How To Crack 128-bit Wireless Networks In 60 Seconds

Just for fun (since I’m a dork), I was looking for a wireless stumbler for Macintosh that supported a GPS unit because I thought it would be interesting to map how many wireless networks there are in my neighborhood (I usually can see 15-30 unique wireless networks from any given point). In my search, I ran across one called kismac that does exactly what I wanted (it even generates the maps for you, so I didn’t need to code something to plot the GPS coordinates on a map):

click image for larger view)

I download it and start playing around with it. It turns out it also has security testing functions within it (although I would guess that most of the people using the cracking functions are just trying to gain access to “secured” networks… which is beside the point I suppose).

Anyway, so I start monkeying around with those functions to see if I could learn something about WEP encryption on my own 2 wireless networks (I have a Linksys WRT54G and an Apple Airport Express which I use for beaming iTunes music to the living room stereo), both are currently secured with 128-bit wireless security and I did not change anything in them for the purpose of this video. My “word list” is just the standard dictionary word list that comes with most any UNIX distribution (like Mac OS X) and resides in /usr/share/dict/.

So here’s the scary part, from the time it started scanning for wireless networks to the time I was able to crack both wireless network keys (which is all you need to gain access to the wireless network), it took right around 60 seconds. Check out this video…

Okay, so what just happened here? I just cracked my two 128-bit wireless networks in roughly 60 seconds from start to finish.

Even as a relatively knowledgeable tech guy, this seems like utter insanity to me. Okay, obviously I didn’t have some crazy, ultra-secure password for my networks, but I would guess 90% of all the wireless network passwords out there are based on simple (easy to remember) word(s). After doing some reading, an “ultra-secure” password/MD5 seed would be relatively useless anyway… all it would do is force the attacker to spend 10 minutes on it instead of 10 seconds (see this FAQ and this FAQ), all of which is easily done from the kismac Network menu. It doesn’t even matter if you setup your wireless network to be public or not, because kismac can see it even if the base station isn’t showing the SSID publicly.

I’m going to poke around and see how secure RADIUS authentication is for a wireless network, but even if RADIUS is more secure, what normal person is going to have the technical knowledge and an extra few thousand dollars to setup and run a RADIUS server for their wireless network? I’m not even sure if I want to run a wireless network anymore to be honest… or maybe shut them down except for the times I’m actually using them (talk about annoying though).


Not sure why the content was deemed “inappropriate” for YouTube, but YouTube took my video down. {shrug} Moved it to Google Video.

315 thoughts on “How To Crack 128-bit Wireless Networks In 60 Seconds”

  1. I wonder how fast it’ll brute force its way through WPA keys? I dont know much about wireless security, but I thought WEP’s many flaws were the reason the industry replaced it.

  2. Check out the Security Now! podcasts. WEP encryption is trivially broken because of a poor underlying design. You need to switch to WPA encryption.

    I am certain that your WRT54G router is capable of WPA encryption – although I am not sure if the Airport is.

  3. So the point is that even with a higher strength password, say a combo of letters/numbers, this would only take a few minutes more? Crikey!

    So here is the defense against all those MPAA lawsuits? “My wireless network was hacked… here’s how easy it is?”

    Thanks for making it simple.


  4. Most APs have a mac address lockdown. It only allows the specified mac addresses on the wireless network, full stop.

    I think that solves all these problems.

  5. what wireless network card do you have?
    cuz I know cards like broadcom’s can’t be used for cracking.

  6. Few thousand dollars? Are you freaking insane?

    I run DD-WRT and FreeRadius on a Linksys WRT54g at my house. I have WPA using a preshared key and then 802.1x auth via RADIUS for authentication. The sum total I spent on the hardware is $60

    The weakness you are experiencing is not in WEP per se but in the algorithms used to generate the hex key from other (easy to remember, easy to crack) sources such as dictionary words. Furthermore, even on non dictionary words, some of these algorithms have serious flaws that greatly reduce the amount of keyspace you need to search to find a 128 (really 104) bit key.

    If you want a secure password, get 104 bits of sufficiently random data, convert it to hex and use that. Rotate it every few weeks or so. Even if you use WEP for this, you only really expose yourself to certain weak frame vulnerabilities that are largely sewn up by most NIC and AP wireless drivers these days, and they can’t easily be exploited without listening to a great deal of wireless traffic.

    A more fun solution? Wireless VLAN’s! Run one VLAN as a public honeypot with open access to nothing. Run the second VLAN using a different SSID with broadcast disabled, its own keys and 802.1x

  7. This is revealing, but also odd that WEP security is being discussed at all. WPA has replaced it as the defacto standard in security nowadays and it’s quite solid/secure.

  8. So the question I have to ask is was your password a dictionary password? It seems from the video that you used a dictionary file/list of common words.

  9. If it’s just *your* network, it’s easy to lock it down securely. Just do what I do…allow only your computers’ MAC addresses. No other security is necessary. If you’re still paranoid or live in an urban setting, you can leave encryption running, but remember it does slow the data a bit.

  10. the ease of that is pretty scary, but even so I bet most people would find this too difficult. Better hope you’re the only savvy person within the radius of your network!

  11. Which GPS unit have you been using? I am a kisMAC user, and I have been scoping out a portable unit I can take out on the MTB, as well as being osx/kisMAC compatible.


  12. It was an Airport card in a Macintosh. As far as WEP vs. WPA… I know that now, but 2 days ago I didn’t. I’m pretty technical, but security/hardware isn’t my deal, so I never looked too much into it before. I just saw “128-bit encryption keys” in the setup and thought that it would be good to go.

  13. Anyone who knows anything about security can tell you wep is handing out your password, it broadcasts your password acrossthe network so anyone can crack it, wpa on the other hand if you have a truely random password with the maximum allowed charachters is unbreakable. I suggest you listen to Security Now podcast starting with episode one.

  14. Also please not that your mac address is being broadcast as well so even if you restrict mac addresses they can esily be spoofed even with the software that comes with your adaptor so all one has to do is find out what valid mac addresses are on the network and just start using one.

  15. MAC filtering offers no security whatsoever.

    MAC addresses are actually not encrypted when sent over the air,
    since they are the only reliable way of identifying a peer. Getting them
    from network traffic is trivial and only needs a couple of frames.
    MAC addresses are also trivial to spoof. On Linux it is just a configuration
    file to tweak. On my WRT54G it is a configuration option.

    Now if you want to run a nice DOS attack, you listen for MAC addresses
    connecting to an access point and send End-Of-Traffic frames with a spoofed
    MAC address several times per second. This effectively shuts down all Wifi
    traffic for good on the access point.

  16. MAC filtering is close to useless as a serious security feature. It’s pretty easy to just sniff the net, grab an authenticated MAC and use it.

  17. to all those people out there who think that MAC address restrictions will protect your network … think again. a MAC address can be sniffed off the airwaves in seconds and many wireless network cards allow you to change their MAC’s. it really is one of the most useless forms of wireless security, and will only stop the most basic of ‘hackers’.

  18. “Most APs have a mac address lockdown. It only allows the specified mac addresses on the wireless network, full stop.

    I think that solves all these problems.

    Unfortunately this is not the case, as your MAC address is unencrypted in the header of packets and can easily be sniffed and clone’d.

  19. WEP is generally used by home users who, through no fault of their own, don’t know any better, or who have been advised to use it by lame-ass ISP’s.

    Most of them wouldn’t know how tro secure an access point if their life depended upon it.

    A friend did some war-driving here in Australia – from his home to my office via the middle of Sydney – plotted over 800 wireless access points, with over 50% completely unbsecured, and of those that were secured almost 80% used WEP – and that included some of the largest businesses in the CBD. He knew this, of course, because they were all broadcasting their SSID, usually with a business name !!

