you can see I cracked a 128 bit WEP key about 2 minutes after I started capturing data and I am a n00b at WiFi hacking, so if you are using WEP change to WPA2, hide your SSID and disable WPS
BTW this is a spare router I have, it took longer to set up the router than it did to break into it.
Now off to bed, I hope I'm not too hung over tomorrow
Actually, both WPA/WPA2 are a piece of cake... it just takes slightly longer, but it's a matter of time before you get the password. Which just proves that ISP's six strike rule is just ridiculous considering you can just crack your neighbor's wifi and download all the torrents you want (not saying you should do this at all). If you REALLY want to be safe, ethernet is the way to go.
i have cracked a wifi network before, used web, same way u did, but without a gui. that said, I just wanted the wifi, as up until now, all i've had were desktops, so it wasn't needed until now....
no.... wpa2 is very very hard to crack. unlike wep it does not transmit IV's... you have to capture a handshake which contains a salted hash of the password. you then have to brute force the hash or use a rainbow table, however since the salt is the essid, most rainbow tables are useless unless the essid is "linksys" or something common. so, unless your victem uses a short password, or a common dictionary word, your left to brute forcing it.... which is very time consuming, to get it cracked within a reasonable time of a few days, you would need a very powerful gpu cracking rig (like 2 or 3 5890's).
if you say that that is insecure, you are basicaly saying everything that transmits a hash or ticket is insecure (kerberos, ms-chap, sftp, every website that saves a password, teksyndicate, steam, ect..)
WPA/WPA2 is only a piece of cake if the user sets up a weak password, if it is 8 letters then you can brute force it in about half an hour using a CUDA card, or if you have WPS running Reaver can brute force the pin in about 8 hours
You can see that picture here: http://i1222.photobucket.com/albums/dd500/MrPete1985/20121025_213040.jpg
I look at security like this, you're not trying too keep people out just make it so much of a pain in the ass that they will go bother someone else
I cracked a WEP access point in the original post, that is super easy just put your WiFi card into monitor mode, then you fake association to the access point, then you need to capture ivs, I did this by spamming APRs to the AP then finally when you have enough data you crack it using aircrack
Cracking WPA/WPA2 is harder, after your device in is monitor mode you start capturing data, then you de-authenticate a client that is on the AP to capture the handshake, once you have the handshake you use a dictionary attack or brute force the key, if you have a program like pyrit that can take advantage of CUDA and OpenGL then you can speed up cracking WPA
You can also brute force a WPS pin to obtain the WPA key, this is done with a tool called reaver, it took about 7 hours when I did it but you are only brute forcing an 8 digit number so it take far less time than to brute force a WPA key, once you have the pin you get the password and the ESSID
Some routers WPS is always running but some you need to press a button on the router to turn on WPS for device linking, and some routers will lock you out after too many wrong pins
With WPS you're not bruteforcing the entire 8 digit pin as a whole - if that was the case the attack would require 7 years not 7 hours. There is a critical fuckup in the WPS specification - the 8 digit pin is split into two 4 digit parts with each tested and reported as valid/invalid separately. Only 10000 combinations are required to crack WPS. It almost looks like WPS was designed to be easily crackable.
Lol I cracked my parents internet password after they took the internet away from me. They never found out until they decided I could have internet again
Backtrack Linux is the OS I used, and aricrack-ng is the software suit I used on the WEP connection, for the WPS shot I posted I used reaver, reaver also comes with a tool called wash that will show you any access point that are vulnerable to reaver.
If the password is written down anywhere it instantly becomes less secure than any level of random characters, as long as you don't use only actualy words then a statement you remember is just as secure to a comptuer as any ammount of random characters. Though all of this only prevents brute force attacks.
This is all being done with pen tools. Well assuming these guys are taking advantage of the modenrn guis available today.
As the very first post in the thread shows backtrack5.. though i argue 4 worked a bit better for me.. Theres a few distros. Just search pen testing distros