ago and have been putting off making a post on how to cracking WEP passwords with it until now. So here it is, I finally have done it :P . This post contains the step by step instructions on how to crack WEP with the Alfa wireless N USB adapter. I will try and explain as much as possible, but if all you want to do is crack WEP in easy steps without wanting know what the hell your doing. This post is for you :) .

Let’s start by talking about what you need. Of course you have to have the Alfa AWUS036NH adapter, if you don’t have it then buy it. The second thing you need is a copy of BackTrack 4 R2, which can be download off their website for free. I highly recommend you either burn it to a DVD or make it bootable on a USB. Thats it, if you have those your ready to go!

Step #1:

Boot into BackTrack 4 R2 and plug in the Alfa adapter. Click Here for instruction on how to make a bootable Linux USB.

Step #2:

Open a konsole or console and type the command below which starts networking.

/etc/init.d/networking start

It might take sometime to load but once it finishes and the root prompt is displaying go to step 3.

Step #3:

You are now going to set the Alfa card into monitor mode. But first you need to find out which interface the Alfa card is assigned to.

airmon-ng

You should now see possibly 2 adapters. Look for the one with the chipset Ralink RT2870/3070 (this is the ALFA) and check the interface column. It should be either wlan0 or wlan1, so you are now going to stop that interface.

airmon-ng stop wlan0

Now start that interface again to bring it up in monitor mode.

airmon-ng start wlan0

Now by using the airmon-ng command again you should see that the Ralink RT2870/3070 is also listed under the interface mon0.

Step #4:

Now you have to scan for wireless signals in your area that are being transmitted by wireless routers. Use the following command to do this:

airodump-ng mon0

A big list of  wireless routers will now be displayed on the screen. Once you have found the one you want to crack press ctrl+c to stop the scanning. Now write down the Channel #, BSSID #, and ESSID as you are going to need these for commands to come.


Step #5:

Now you are going to focus the Alfa adapter to only link with the wireless router of your choice by doing the following command.

airodump-ng -w wep -c [channel #] –bssid [bssid #] mon0

NOTE: do not enter the [ ] brackets into the command

Step #6:

Open a new console window but do not close the current one with step 5 on it. We are not going to associate the ALFA card with the connection to transmit data.

aireplay-ng -1 0 -a [bssid #] mon0

NOTE: do not enter the [ ] brackets into the command

Step #7:

Just like in step 6 you are going to open another console window. This time we are going to start sending and receiving data packets on the connection.

aireplay-ng -3 -b [bssid #] mon0

NOTE: do not enter the [ ] brackets into the command

Step #8:

Now go back to the first console window in step 5 which is focused on the wireless router. You are now going to watch the DATA column, it has to get over 30,000 packets before you can continue to step 9 as this is VERY IMPORTANT. Might take over an hour for it to reach 30,000.

Step #9:

Once the Data column is over 30,000 go back to console window 3 which was sending and receiving packets in step 7. Now do a ctrl+c to stop the sending and receiving of packets.

We are now going to crack the wireless routers WEP security key. Enter the command dir to find the .cap file that you named wep in step 5. If its your first time doing this tutorial the .cap file should be named wep-01.cap. Now enter the following command below to crack the WEP on the router.

aircrack-ng wep-01.cap

Scroll down in the console window and the key should be there.