    You would be stunned to see how many had the default username/password combination for admin still installed – tempting as it was to change this and shut their router down as an object lesson in security, he had a better idea… He contacted several businesses and informed them of their leaks, and now has a reasonably well-paying sideline in securing wireless networks for home and small business users…

    There is a lining in every silver cloud… 🙂

  20. Thanks Twit
    As I was reading I was wondering if anyone else knew that even MAC address filtering is not fool proof.

  21. BTW, MAC address locking is nice, but anyone with a basic knowledge of networking and a good sniffer could spoof your MAC address in probably less time than it takes to read this.

  22. # Nicholas VonKrut Says:
    August 7th, 2006 at 3:16 pm

    Most APs have a mac address lockdown. It only allows the specified mac addresses on the wireless network, full stop.

    I think that solves all these problems.

    all i can say is yea good luck with that theory… not heard of mac spoofing?

    takes seconds to find stations assosiated with a ssid – mac address and all

  23. As above – a mac address is actually easier to hack than – much easier – than WEP – which at least takes a little effort. If you’re not using WPA – with a good, long passphrase, you might as well be open. The mac address would simply keep the average passerby from using your wireless without any overhead, but is in no way “secure” and in no way encrypted.

  24. A brute force attack on WEP works best if you collect 250k initialization vectors (IVs) for a 40bit key, 1000k IVs for a 104 bit key. A dictionary attack takes only a few packets but to defeat that all you need to do is make up fake words with special characters. Example: Go/\way!

    WPA doesn’t have the same failings as WEP but is is also vulnerable to a dictionary attack if you can capture the 4-way handshake. An easy way to do that would be to disassociate someone who is on and watch them reconnect. WPA also uses the SSID of the access point in it’s encryption.

    MAC filtering works fine till someone spoofs a valid MAC address.

  25. “BTW, MAC address locking is nice, but anyone with a basic knowledge of networking and a good sniffer could spoof your MAC address in probably less time than it takes to read this.”

    I think the real question is whether or not you have something worth stealing. If you are in a place that has a high density of wireless signals, going with more security than none is probably going to make 99% of the people around you just connect to a less secure network. Just hope you don’t have any enemies…

    “I’m not even sure if I want to run a wireless network anymore to be honest… or maybe shut them down except for the times I’m actually using them (talk about annoying though).”

    Maybe its a better idea to put something over your antenna(s) that will block the signal from any significant broadcast when you aren’t using them?

  26. Mac spoofing is almost quicker than cracking 128web please dont rest easy with that as an alternative there is no reason to not be running wpa as of right now there isnt a good quick way to crack it..


  27. The MAC address isssue is well documented.
    As is the WEP issue.
    WPA is more secure but serious crackers can find a way through that too.
    Take solace in the fact that people looking for an unsecured wireless network will generally settle for the first one they can crack, so if you use both MAC addresing and WPA the likelyhood is they will crack you naber who uses neither.

  28. wpa and wpa2 are also easily brute forced. (look at h1kari’s recently published work)

    but guess what else, locks can be picked, safes can be cracked. there are not completely safe options, just deterrents.

    wep is good enough, so is wpa, so is wpa2, so is mac address filtering. they all keep the causal user off your network.

    if you want security and privacy, don’t rely on the data link layer to provide it. the application layer is far more useful. check out

    and don’t be so paranoid, probably no one cares what you’ve got on your network anyhow 😉

  29. Just a suggestion, setup a vpn. For those a little more tech savvy and want a little bit of fun buy a firwall such as a pix. I bougt mine for $400 on ebay and all my wireless traffic is tunnelled out my hardwired network. Much higher encryption and much more secure – but much more complicated then WEP or WPA. There was a really good article too on digg where you deploy a squid proxy in your wireless zone where it will invert all the graphics on the web and will really screw people up who hack into your network. Pretty funny / fun stuff. WEP is out now as Cam said above. WPA is supposed to be better but a simple google search will show you people have already worked around this as well.

  30. So are there any similar programs for windows? kismet is on linux and I’ve heard that, that is the best program for this kinda stuff.

  31. I use MAC addresses whitelisting, the reason I think it would work is because lame kiddy hackers won’t think of it, they might brute force for days and never cop on, its a nice on top of wep etc.

  32. nice!! anyone know of a comparable program for windows (aka, lets you access a wordlist directly from it)?

  33. I agree with cYrus… it is very simple to spoof a mac address and very easy to find what mac address you need to spoof.. I have a laptop with built in wireless that has the ability to spoof mac addresses built into the driver..

  34. MAC addresses can be set on the property page of the network adapter (under Windoze) and “nbtstat -a” or “arp -a” to recover another machines MAC.

  35. As many of you have stated Mac Filtering is completely useless, spoofing a Mac Address takes seconds. Allowing you access to the network.

    WEP is useless. As stated, using either a weak dictionary word or a fully randomized passphrase only slightly increases the amount of time required to crack it by a slight margin.

    WPA1 and WPA2 are becoming easily crackable as well. Check out CoWPAtty. They recently came up with a huge 47 GB precompiled hash table at DefCon 14 that will crack many WPA2 passwords in minutes.

    For those stating that Broadcom cards can not be used to crack WEP you are partially correct. The current Broadcom Airport Extreme cards can not enter promiscuous mode but the latest version of Kismac can put the AirPort Extreme into passive mode (except for MacBookPro and newest Mac Minis)

    If this doesn’t work for your Airport Extreme you can also use the DLink DWL-122 usb wireless adapter for cracking WEP keys. I have purchased and returned a ton of external adapters until finding this one that works. Be careful not to purchase the DWL-122g, I don’t think that that is supported.

    Happy Hacking

  36. Cracking 128 WEP does not depend on brut force; it basically reads the packs generated by the users on the network and build the pass phrase from those….so even using a random pass will not help you. The whole thing is flawed. So do not use WEP

  37. i thought airport cards couldn’t be put in this mode?

    I have an airport express card inside my macbook – can I put the card in passive mode?


  38. Aside from everyone saying WEP is now replaced by WPA, which it is and should be in any wireless network, alot of people are commenting saying that mac address filtering will protect you. IT WON’T.

    Firstly, spoofing a MAC address is a trivial matter, secondly, more of a security stand point, just because you’ve blocked that computer’s MAC address, does not stop it from sniffing ALL of your wireless network traffic, they could get all sorts of information, and coupled with MAC spoofing and well crafted MITM attacks, could be in and out with you passwords and creditcard numbers without you ever realising they were there.

    Just don’t rely on MAC filters, use them, but don’t rely on them as your only means of network security.

  39. So I go to Google. Type a couple of search terms and, Google being Google, I get the standare 1.2 million results. One of them being this page.

    128 bit encryption cracked that fast, hmm. Should be interesting I think. Let’s check this out.

    Well, sorry to burst a bubble but nothing I’ve read here concerns cracking 128 bit encryption. I’m not saying it can’t be done. I’m saying it’s not what was done. What was accomplished here was a simple brute force password hack

    A password hack is one of the most basic routines there is in the security field, even with the standard three strikes lockout, so this is assuradly a lesson in why it is necessary to use strong passwords

    Once you claim root any commands you give will be obeyed but to crack 128 without claiming root you must to be able to read network traffic “in the clear”.

    If you can accomplish that in 60 seconds the NSA has a job for you.

    Better luck next time

  40. PowerBook users have real problems with WPA. I’ve not been able to fix mine since I bought it. I have a DLink router that has been re-installed many times. WPA would be nice, but it goes deaf about every 5 minutes.

    Any ideas?

  41. let me add few words to it 🙂

    Cracking WEP is not a new thing, because of weakness in its design. few reasons why wep is weak are:

    1. Same key is used forever (until one fine day you decide to change it!), there is no concept of rekeying.

    2. Also remember that 128bit key is not exactly 128 (128 is just a marketing number!), it is actually 104 bits (which is the lenght of your password). Remaining 24 bits are called Initialization vector (IV), this IV is incremented for every packet and this IV is combined with your password to make it 128bit (and IV is visible to anybody with a sniffer, coz it is sent with the packet without any encryption). Certain combinations of password and IV generate something called WEAK keys, which help in cracking keys (search “FMS attack” on google for more details).

