Wireless technology has become increasingly popular as it allows you to easily access the Internet from all sorts of locations around the world without requiring a network cable. But a wireless network isn’t always secure if you don’t understand its dangers, and especially if precautions are not taken.
Some WEP protected networks take less than 5 minutes to crack. If the first WEP network you try takes too long, try moving on to another one. Please comment if this method worked for you, or if you know an easier way.
Wep Crack Youtube
In today’s society, we see a lot more users getting compromised, especially in public Wi-Fi locations. There may be an open wireless network, weak encryption, or just plain trust issues. But before we begin, you’ll probably need some proper equipment to follow the demonstrations.
Also Read:Crack WPA2-PSK with Dictionary | Crack WPA2-PSK with Hashcat | Crack WPA2-PSK with Fluxion
Today we’ll demonstrate the wireless cracking of WEP which is obviously a weak encryption protocol and the time has come to talk about WEP cracking! It is exactly as it sounds – capturing data to recover a WEP key using passive or active methods. With today’s improving hardware and software, WEP encryption can be cracked easily in less than 5 minutes!
WEP encryption should only be used in cases where old hardware is still in use; otherwise you should be using WPA2 encryption. Tools such as Aircrack-ng, AirSnort, Airoway, chopchop and dwepcrack can perform these attacks.
Wired Equivalent Privacy (WEP) encryption is a standard Wi-Fi wireless network security algorithm used to protect personal and business networks. WEP keys are created by the network administrator to allow groups of devices on a local network to securely connect. When each packet is sent from the client to the wireless access point, it is encoded in a sequence of hexadecimal digits. These digits include numbers 0 to 9 and letters A to F.
This is purely for Educational Purposes. We’re not responsible for your actions. Keeping that in mind.
In this article, we’ll go through step by step instructions on how to crack WEP encryption.
Step 1 – The very first step is to check whether your Kali Linux machine has a wireless interface or not by typing “iwconfig“.
If it shows something related to wlan0, then it means you’ve wireless interface, otherwise you need to attach external USB Wi-Fi adapter (TP-LINK or Alfa Card) which supports packet injection capability.
Step 2 – Now you need to start this wireless interface (wlan0) by typing “airmon-ng start wlan0” into monitor mode (wlan0mon).
Monitor mode is a feature that allows your computer to listen to every wireless packet within range of your wireless card. This mode will allow us to inject packets into a wireless network.
Also you can change your mac address (optional) with macchanger tool which is an open source tool and is pre-installed in every Kali Linux machine.
Step 3 – Type the following command which enables monitor mode to search all near-by Wi-Fi devices.
Command: airodump-ng wlan0mon
After hitting, you’ll see the output something similar to below screenshot.
Here you can see that, the ESSID “Chandigarh” has WEP Encryption whose BSSID is “9C:D3:6D:FA:04:66” and is on channel 1.
Step 4 – Let’s capture the packets of Wi-Fi which you want to hack by typing the following command in your terminal.
Command: airodump-ng -c <channel> –bssid <target mac> -w <filename> <interface name>
The following are the components of above command:
-c: This is the channel
-w: This gives write access to a file
–bssid: This is the wireless access point MAC address
then you will see something like this on your screen after you hit the above command.
The first section here shows details about the router . The second section shows details about routers and connected devices to it.
The most important column in above step is to collect the Data Packets (collect at least 15000 packets), this is what helps us in understanding whether we have enough packets to crack the password. The column STATION in second section shows the list of all devices connected to the router. If you don’t have any device connected, it is very difficult to crack.
Though their are devices connected sometimes you wont get data packets quickly. you might have to wait for sometime . but here we will not wait for force to send packets. So you need to send data packets forcefully using fake authentication in same channel number.
Step 5 – Open a new terminal and type the following command to generate more data packets using Fake Authentication.
Command: aireplay-ng -1 0 -a <target mac> <interface name>
Here,
-1 means fake authentication (-0 in case if you want to deauthenticate)
0 means re-association timing in seconds
-a means target mac address
You can also use -h option with your fake mac address to get in association with your device.
