10-07-2016, 04:43 AM
WEP Wifi Hacking Tutorial
WEP stands for Wired Equivalent Privacy, and this form of encryption is relativity weak, so can be cracked with some speed. It has been replaced by modern networks by WPA and WPA2 encryption, which i will cover in subsequent tutorials, but WEP is still surprisingly common, so it is a worthy subject for the beginning tutorial in my series.
Cracking a WEP encryption basically works on the principle of capturing packets of data sent on the network, and using them to decode the encryption key.
We will be using Aircrack-NG in Kali Linux to crack the encryption in this tutorial, which is my favorite program for cracking wireless networks.
Note: You will need a wireless adapter that can support packet injection. Such as this one. Click Here.
1) Find your wireless adapters name
This is simple, just open a terminal and use this command to find your wireless adapters identifier:
Code:
Code:
airmon-ng
For example, the adapter name might me wlan0 or wlan1. You can check this by typing:
Code:
ifconfig
2) Open Aircrack-Ng in Kali
This step is self explanatory. Then, Put the Wireless Adapter into Monitor Mode or Promiscuous Mode, by using this command:
Code:
Code:
airmon-ng start wlan0
Of course, use the name of your wireless adapter in place of wlan0. airmon-ng will now name the monitor-mode wireless adapter wlan0mon.
IF YOU WANT TO REMAIN ANONYMOUS, THEN SPOOF YOUR MAC, run these commands:
Code:
Code:
ifconfig wlan0mon down
macchanger -m 99:88:77:66:55:44 wlan0mon
ifconfig wlan0mon up
This will change your MAC address of your wireless adapter, you can run it again for wlan0mon.
3) Start Capturing Traffic
We now need to start capturing "traffic" - wireless data being sent. We do this by using the airodump-ng command with the monitoring interface, wlan0mon, to capture and show us data about networks the interface can detect:
Code:
Code:
airodump-ng wlan0mon
You should see a list of Access Points appear after a small wait. Make sure the network you are targeting is using WEP encryption for this tutorial.
4) Capture traffic to/from the target AP
Use the following command to begin capturing data from the network you are targeting:
Code:
Code:
airodump-ng --bssid 00:11:22:33:44:55 -c 11 -w example wlan0mon
Replace 00:11:22:33:44:55 with the bssid of the network you are targeting, and the 11 with the channel of the target network. "example" is the name of the file you want to store the captured packets in. They are stored in pcap format. The channel and bssid are obtained from the list of networks you got in step 3.
5) Capture enough packets to crack the encryption!
We could just wait until we capture enough data, but there is a faster way: we will need to inject packets into the AP. We can do this by imitating or "spoofing" a legitimate user connected to the network, using their MAC address. Just wait until someone connects.
6) Inject ARP Traffic
Next, we can use the aireplay-ng command to spoof their MAC address and inject packets. We just need the bssid of the AP and the MAC address of the client who connected to the AP. All we need to do is capture an "ARP" (Address Resolution Protocol) packet and then replay that ARP thousands of times in order to generate the "initialization vectors" that we need to crack WEP! Run this command in a new terminal window:
Code:
Code:
aireplay-ng -3 -b 00:11:22:33:44:55 -h 99:88:77:66:55:44 wlan0mon
Where 00:11:22:33:44:55 is the bssid again, and 99:88:77:66:55:44 is the clients MAC address. After this command is run, the airodump-ng running in the other terminal will capture enough packets to crack the WEP.
7) Crack the Password
When we have captured several thousand packets, we can crack the password in the "example" file, by using the aircrack-ng command like this:
Code:
Code:
aircrack-ng example-01.cap
If we have enough IVs, aircrack-ng the key will be cracked and displayed on the screen, usually in hexadecimal format. You can now log in to the wireless using that key, and you are connected!
Thanks for reading, please reply with your thanks if you enjoyed this and/or found it useful.
Check Out My Free Crypting Service Here