    3. Most important point: password that you enter, is finally used for encryption. which means that if you crack key from one packet, whole network is yours .. wow!.

    Solution of all these problems is WPA/WPA2, which addresses all these problems by:

    1. lenght of IV increased to 48bits.
    2. Built in mechanism for rekying.
    3. New key is generated for every packet: so if you are able to crack key for one packet. There is nothing useful u can do.

    4. Password that u enter is not used for encryption, it is used (with lot of other info.) to generate per packet keys as mentioned in #3.

    I am sure cracking WPA is not simple as WEP, so for few years we can live in peace with WPA/WPA2.

    hope this info helps!

  42. MAC address filtering is kind of like painting the word “FENCE” on your doorstep.

    WEP 64- or 128-bit encryption is like locking your screen door with a bathroom key. WEP 256 is like locking your front door with an easily pickable deadbolt.

    WPA is like actually having a fairly secure door. The strongest WPA makes your door more secure than your walls.

    Oh, and remember to write your password on a post-it and keep it in your desk drawer! 😉

  43. Um, sorry to break it to you guys, but the “vulnerability” here affects WPA, and probably more WPA than WEP. This a brute force passphrase hacking, not some kind of wire sniffing trick (which is what WEP is vulnerable to, and takes a fair bit longer than 60 seconds).

    Keep in mind that WPA is really just WEP with rotating keys, and little else.

    WPA will NOT make you more secure. You need to use a secure passphrase otherwise you are vulnerable to somebody guessing your passphrase. That’s not rocket science. It’s got nothing to do with the relative security merits of WEP or WPA or WPA2. Use a crap passphrase, you’ll be easy to hack.

    It’d be like the CIA using “secret” for their password on their mainframe. It doesn’t matter how bloody physically secure the mainframe is, or how well it encrypts it’s data, when the password is the weak link.

    In fact, last time I checked (which was a while ago) you can’t even _use_ a passphrase with WEP – it expects a hex string.

    So, please, people, stop thinking that WPA is the holy grail of security. It isn’t, by a long shot. A WPA network secured with a passphrase of “bob” may as well not be secured at all.

    And of course, MAC filtering is basically useless, except as part of security in depth. It’s worth enabling, but don’t rely on it to protect you because a dedicated attacker will get through it easily.

  44. Shawn, in your video, you are using a standard dictionary to crack your password. Nice. If you want to have a secure network, then you use all of the 256 bits (or 64 ASCII characters) of the passphrase to encrypt it (who sais you need to be able to remember it, just create a completely random key and write it down).
    That means, there are 2^256 possible combinations of ones and zeros your password can contain, which means there are 1157920890000000000000000000000000000000000000000000000000000000000000000000000 possibilities to go through. Having in mind that an up-to-date processor with 3 Gigahertz can do 3 000 000 000 operations per second, you can imagine how many.. uh… decades it would take to successfully crack that passphrase.
    After all, you usually try other methods to gain access to the network than cracking the passphrase anyway, but that’s a different story.

  45. In response to you not using a wireless network anymore, you should just use Mac address authentication or blocking. Just have your computers in the Mac address area of the router. One top just use WPA or even WPA 2.0, WEP is out of date and just makes people who aren’t technically inclined to not connect.

  46. me add few words to it

    Cracking WEP is not a new thing, because of weakness in its design. few reasons why wep is weak are:

    1. Same key is used forever (until one fine day you decide to change it!), there is no concept of rekeying.

    2. Also remember that 128bit key is not exactly 128 (128 is just a marketing number!), it is actually 104 bits (which is the lenght of your password). Remaining 24 bits are called Initialization vector (IV), this IV is incremented for every packet and this IV is combined with your password to make it 128bit (and IV is visible to anybody with a sniffer, coz it is sent with the packet without any encryption). Certain combinations of password and IV generate something called WEAK keys, which help in cracking keys (search “FMS attack” on google for more details).

    3. Most important point: password that you enter, is finally used for encryption. which means that if you crack key from one packet, whole network is yours .. wow!.

    Solution of all these problems is WPA/WPA2, which addresses all these problems by:

    1. lenght of IV increased to 48bits.
    2. Built in mechanism for rekying.
    3. New key is generated for every packet: so if you are able to crack key for one packet. There is nothing useful u can do.

    4. Password that u enter is not used for encryption, it is used (with lot of other info.) to generate per packet keys as mentioned in #3.

    I am sure cracking WPA is not simple as WEP, so for few years we can live in peace with WPA/WPA2.

    hope this info helps!

  47. Use SecureMyWiFi from WiTopia ( It gives you the same wireless security big companies and government use (WPA-Enterprise) for 9.99 a year. None of that other stuff works. WPA-personal/psk is considered “okay” but is still weaker than WPA-Enterprise and must be managed.

    Your AP must be able to support the enhanced security, but most all newer (last 3 years) do such as most Linksys, D-Link, and Apple…as well as many others.

    It also supports 802.1x and 802.11i as well as what manufacturers may call WPA-RADIUS (Linksys) or WPA-EAP (D-Link)

    Bottom line is when you use the needn’t worry about any of that crap. 🙂

  48. Ok all here is the true design of secure wireless networks.

    WPA2 – uses AES encryption still weak but no as weak as WEP or WPA
    WEP & WPA both use the weak RC4 encryption technique

    get an access point that uses WPA2 and set that up. disable SSID or not doesnt matter.

    Setup a linux box with 2 network cards in it. Install FreeRADIUS and OpenVPN. Setup OpenVPN with an AH(Authentication Header(protocol 51)) using SHA1 and ESP (Encapsulated Security Protocol(protocol 50))
    using 3DES encryption and a key lifetime of 60 Minutes. Have OpenVPN connect to FreeRADIUS for authentication. Install OpenVPN on the client and setup to tunnel everything. connect one network card to your internal network and connect the other cable to the Access Point(should be X-over Cable). Use OpenVPN to close the bridge between the internal and external networks.

    if someone cracks your WPA2 encryption so what. They wont crack an IPSec tunnel with a key lifetime of 60 minutes.

    Dont trust others with your security trust only yourself.
    because remember I dont have to be the most secure! Only more secure then you.

  49. Pingback: High T3ch Magazine
  50. Best ways to secure your wireless networks:

    Live in the middle of nowhere.

    Turn it off.

    Aside from that the jump from WEP to WPA will slow people down but a persistent intruder will get in regardless.

  51. Hi
    This is not a good article on How to crack a protected WLAN.
    I implemented with Server 2003 an IAS-Radius server with 802.1x AP capable and I logged all the connections through a Syslog server and the Event Viewer of Windows-IAS, nothing and anyone enter into my lan or AP from 6 months.

    A good Article is those:
    Excuse for my poor English.

  52. yo that is sick……….i dont know much but i’m learning more every that what up u just show me something……………..


  53. as said WPA2 + AES backed up with a RADIUS server and a strong random 63 chara passkey no one is getting in

  54. The best way to secure your network is to have it hardwired, not wireless.

    While any ding-dong with a laptop and wi-fi card can, given the desire and enough time, crack your wireless network from down the street, it’s a whole ‘nother matter for them to physically splice into your CAT5-e cables without committing felony burglary and risking getting caught.

    So, unless you’re a genius inventor with a way of turning water into gasoline, or a political thought-criminal of the Bush Regime, you’re not going to have to worry about someone breaking into your house to place a covert node into your wired network. :p

    Wired home networks are virtually immune to interference, covert tapping, or the other hassles associated with wi-fi.

    Old school still rules! Wireless is for the lazy bastards who can’t be bothered with a little work with cables and crimpers.

