I think everybody knows that using WEP to encrypt your WiFi network is not very safe. To demonstrate this I will show you how easy it is to crack the WEP encryption in this post.
Note that I am using my own Access Point here so I am not actually cracking someone else’s WEP Key.
- back|track Linux distribution
- USB WiFi card (most internal WiFi cards will not work)
After starting the back track Virtual Machine you can login with username root and password toor
Then type startx to start the X Window System (the Graphical Interface):
Before you go on, you need to Connect your WiFi card to the Virtual Machine using the Removable Devices menu:
Now start a Terminal using the Icon in the top bar and verify that your WiFi card is visible to back track using the command
Note the interface name, I will assume it’s wlan0 from here.
Then enable this interface for monitoring with the following command:
airmon-ng start wlan0
Monitoring is now enabled on a special interface, I will assume it’s mon0 from here.
First we will see which networks are available:
Wait a little while to get a list of the available networks and their encryption types. This post is about WEP encryption so look for a network that has WEP in the ENC column:
We need the BSSID and the Channel in the next command:
airodump-ng -w wepkey --bssid E2:F8:47:CC:84:0C -c 6 mon0
Now we are capturing packets and we need about 20.000 data packets so just let it run for a while (note that there’s needs to be traffic in order to get data packets):
When there are enough packets captured we can stop the capture with ctrl-c. Use the dir or ls command to view the generated files, we need the wepkey-01.cap file in this case.
The actual decyphering of the key is done with the command:
aircrack -ng -a 1 -b E2:F8L47:CC:84:0C wepkey-01.cap
aircrack returns almost immediately and found the key “12345678ab” which is correct:
Conclusion: You shouldn’t use WEP since it can be hacked within a few minutes.