Hack WiFi WEP Passwords

Hack WiFi WEP Passwords with Aircrack-Ng With Ease

It's only fair to share...Digg thisShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInFlattr the authorShare on TumblrShare on VKShare on YummlyShare on RedditShare on StumbleUpon

Hack WiFi WEP Passwords

 

Hack WiFi WEP Passwords with Aircrack-Ng. Despite these known weaknesses, there are still a significant number of these legacy APs in use. I was recently (July 2013) working at a major U.S. Department of Defense contractor in Northern Virginia, and in that building, probably a quarter of the wireless APs were still using WEP! Hack WiFi WEP Passwords with Aircrack-Ng With Ease

Apparently, a number of home users and small businesses bought their APs years ago, have never upgraded, and don’t realize or don’t care about its lack of security.

The flaws in WEP make it susceptible to various statistical cracking techniques. WEP uses RC4 for encryption, and RC4 requires that the initialization vectors (IVs) be random. The implementation of RC4 in WEP repeats that IV about every 6,000 frames. If we can capture enough of the IVs, we can decipher the key!

 

First, if you hack someone else’s Wi-Fi router, you can navigate around the web anonymously, or more precisely, with someone else’s IP address. Second, once you hack the Wi-Fi router, you can decrypt their traffic and use a sniffing tool like Wireshark or tcpdump to capture and spy on all of their traffic. Third, if you use torrents to download large files, you can use someone else’s bandwidth, rather than your own. Hack WiFi WEP Passwords with Aircrack-Ng With Ease

Let’s take a look at cracking WEP with the best wireless hacking tool available, aircrack-ng! Hacking wireless is one of my personal favorites!

 

ALSO READ  Perform a Man in the Middle Attacks With Ettercap

 

Step 1

Open Aircrack-Ng in BackTrack

Let’s start by firing up BackTrack and make certain that our wireless adapter is recognized and operational.

  • iwconfig

Wireless adapter is recognized by BackTrack and is renamed wlan0. Yours may be wlan1 or wlan2.

Step 2

Put the Wireless Adapter into Monitor Mode

Next, we need to put the wireless adapter into monitor or promiscuous mode. We can do that by typing:

  • airmon-ng start wlan0

Note that the interface’s name has been changed to mon0 by airmon-ng.

Step 3

Start Capturing Traffic

We now need to start capturing traffic. We do this by using the airmon-ng command with the monitoring interface, mon0.

  • airodump-ng mon0

As we can see, we are now able to see all the APs and clients within our range!

Step 4

Start a Specific Capture on the AP

As you can see from the screenshot above, there are several APs with WEP encryption. Let’s target the second one from the top with the ESSID of “wonderhowto.” Let’s copy the BSSID from this AP and begin a capture on that AP.

  • airodump-ng –bssid 00:09:5B:6F:64:1E -c 11 -w WEPcrack mon0

This will start capturing packets from the SSID “wonderhowto” on channel 11 and write them to file WEPcrack in the pcap format. This command alone will now allow us to capture packets in order to crack the WEP key, if we are VERY patient.

But we’re not patient, we want it now! We want to crack this key ASAP, and to do that, we will need to inject packets into the AP.

ALSO READ  Learn to avoid Anti-Virus Detection with Veil-Evasion 2017

We now need to wait for someone to connect to the AP so that we can get the MAC address from their network card. When we have their MAC address, we can spoof their MAC and inject packets into their AP. As we can see at the bottom of the screenshot, someone has connected to the “wonderhowto” AP. Now we can hasten our attack!

Step 5

Inject ARP Traffic

To spoof their MAC and inject packets, we can use the aireplay-ng command. We need the BSSID of the AP and the MAC address of the client who connected to the AP. We will be capturing an ARP packet and then replaying that ARP thousands of times in order to generate the IVs that we need to crack WEP.

  • aireplay-ng -3 -b 00::09:58:6F:64:1E -h 44:60:57:c8:58:A0 mon0

Inject the ARPs into the AP, we will capture the IVs that are generated in our airodump file WEPcrack.

Step 6

Crack the Password

Once we have several thousand IVs in our WEPcrack file, all we need to do is run that file against aircrack-ng, such as this:

  • aircrack-ng WEPcrack-01.cap

If we have enough IVs, aircrack-ng will display the key on our screen, usually in hexadecimal format. Simply take that hex key and apply it when logging into the remote AP and you have free wireless!

It's only fair to share...Digg thisShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInFlattr the authorShare on TumblrShare on VKShare on YummlyShare on RedditShare on StumbleUpon