  55. A friend of mine with a network said this:

    Two things that will stop this.

    Don’t use WEP unless you are ASKING for your network to be cracked.
    Don’t broadcast your SSID. That’s like saying “He’s the portcullus … try and break in”.

    If you have WPA encrypytion and don’t broadcast your SSID, your saying “These’s a secret door somewhere in this dungeon …. try and find it. Oh, and by the way … the lock on that secret changes itself every 10 seconds”.


  56. Its probably cheaper to put your wireless router on a switched power outlet….

    I agree. You can’t keep a determined, resourceful hacker from piggybacking your wireless and you have no idea why they might be doing that…..

  57. Ok.. so i saw this video and was like.. cooll.. i wanna try this.. so I followed the exact directions and used my macbook (need the r159 version) to give it a shot.. somehow kismac won’t let me do bruteforce or wordlist because ” I don’t have enough packets collected” or something like that. I have 1543 packets right now.. you only had a tenth of that… soo.. i have no idea how you got it to work at all..

  58. I dunno to be honest, maybe it’s because mine’s an old Titanium laptop with an old 802.11b Airport or something… {shrug}

  59. Now that everyone has chipped their two cents on wireless security, could you tell me which GPS unit have you been using? I am a kisMAC user, and I have been scoping out a portable unit I can take out on my mountain bike, as well as being osx/kisMAC compatible.


  60. the new macbooks with the airport extreme wireless devices are not supported by kismac. they will scan for networks in active mode, but nothing more.

  61. hey i have many secured wireless networks near my place but i could not ge access to it what i shold do to use those secured wireless networks.


  63. I’m not sure what GPS unit he used, but I’ve successfully used a Garmin eTrex Vista with my iBook and Kismac. I have a Keyspan serial-USB converter and after installing the Keyspan drivers it shows right up.

  64. I looked at cracking WEP a while back and it really takes Linux with two network cards. That means that “normal” people won’t be cracking your network–only those who are more tech savvy or they wouldn’t know Linux. That means if they WANT to crack into your security they WILL, no matter what.

    But why waste time on your little home network that has letters to grandma? The serious crackers go after the companies where they can actually use the information they retrieve. And if they wanted to retrieve info from home networks, why not pick one of the millions of unsecured home networks out there you can find in any neighborhood?

    That means you really only have to be concerned about the person who has a little bit of knowledge and wants to experiment. To keep those people out of your network, the above mentioned ideas will keep all the Windows and Macintosh users out–Hide the SSID, WPA, MAC Address Filtering, etc. These are available on most routers as standard options for the “normal” person and don’t take a lot of money and resources to set up.

    Of course, if you’re stupid enough to use a simple password, then basic Macintosh programs like the one in the video will get through. You deserve whatever happens after that!

  65. Hi! I’m using MAC OS X Tiger 10.4.7 and D-Link DWL-122 with the driver 1.4.7 and Kismac is very slow in gathering packets. I was trying to crack my home network – WEP enabled and 802.11b
    I disabled the firewall and such thing but Kismac is very very slow and sometimes crashes. Why is that?

    Do I need to use the Airport too so I can gather more packets?
    Please reply to my email or something like that.

    Many thanks. /ibook g4 1ghz – tiger 10.4.7

  66. So, i’m not the only one who is having problems with kismac on their reasonably new Macbooks. Has anyone out there managed to sort the problem or is there an update on the way? Or is it simply just a hardware problem that can’t be resolved? I’m new to the sexy world of Mac so any help would be appreciated.

  67. For the hardy, get yourself a Soekris box ( and build your own router or wireless AP/router ( get compatible minipci wireless card at You can put a laptop hard drive in them but a compact flash installed with ram file system is better for running 24/7/375 but more challenging. Install OpenBSD and write your firewall rules to use authpf for authentication on the gateway.

    Now, someone has to authenticate with ssh to your router or wifi AP before they can go anywhere. There are howto’s on the net. You can even direct non- authenticated users to a web server that comes with the default OpenBSD installation with a page telling them whatever you want.

    Now you don’t have to worry about someone cracking your WEP. You can even have an open access point but put the wireless interface on a subnet isolated from your regular network. I just finished mine and it rocks!

  68. for all you n00bs have look at an ASCII to hex table and look at all the characters that arent in a dictionary

    as a hint try

    these make really good characters to put into a hexidecimal version of your wep key

    cos its impossible to type them into a form and thereby pretty hard to get them into a dictionary attack

    try craking the following wep for example


    I doubt that will take 60 seconds more like 24 hours on a brute force attack on a hard hitting dual processor machine

    wep is aight if your choose your cipher well, even a blind man can see that

  69. Some people still seem to be missing the point that real “attacks” don’t count on dictionary files. It doesn’t matter if you use non printing chars in a situation where the key is still being sent over a public authentication system(airwaves) the key is not guessed, it is extracted from large volumes of reconnection attempts (or other network traffic) from clients (or spoofed to look like from valid clients) on the network. It is not heuristic or even statistical it is definite, it just takes time.
    Thats my understanding anyway…

  70. what`s up

    I have Wireless internet !

    I am with some software get some Mac Address,
    but How to running three Mac Address on one machine or more ? if you can make this tell me .

    00:0F:00:A1:00:F0 –\
    00:AA:00:1A:00:00 ——– > running one PC
    00:AE:00:00:00:00 –/

  71. above i believe i saw someone requesting the names of some windows cracking utilities, so i thought i’d make a list of the ones i have used:
    cain&abel, lophtcrack,airsnort,aircrack,ettercap,ethereal
    packet cap utils like ethereal aren’t crackers, but can be used
    with crackers like cian, or lopht
    note: cain has the option of using rainbow tables(precalc’d hashes) which are the 0wnage, period

    i in no way promote the usage of windows, or mac, switch to slackware, unbuntu, gentoo, or somthin’

  72. Quit whining about WEP. Everyone knows that it is weak.

    Funny thing about WPA and MAC address protection on your networks. Unfortunately, it isn’t very secure. If you are using either Auditor or Backtrack, slackware based distributions of linux, you are capable of breaking into both. Anything can be broken, regardless of how strong we believe the encryption is, some just require more technical know-how.

    However, your average home user shouldn’t worry about this kind of stuff. So what if your neighbor decides they want free Internet… rotating your WEP / WPA keys is a good idea anyway, just like any other password. Many people believe that MAC address selection is a safe-way to eliminate any hacker from entering your network. Unfortunately, the above mentioned distributions of linux are capable of detecting, deauthorizing, and spoofing known MAC addresses on the network.

    Besides, if your goal is to break into Wifi on the road, understand that it is a crime to break in. “War Driving” as illegal as it may seem is not because it only identifies the networks, rather than trying to break in and authenticate yourself. If you have any cellphone company, consider saving yourself the time from actually learning how to operate your computer and get an EDGE enabled wireless card and have broadband speed Internet wherever you go, without the risk of breaking the law, or the effort.

    To test the validity of this article, I attempted to break into my own network. To simulate a home environment, I turned off all but one of my computers on wireless and in about 10 minutes it is possible… remember this article assumes massive network traffic is continuous, which we know not to be the case in any wireless network that is not heavily populated. By using an active attack, (packet reinjection) after a suitable packet is found, it is possible to break a 128 bit WPA key in about 10 minutes, which utilized a “strong” password generator.

    Face the facts, if you are worried about network security, unplug your computer.

  73. @Frankie: Get real, breaking into Wi-Fi security has nothing to do with your linux distro. You can do this on all kind of linux flavors (Mac as well, as this post proves), and there exists plenty of different software and wifi chipsets to use. I tend to use the aircrack-ng suite, I’ve yet to see a 128 bit wep password I cannot break.

    WPA is still considered pretty secure, but it is not uncrackable, instead of launching a full frontal attack on the crypto it is possible to de-authenticate users and record their authentication attempts and break it from there.

