Josh_Hacking

Lesson
Detailed Info

WEP Cracking AirCrack-ng

Sometimes if you hapen to find a WEP to hack or secure, you have to follow a different procedure. This encryption method has been around for quite awhile and a number of weaknesses have been discovered. It has been largely replaced by WPA and WPA2.

Despite these known weaknesses, there are still a significant number of these legacy APs in use. we can still find universities or offices have probably a quarter of the WEP based wireless APs.

So you can also learn this to crack, unlike WPA we need to wait for more IV in cracking WEP passwords.

Open Aircrack-Ng in Kali linux

Let's boot our Kali linux and make certain that our wireless adapter is having promiscuous mode.

iwconfig

Step 2 Put the Wireless Adapter into Monitor Mode

Next, we need to put the wireless adapter into monitor or promiscuous mode. We can do that by typing:

airmon-ng start wlan0

Note that the interface's name has been changed to mon0 by airmon-ng.

next time type airmon-ng you can see wlan0mon

Step 3 Start Capturing Traffic

We now need to start capturing traffic. We do this by using the airmon-ng command with the monitoring interface, mon0.

airodump-ng wlan0mon

As we can see, we are now able to see all the APs and clients within our range!

Step 4Start a Specific Capture on the AP

As you can see from the screenshot above, there are several APs with WEP encryption. Let's target the second one from the top with the ESSID of "wonderhowto." Let's copy the BSSID from this AP and begin a capture on that AP.

airodump-ng --bssid {mac address} -c {channel number} -w {filename} wlan0mon

This will start capturing packets from the SSID "wonderhowto" on channel 11 and write them to file WEPcrack in the pcap format. This command alone will now allow us to capture packets in order to crack the WEP key, if we are VERY patient.

But we're not patient, we want it now! We want to crack this key ASAP, and to do that, we will need to inject packets into the AP.

We now need to wait for someone to connect to the AP so that we can get the MAC address from their network card. When we have their MAC address, we can spoof their MAC and inject packets into their AP.

Step 5 Inject ARP Traffic

To spoof their MAC and inject packets, we can use the aireplay-ng command. We need the BSSID of the AP and the MAC address of the client who connected to the AP. We will be capturing an ARP packet and then replaying that ARP thousands of times in order to generate the IVs that we need to crack WEP.

aireplay-ng -3 -b {mac address of AP} -h {mac address of the handshake machine} wlan0mon

Now when we inject the ARPs into the AP, we will capture the IVs that are generated in our airodump file WEPcrack.

Step 6 Crack the Password

Once we have several thousand IVs in our WEPcrack file, all we need to do is run that file against aircrack-ng, such as this:

aircrack-ng WEPcrack-01.cap

If we have enough IVs, aircrack-ng will display the key on our screen, usually in hexadecimal format. Simply take that hex key and apply it when logging into the remote AP and you have free wireless!

Complete the WEP cracking task with kali linux and Aircrack-ng

http://192.168.0.104/adminpage/vulnerabilities/wifi/index.php

Install AirCrack-ng in windows if you dont have kali linux in virtual box.