The fake authentication attack allows you to perform the two types of WEP authentication (Open System and Shared Key) plus associate with the access point (AP). This is only useful when you need an associated MAC address in various aireplay-ng attacks and there is currently no associated client.
It should also be noted that the fake authentication attack does NOT generate any ARP packets. Fake authentication cannot be used to authenticate/associate with WPA/WPA2 Access Points.
Step 6 – In next step, you need to boost the data packets with ARP Request Replay Attack by typing the following command in your new terminal.
Command: aireplay-ng -3 -b <target mac> <interface name>
Here,
-3 means standard arp request replay,
-b is the target mac address
Wep Crack Software
You can also use (optional) -h with your source mac address.
The classic ARP request replay attack is the most effective way to generate new initialization vectors (IVs), and works very reliably. The program listens for an ARP packet then re-transmits it back to the access point. This, in turn, causes the access point to repeat the ARP packet with a new IV. The program re-transmits the same ARP packet over and over. However, each ARP packet repeated by the access point has a new IVs. It is all these new IVs which allow you to determine the WEP key.
Once this starts , go back to the terminal which captures data packets in step 4 and observe the packets in the Data column, it raises exponentially.
Step 7 – Now it’s time to crack the key by typing “aircrack-ng <filename-01.cap>”
Here chetan-01.cap is the filename containing the data.
Here you can see the output, which shows Failed result which means we didn’t get the key because of less packets (as 4796 packets).
Crack Wep Macbook
Now try to capture more data packets (at least 15000) and then try to repeat the same command which results 100% key (with 17181 packets):
The WEP key is only displayed if 100 percent of the hex key has been converted to ASCII. Once you have received the key, you can try connecting to the wireless network.
And at the end, you need to close all the terminals by pressing CTRL + C key and run the following command to clear out all the stuff.
Commands:
airmon-ng stop wlan0mon
service networking restart
service network-manager restart
In this tutorial we will see how easy it is to crack WEP encryption on a wireless access point. WEP is now very outdated, after it’s easy vulnerability was exposed. However you will still find some access points using WEP, and for educational purposes I wish to demonstrate how easy it is to break, which should encourage you to switch to WPA if you haven’t done so already.
It is also a good starting point for you to learn the basics of how to use airodump-ng and aircrack-ng tools within the terminal window.
I’m using the Kali Linux distribution that comes with these tools already installed. If you haven’t done so already I advise you download and setup a USB live drive running Kali Linux. If you’re a mac user you will find this tutorial useful as I also address the wireless driver issues that frequently plague Mac users trying to run aircrack.
STEP 1
First we will run airodump-ng to scan for available wireless networks and identify one running WEP that we wish to connect to.
As you can see there’s several networks with WEP available, we will target the last in the list. press control c to stop airodump and run the following command
airodump-ng -w <directory to write the file to> -c <channel number> –bssid <MAC of target access point> <wireless interface>
As you can see I am saving the captured packets to a local directory on my system, and I set the channel and BSSID to the channel and bossed indicated in our initial scan. Finally as I am using a mac I have got the prism0 wireless interface which is being used for wireless monitoring. If you’re on another machine I assume you have already enabled monitor mode with the airmon-ng command.
When you hit enter airodump will then begin gathering packets and writing them tot he capture file. You will need to capture around 10,000 IV’s before it will be possible to start cracking the WEP encryption, typically I have found I need around 2,000 IV’s to be successful.
STEP 2
Leave the terminal window open with airodump capturing packets, and start a new terminal window. Here will run aircrack-ng with the following command
aircrack-ng <directory to the capture file>
When you hit enter aircrack-ng will open the capture file and begin to try to crack the WEP encryption. If successful it will display the result in Hexadecimal code. If it’s not successful it will indicate not enough IV’s have been captured. Simply leave the window open it will automatically retry when the next 5k IV’s have been captured.
Wep Crack Windows
When you finally have captured enough IV’s it will display the successfully cracked password in Hexadecimal format. You can use an online converter tool to convert this to ASCII characters if you wish, or enter the HEX without the : separators.