    But of course it is illegal to break into other peoples Wi-Fi networks, that is why you should only try this on YOUR own net.

  74. if you need wireless communication and want it to be secure i have an alternative. it is untested but! it should be easier to access than wired! harder to set up than wired! less secure than wired! require billions of times more maintenance than wired! cost thousands if not more dollars than wired! be much much slower than wired. corrupt far more data than wired!


  75. how do i start this kisMAC? where do i type the command? what EXACTLY do i type? ihave xp will it work? someone please give me a step by step instruction, very deatailed! PLEASE!!!!!i need to crack my neigbours WEP cus got no internet connection at my own house

  76. ash thats kinda messed up asking the exact thing that everyone is tryin to protect against here.

  77. What exactly could you do to a computer once you crack the WEP?

    Please e-mail me back
    [email protected]

    Would you be interested in helping me increase my security? I run a online game, And im searching around for someone to manage security

  78. can please tell me the name of a program that is like the kismac by compatable with windows please please please please please please please please please !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    or email the name of the program to
    [email protected]

    Please help me!!!!!!!!!


  80. Well what an interesting read this has been – Has made me look at wireless a little differently – However as I only read half the post dont know if anyone has suggested this for security… Firewall your wireless leave it as open as you like and handle the access past that point the only downside is somone could use you as a relay – Maybe you could use low lvl security for a deterant but ultimately dont rely on the AP for your security rely on a good firewall (free one like Pfsense on an old box – or even somthing with an imbedded firewall with captive portal abilities or https security access.. ) anyway thats my 2and a half cents worth look forward to seeing more posts.


  81. Boy, there are a lot of stupids. Use XP/Ubuntu myself–the Windows user posts kill me (except for the obviously fake one or two =)

    Couple things to get off my chest:

    1. Whitewolfwiggles smokes Grade A crack cocaine.
    2. Asking for help to crack is retarded and reminds of the Chiclet kids in Mexico. “Chiclet??” At least the kids are taking initiative!
    3. The dungeon / trapdoor analogy was bizarre and I bet he plays D&D, WoW or both.
    4. GPS question guy: knock it off and browse already!
    5. My head is spinning as I’m reminded about how much money can be made by legitimate security engineers.
    6. Is Shawn a shape-shifter or what?
    7. Posting your email (and JUNO or Hotmail for crying out loud) address is brilliant, but asking for the “file” to be emailed to you is, eh, um… brillianter.

    SHAMELESS PLUG: If you’re in Southern/Central California and require network auditing or infrastructure services, hit up my reputable limited-liability company at! We’re located just north of Santa Barbara in Lompoc.

  82. Hi guys
    i am 17 years old and i do not know a lot about this w-lan shit
    if anyone knows a link for cracking wep wit win xp
    Pleaseee i need it
    i have no intenet anymore because my grades at school are bad and i am a CSS ans WOW freak
    Please i have to know how to crack my neighboors WEP
    I have`nt played for 2 monthssss
    And know they are selling WOW BC
    and I have i Nightelf lvl 60 ………

  83. nah nah nah…
    attack a wireless wep – wpa is a kiddy thing… lets attack the router password of a wrt v23 sp2 box…

    lets see whos the first wich write here the steps of a correct pass search!!!

  84. how to crack and hack WEP keys? can anyone teach me to do? or send a email to me…
    im newbiez in computer security… i wanna learn more..

  85. Hello everybody! I was looking on internet for some information and programs in how to chack neighbours wireless. I found this web and I download the program Kismac 21a and kismac73p but I have a pc with XP, will this programs work in my computer? Is this safe, can someone help me in finding the right program? Thanks!

  86. come on you noobs i have been cracking 128 and 256 for agesnow and wpa and the aes system for god sake are you guys and girls so lame as to think yoursafe ? bluetooth is another one to crack a peace of cake.

    you bunch of retards if its broadcast it can be cracked and i will put money on any thing over 512 and beyond will only take me 1 hour tops. go on prove me wrong and i show you the doors. stuff the back door just go in the front door.

    ” it = idiot guys who bullshit for not knowing the facts
    ” itc = morons with a limited amount of knoledge and dont know the truth. as they are too scared to try it.

    the safe way is a cable in one end out the other simple. no joints etc. ” pass the cup and sting ” computers dont trust technology “

  87. hi guys,

    In our office, i have Motorolla Canopy Wireless, directly connected to our switch. the first time our ISP brought it, I can open it without a passowrd. but now, they changed the wireless device. with the same canopy wireless, I currently need to open ports so I can increase the download speed on emule.

    My boss does not know much about networking, when I called our isp, he seriously rejected it, now, I still need to open the ports to allow me to download the files. on emule if some one can assist me please. the ISP has changed the password. I need your assistance on opening the router, I try brute forcing it but no result.

    I thanks you all in advance you can contact me on afidegnum [at]

    I have

  88. For all of those asking about Windows, the OS doesn’t allow full monitor mode of the network card so this won’t work. There’s some custom drivers (commercial) that will allow auditing under Windows, but otherwise you’ll need to use a different OS (especially Linux-based).

  89. If your password is like 10 – 20 characters long
    with a combination of letters and number
    and no dictionary words or names
    you’ll be ok

  90. i just installed KisMac on my Mac OS X 10.4.9 and every time i doubleclick on the application it loads, then quits unexpectedly……. any reason why it does this???? im a newby so dont really know a lot

  91. Can anyone tell me how I can use my Airport Express on my G4 to ‘reinject’ the packets I collect?? Is it possible at all? Thanks!~

  92. Holy crap i cannot comprehend how many people are asking how to crack a wireless system. Do a search on google for about hmm, what, 2 minutes, and you have your information. Go figure it out yourselves!

    Actually, no. Pick up your pcs / macs and throw them out the window. You dont deserve them.

  93. Azmi keep trying…Im sure you will be able to figure it out if you just apply yourself

  94. hi,
    i am not it freek…i neesd help, i live in spain and i my house few people have wireless connection…and i want to have it for free without them to know it…so somebody please bee that kind and help me to get into this rich people nework….please……here is my mail if somebody would like to help me with it….hihihihihi uahhhh

  95. and i forget my skype Zuzicek.zuzik……thank youuuu what program i need to crak the network pleaseee people help me

  96. Someone asked how long it would take to brute force your way through WPA. WPA has a sufficient encryption key recycling time of about 900 billion years (compared to the 72 some-odd hours of a high-bit WEP) before it repeats itself. So, unless you get lucky, you’d need about 3 or 4 complete cycles and sufficient processor power to analyze all that data for a more efficient brute force.

    Please correct me if I was misinformed or my data is off.

  97. hello can email me on [email protected] for all who asking how to crack a wireless network…i can share you some program’s its not really that hard, but the signal need’s to be atleast low its its too low it wont work..and its better if the signal was good there is couple of package program’s to collect internet package throught wireless connection and if you really want to secure your internet in nice easy way,i know some trick’s would help you and need to worry even if they have those program’s but in all way’s even if your wireless connection was secure… was wpa=psk or wpa-radius server or wep 182 or 64 bit there is always a way to enter the house.but there is not always a good welcome 😉 but what we gotta do to survive is what we gotta email me..and if you need to understant your network more…i also can help, anyways…iam always busy,so dont wory if it took me like 2 days to answer on your email. but i will answer it..just would took me a while.

  98. my favorite program to use is cain and abel it has a good brute force cracker and a large amount of dictionary force tatics i reccommend that it can crack any wep with in min, i
    ve had it break some small WPa but like im tryong to make my way up to cracking a 128 bit wpa but aircrack is always the best thing by me

    if u need a website u can pay for a great brute force attack with a 40 million word dictionary

  99. Where can a copy of KisMAC be acquired, now that the developer has stopped working on any future updates? MacUpdate and Versiontracker both no longer download — when I select the “Download Now” option, nothing happens — anybody got a mirror?



  100. I don’t have that problem. I register my network computers’ MAC addresses and only those can access . LOL.

  101. Steps to install KisMAC on Windows:

    1.) Find a revolver and some ammo
    2.) Load up the revolver
    3.) Place the barrel squarely against your temple
    4.) Squeeze the trigger
    5.) If possible repeat steps 1 – 4

    It is recommended that the revolver be a .38 cal or greater for maximum benefit.

  102. Several things here… first off WPA can be cracked very easily as well. I cracked the one here at my rental office by letting the programs run and capture packets on a light traffic day in a few hours. Also, don’t be tricked into thinking your MAC address filter will work either because you can change your MAC address to one that is like 1 number off of the routers MAC and it will accept it because it believes it is it’s own. Wireless isn’t safe regardless but it’s a hell of a lot easier to use. Don’t go putting TOP SECRET files on your network if it’s wireless though! Use it for your ease of access.

  103. hellow sir am using one of my near shopping mall wireless internet but recently they locked that one so i can break?…….plz send me ur reply on my mail

    thanking in advance

  104. Quote:Azmi Says:

    May 9th, 2007 at 6:25 am
    Hi, this is the file name : KisMAC.dmg how do i install it on my Win xp ?


  105. If the goal is to crack a home network from the curb, who’s going to be monitoring the wireless network for a flood of ARPs?

    Even with a corporate network, is an attack of this sort likely to be noticed? Running a spoofed mac id and pounding the network for say 5-10 seconds (to spread it out a bit), is anyone going to notice that host A seemed excessively curious about host B (at the ARP level, not at the IP firewall level?)

  106. hie, is KisMAC compatable to Win xp operating system?
    is der any similar software available? can i email
    the link to me. thanking you.

  107. Where can i find the software to crack the wireless network. KISMAC takes me to another site where you dont have any downloadable software.

  108. Hello my self vikas i wanna crack the WEP for my wirless n/w
    what should i do? please send the instructions or points step wise in my E mail Id

  109. kismet only works with older network cards. I dont think anyone here is ever going to take your hand like a kid and teach you how to hack someone else’s network. Your waisting your time. If you want to learn how to hack, stop begging start researching and reading because no one is gonna take your hand and lay it all out for you. The Knowledge is out there. Just look really hard and dont give up after a few months. It took me 3 years to get as good as i am now.
    Good luck

  110. not to say that this article is worthless or anything, but has anybody with a computer /really/ not heard about wep cracking? i mean, have you all been under a rock for the past one/two years?

  111. i want to crack a wireless wep key ,but nothing. i use
    most than 20 programmes for cracking but nothing.
    have you got to offer me something

  112. hope someone can help.
    I have a new macnook and have just moved to taiwan to teach. Its a nightmare getting a internet service set up for a foriengner so im looking into hacking a wifi server. Ive installed this program (kismac) and ran it. it finds all the providers but im not sure what to do from there. Ive picked one with the strongest signal and then tried to hack by just choosing randomly the type of hack i want. it returns a message either saying this isnt the right type of hack, or the not enough data has been collected. when i look in the fields no data has been collected at all for any of the networks. can anyone help? thanks

  113. are you sure that you can do the same thing not on your networks? in that case i think that you shoul deauthenticate the users of the network so that they will make arp request and use a wireless card that supports injection (not airport extreme)..and you would need definately more packets

  114. i use another program and i made it my self and it WORKS!!!
    i am conetcing to the T-COM in Zagreb trought that program and they cant chatch me
    lol lol lol

  115. hey i really wanna know i hav some 4 wifi networks around my home and i guess all of them use wpa … i use a dell 1390 wlan mini card is it by any means possible for me to crack any one of em? i ve been trin harder but i guess i cannot use air crack cause i dont hav it under their supported list ..?? wat else can i try??plz help me out

  116. Hi, I have to do a project about WEB crack, with airchack or another tools. Can you help me please!!
    I´m from Panama.


  117. sloppy IV (initialization vector) makes WEP predictable. That is not the case for WPA2 if you network supports it.


  119. Hi All, Is there something equivalently “good” out there, that works on XP ? I have tried “CommView”. Sadly to say, it’s just a piece of shit!!

  120. OMG! Are you freek’n kidding me? Did anyone here watch the video? Thanks for posting it btw. Take a minute and think about it. Someone, anyone can go download a program and if they can figure out how to install it (Azmi – you dumb-ass, you can’t open a .dmz file with windows. It is a zip file for Linux and MAC) they can crack your WEP wireless. As for all other networks, your shit ain’t safe there either. Even you “I don’t use wireless at my house” people aren’t safe, unless you’re on dialup or DSL. Cable customers, forget it… What’s your address and we’ll be transferring the porn you’ve been hiding to your parents screen saver.
    Hackerpro, love the it & itc = deal. Jeremy, funny ass stuff!
    To all who are directly asking, “how do I hack my neighbors wireless,” are you really that stupid? You obviously figured out how to turn on your computer and can type a semi-legitimate sentence; try google, yahoo, or and you’ll find your ‘how to.’
    To the ones with program questions you might want to try using the documentation files from the website where you downloaded it from! Most of them have their own forums specifically for their software…

    Remember, every day is a good day to loose your data and your shit is only as ‘secure’ as you want to believe it is. Encrypt everything and back it up regularly or it ain’t yours no more…

  121. hey that is a sweet vdeo but when i go to my kismac i got the same version 0.21a on a ( this is directly from my about this mac thing
    (Mac OS X
    Version 10.5.1
    (software update)
    Prosessor: 2 GHz Intel Core 2 Duo
    Memory: 1gb 667 MHz DDR2 SDRAM
    Startup Disk: Macintosh HD
    (more info)
    Tm & (c) 1983-2007 apple Inc.
    All Rights Reserved

    that was all from my about this mac and i have a 80gb macbook running the new os i think its leopord and the question was what am i doing wrong when i open my kismac and click scan it says

    No Driver Selected
    Please select a WiFi Driver in the Preferences Window!

    WTF does that mean what am i doing wrong and i really need to get my wireless password because i changed it and forgot it

  122. *sniggers*
    .dmg files only work on macs, windows is no good, so it cannot do stuff like drag-and-drop installation. There are cracking apps available for windows (some are rather good). They are listed above somewhere (search this page for “cain”).

    To be fair, if you did not know this, and did not just look up why it did not work yourself, you are not the sort of person who will get far trying to crack wireless security.

  123. ok first off there is no password what so ever uncrackable, You are never safe. With about 40/mb tables set up you can crack any passy within 10 minutes max on a decent pc. IP can be spoofed and Mac address can to. I been teaching myself on google for years. Now you can disable it when not in use and dl a program to monitor when your on it and it will alert you when someone starts use but you cant stop it without shutting down. That said anyone with to much time on their hands can and will crack into your wireless period. It will never stop, new encryption hackers find new faults, as simple as that

  124. The best thing you can do is the following:

    Leave your wireless SSID as public Free access point BUT! only allow the MAC address of your own products to connect to your wireless network. No WEP, No WPA and every time they try to connect you’ll see their MAC being listed and can block them! 😀

  125. WEP isn’t really secure, its more of a deterrent. If you do switch to WPA, make sure that you don’t use dictionary words and change your network name to a non-standard one.

    And for those people who say “brute force the wpa”. Yeah, right. The time basically becomes infinite (even with a quad core computer) with passwords greater than 12 characters.

    What really works for wpa is forced deauthentication and then watching for the handshake as clients connect. When you do that, you can use existing wpa tables (about 33 GBs) to find the key.

    Only two (fairly) secure platforms exist: wpa2/wpa using a radius server or a NON-pre shared key for wpa2/wpa.

    And, I’m pretty sure that you need a better/more well supported wireless card for kisMAC. Doesn’t Mac use Intel based chipsets (which aren’t very well supported for injection).

    Basically, those who see this and think “oh, lolCo4sTeR!!!111; I’m gon4 H4xx0rz some networks!!!111” likely doesn’t have the patience or time to figure out how to really get it set up (at least on linux they wouldn’t….mac maybe with a diff adapter).

  126. .dmg files do not work on Xp without an emulator. Try looking on google……

    The Video is clearly faked. You can not do that without previously being in that network having the password still in your internet cache.


  127. i m using windows xp..
    in my collage premises i found many wirless router
    but i am not able to access them.
    give solution for this

  128. lol, use point to point communications, thats somthing tech savy no fck all about since its a directional tx/rx (it is a bight like a laser pointer it goes a set distance in a straiht line)
    use it like many corporations do for building to building hook up, and hard wire everything else.

    wireless is easy to crack in any flavour the only point to setting a password on it is to stop some kid from getting free net access or worse a pedo from using your network. unless your some sad freek with a usage limit in which case you shouldnt use wireless

  129. MAC addresses can easily be cloned so do not be fooled by people who say create an ACL to prevent unwanted users with different MAC addresses. Use WPA2 if possible or WPA and change your password every 6 months

  130. Dude! Please help me. I have tried so badly to get kismac working on my Mac but when I hit Start Scan the progress bar starts and it knocks out my Air Card. I then have to restart the system to get my card back. It never identifies any networks. What am i doing wrong? I’m using Kismac trunk r239 and this is my system.
    CPU Type: PowerPC G4
    CPU Speed: 1.67 GHz
    Wireless Card Type: AirPort Extreme

    HELP! Please.

  131. Hi iam a student from sweden and studies graphic/webdesign. The programs is so expensive and i dont know how to do a crack. It not easy to do it. I tried all ways, to copy the file and so on, it doesnt work!. I really want the easiest way to do it. Can u help me? please send a reply to my mail.

    Regreatings: Maya

  132. I just happened back across this site and see that not much has changed in the power of the morons. I myself am a noob and i still don’t wine this much!!! Just look the stuff up, its not that hard. place to start. By the way look before you download the f****** file. Wrong OS. And really getting a job to pay for Internet isn’t that hard. LOL pick up a shovel or rake. 😀

  133. Nice guide, thanx. When I tried to crack WEP, I have found it quite difficult, therefore I have bought a guide on eBay how to do it. I don’t remember name of this guy, try to do a search on “crack wifi”. His manual really worked for me and it was cheap. So it was nobrainer for me.

  134. mac filtering is easy to crack also. just capture some packets and take a valid mac address from the unencrypted header and clone it on your machine. Now your authorized by mac filtering.

  135. Ok, I’m a rookie, trying to figure out how to use a locked network if I happen to be on the road and want to get on the net. But while I was trying to figure this out at home it came up with these notices and I can’t figure out how to get past them:

    KisMAC is not able to load the Apple Airport driver, if you killed it by loading the Viha driver. Try restarting KisMAC.

    and after hitting “OK” ten times it says:

    KisMAC was able to load the driver backend for Airport Card, but it was unable to create an interface. Make sure your capture device is properly plugged in. If you think everything is correct, you can try to restart your computer. Maybe your console.log and system.log show more details.

    can someone please explain to me how to get past this so it’ll work the way I want it to… thanks…

  136. At the end of the day, you still need to capture x number of packets to crak wep, etc. uness someone targets a street to steal info for the most home users dont need to worry.
    anyone who war drives in public areas, sniff and crack are idiots.
    use it to advise people not steal from them

  137. Why worry about security from your network layer? I always assume my networks are unsecured. Lock down your data. Lock down access to your systems. Your network can be accessed by any id10t with an ethernet cord. Wireless just means that the “intruder” does not need to pick your front door to get access. Assume your not secure, and work from there.

    Of course this is overstating the issue. Firewalls are better than not. WPA2 is better than unsecured, etc. But they just keep honest people honest. True security is an ever vigilant battle.

    My advice is always assume you are on a “hostile” network and you are starting from a better place.

  138. Don’t Trust anything is secure, even if it’s in a vacuum sealed safe, but especially don’t trust anything with a door that never closes like the Internet.

    Having said that, don’t get annoyed because it probably is in your best interest to turn of your wireless router when you’re not using it, you may have an old router that doesn’t support WPA2-PSK, and maybe WEP is still all that you can use to encrypt your wireless traffic.

    Whatever the reason, have some fun with it. Since we’re on the topic of security, create a new home security system for yourself. Buy a motion sensor, connect it to the power source for the power strip that powers your cable model and wireless router, and magic…peace of mind.


    Extra Credit… Just one more step to create a makeshift home security system… add e-mail to self and you’ll possibly even figure out how to snap a photo or video of your cat every time he decides to test your security system for you…

    (If you have no cat, or anything else that moves in your home when you are not there, then you are likely worrying about your home being broken into right now because you haven’t done this yet and you’re not home now. If you are home, then there’s no need to worry about anyone breaking into your home, because you are there… that is unless THEY are coming after you, then you should be worried because THEY are coming after you, panic.




    GET OUT.

    Don’t keep scrolling..

    What was that noise?

    (Just kidding, you’re probably going to be fine, and we all are rooting for you and home that you are safe and secure, just as soon as you figure out how to keep those neighbors from spying on your eBay transactions, which probably won’t make you any more secure, but Newman may no longer have that millisecond of latency advantage by intercepting your bid for that new pink snowboard that you plan to sport on the slopes in January.


  139. Hi everyone, I can not find my wireless network on KisMac?!?! how do we use it, I tryed everything but not sure how it works, how can i find my network and the ones of neighbors?

  140. My PC keeps detecting this WLAN network but I can’t seem to log on to it because its secured, how can I hack pass it without using passcode authentication, let anyone should enlighten me more on that.

    Thank People.

  141. I get the following error all the time:
    You have not collected enough data packets to perform this attack. Please capture some more traffic.

    I am on a live network. What’s the deal?

  142. hey guy im nt an IT guy but i kinda like pc’s n learning about them but i dnt like reading loads of books that are not straight forward but i would like to know how to crack a software in my way like im not farmiliar with html unix and so on but i would like to know something about how to anything as long as it doesnt mess me up

  143. hi,i already crack wep use windows+vmware+usb wifi.and i got the my problem i cannot connect to the signal.
    i dont know but i confuse and i just insert the AE:E7:10:0E:EA key.i still cannot connect to access the me please..

  144. Use a vpn, turn off broadcasting, use mac filter and wpa2. If someone gets through the wifi, they can’t do anything but surf.

  145. how can i cracke the wireless net .becoz i got the network of there net stability strong when i start my wireless account so if i want to use another wireless account but it require password so how can i cracke there passoword for using there wireless
    pls reply as soon as possible

  146. what is this crack usefull for? like can you use it to log into someones secure network for free internet mooching?

  147. The problem with WEP is it broadcasts it’s password, so it’s practically yelling out the password for anybody who knows how to listen. That is pretty much the biggest reason WPA is around. MAC Address filtering is a great idea, but if somebody knew what they were doing they could still get in if they knew a mac address on the list, and they spoofed it. A nice program I use is Network Magic, Cisco bought out the company that originally made it and it’s got some pretty good options to secure your network, such as locking out your network until a PC that has Network Magic allows it in. The only downside is all the PCs have the have it installed to get the full advantage that it has to offer.

  148. Perhaps the reason to crack wi-fi isn’t only because one cant afford to pay for it. But to be invisible to the public and posing an instant stool pigeon for his/her hacking cracking and communicative actions. ya think ???

  149. I have unrecoverably deleted an windows encryption key to my old laptop HD that contains all my photographs taken during my deployment to Iraq. (Nothing secret or classified in any way shape or form… just cool personal stuff) Just to make that a little snottier, the HD has taken some kind of dump too since my great blunder. Can anybody help me recover my pictures? It’s definitely worth a couple bux to me if successfully accomplished.

  150. To every one:

    There are A LOT of pages for wireless cracking using Linux, Windows, and according to this blog, Mac also.

    So, please stop asking and go to google it!!!!



  151. you bunch of retards if its broadcast it can be cracked and i will put money on any thing over 512 and beyond will only take me 1 hour tops. go on prove me wrong and i show you the doors. stuff the back door just go in the front door.

  152. Have you tried to activate a MAC filter? If you filter the connections by a MAC address even if someone crack the password… it would be useless… He’ll have to know at least one of your MAC addresses to access your wireless network… One other way to make your wireless LAN more secure, is to lower the broadcast power to the minimum that will actually cover perfectly inside your home (ok, your room mostly), but will fade fast going through the walls…

  153. Ho together,

    I am trying to test the security of my password but I son´t get any Packets or Data although the connection is on and there is some activity? does anyone have an idea what´s wrong?

  154. nice fantastic i hacked 2mb link linksys roughter oh!!!!!!!!!!!!!!!!!!!my God!!!!!!!!!!!any passward no tension………………..

  155. Many of the high end wireless vendors (enterprise class) feel wireless is pretty much total insecure, regardless of what encryption scheme you use – especially for highly sensitive networks at hospitals and such.

    For those types of networks, the better equipment can enforce a client-to-gateway VPN before it’ll allow wireless traffic to flow through the firewall. SonicWALL does this. You can crack the wireless encryption, but it won’t do you a lick of good since you can’t move any traffic through the wireless access point until you have established a VPN to the gateway from your PC. Since no one has ever compromised a 3DES VPN (and you shouldn’t use anything less!), you’re secure enough to move any sensitive data you like.

    The down side is that enterprise class wireless equipment isn’t cheap. Even the smalled SonicWALL wireless unit will run you $500 or so. On the plus side, the wireless is more reliable than consumer grade equipment. Dropped signals with enterprise class units are rare, where they’re so normal with consumer grade equipment that people don’t even think it’s odd that they have to reassociate their station every few hours or few days, or power-cycle their access point, which is just pathetic. As the saying goes, you get what you pay for.

  156. hackerpro:

    128 and 256-bit encryption are military grade. If they’re not compromised by a silly mistake, they are all but unbreakable. The math on brute forcing encryption at 128-bits is readily available online. This page shows the math clearly:

    And that is just 128-bit. Every bit you add doubles the complexity (and thus the time) to break. By the time you get to 256-bit, you might as well just forget it with current (or the foreseeable future) technology. Even decades from now, it’ll be impossible to break 256-bit encryption in anything close to a reasonable amount of time.

    128-bit encryption is used for many things, but most people encounter is most commonly via secure websites. Online banking, online shopping, etc. Whenever you see a website address with https:// before it, that is SSL (secure sockets layer) – 128-bit encryption. IPSec VPNs (virtual private networks) use 128-bit encryption as well, though they can use higher levels of encryption if so desired. Most people encounter VPNs if their employer allows them to work remotely.

    Do some research before you post such nonsense. You don’t have a clue what you’re talking about.

  157. thanks dude for info..
    now i just cracking WEP use usb wifi and windows.
    run image linux in vmware and attach usb wifi.i just type 1,2,3,4 and finnish..get the key in a few minute….
    i just follow step by step tutorial at

    just sharing.for share info..thanks a lot dude..

  158. Interesting how after so many posts on why MAC filtering offers no security, there are still people who will chime in stating that their network is secure because they use MAC filtering, and nothing else.

    Ignorance must truly be bliss.

  159. I have Mid 07 macbook, 10.5.8, 2.16 Ghz intel core 2 Duo, Airport Extreme, I am using kismac ver 0.2.99. When I select any Apple driver in the “Preference” (the “injection” option is grey, so I can not check it, I unloaded & reloaded app like crazy), I then start scanning, I can see the wireless network but can not “inject”. I get the “Injection Driver” error. It seems to me that the drivers this program has are no good? So a few questions,
    1. Did Apple disable passive mode for the wireless cards?
    2. Can I get the driver for the wireless card, if so how/where can I place the driver so the program can use it?
    3. Is there a better program for Apple computers?

  160. Anything is Hackable. IF ITS MAN MADE IT CAN BE HACKED!! You just need the rite guy to stumble across your network with time on his hands.Iv found the best way to ensure security with a home or small office network that is. When you not using it turn it off….. Remember you dont need the best of the best security all you need is better security than the links in your area. A hacker will mostly attack the weakest network.

  161. its an obvious fake.
    show me where dict_words is located. i have kismac and have never seen it.
    either you have an incredibly weak password or you added your password to the word list.

  162. What is amazing here is noobs are still reading this small blurb written on hacking wep that was written in 2006!
    And its still relevant because so many idiots are still using wep…

  163. i want to subscribe it now …….i want to to learn every thing in the world of cracking ……give me some some way to do it successfully…

  164. I really couldn’t be bothered to read ALL of those comments, they’re all the same, and now here’s mine.

    You can use aircrack-ng on windows, linux, and MAC I have a Sweex LW053 USB adapter which uses the RT73 chipset… It’s all you need to test your security, there are many dictionaries to use, even hex ones for those of you using a BT Homehub with WPA. So far WPA2 has been the toughest for me to crack… when I say tough I mean it took the longest it is in no way “Impossible” even with random characters… you can generate lists using software, giving you every possible combination you just tell it lengths, wait for a handshake, load the dictionary into aircrack and off you go!

    Want to be safe? lose the wireless and cable your house! or use those plug socket converters, even then you will be prey to web attacks, but do you really keep things that sesitive on your PC? Maybe you need to stop…

  165. MAC filtering wont help you because it can be easily sniffed and reused
    (Im running linux and i can change my network card MAC adress within seconds).
    As you could see in the video, this was breaking in using predefined password list that wasnt even very long so its possible that video creator used some lame crack tool to hack in and then just set passwords as needed.
    Maybe im blind (i didnt even watched entire video), but he was ,,hacking” wep 56 bit WEP secured networks (128 bit key or 104 bit key doesnt also mean its that much bit algorithm). Anyway it was lame password cracking tool.

  166. I can’t believe how dumb nerds can be.
    Wireless security is about not only mitigation, but how many levels of security you have. No just MAC filtering will not help you as MACs can be spoofed. NO, not broadcasting your SSID won’t make you invisible. NO WPA2 with a crappy keyphrase is dumb. If you have MAC filtering, plus not broadcasting your SSID, AND WPA2 WITH a good keyphrase (max length while utilizing all types of characters) then someone is really going to have to specifically target YOU and really hate you to get in. As for some of those 60 sec hacks, not going to happen if you have a good keyphrase. Just don’t use penguin as your keyphrase.

  167. WEP is like the privacy lock on a bathroom door.
    For me, WEP is not trying to ‘secure’ my wireless against hackers, it’s keeping the neighbor’s guests from stumbling onto my network when they power up their laptops and sucking my bandwidth while I’m trying to stream a movie.
    And I don’t think I’m alone. WEP is still widely available on older devices that don’t have WPA and has less of a performance hit. Personally, I’m glad people still use WEP, because if I’m traveling and REALLY needed to get wireless access, I can crack someone’s WEP key in minutes….same as I could stick a screwdriver in that bathroom door lock if I REALLY needed to use it… 🙂
    So WEP is not relevant for ‘security’, but it’s plenty adequate for most people’s privacy.

  168. Can someone what I would need to crack wpa2 with an character password with upper and lower case, numbers and sspecial characters. A dictionary hack only works if the password is in the dictionary.

  169. Most of router user dont active the mac address verification system and most of company just use default and just with wep or wpa security. So you most time you will get some easy network to crack down. Just keep enjoy !!!!! Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *