I think everybody knows that using WEP to encrypt your WiFi network is not very safe. To demonstrate this I will show you how easy it is to crack the WEP encryption in this post.

Note that I am using my own Access Point here so I am not actually cracking someone else’s WEP Key.

Requirements:

  • In this post I am using the 32 bit back|track 5 VMWare image which you can use with VMWare Workstation or VMWare player.back|track downloads

    After starting the back track Virtual Machine you can login with username root and password toor

    back track 5 logon screen

    Then type startx to start the X Window System (the Graphical Interface):

    back track logon screen

    Before you go on, you need to Connect your WiFi card to the Virtual Machine using the Removable Devices menu:

    VMWare Removable Devices Menu

    Now start a Terminal using the Icon in the top bar and verify that your WiFi card is visible to back track using the command

    Note the interface name, I will assume it’s wlan0 from here.

    Then enable this interface for monitoring with the following command:

    image

    Monitoring is now enabled on a special interface, I will assume it’s mon0 from here.

    First we will see which networks are available:

    airodump-ng mon0

    Wait a little while to get a list of the available networks and their encryption types. This post is about WEP encryption so look for a network that has WEP in the ENC column:

    image

    We need the BSSID and the Channel in the next command:

    airodump capture traffic

    Now we are capturing packets and we need about 20.000 data packets so just let it run for a while (note that there’s needs to be traffic in order to get data packets):

    airodump data packets

    When there are enough packets captured we can stop the capture with ctrl-c. Use the dir or ls command to view the generated files, we need the wepkey-01.cap file in this case.

    The actual decyphering of the key is done with the command:

    aircrack captured wep key

    aircrack returns almost immediately and found the key “12345678ab” which is correct:

    iPhone MyWi WEP Key

    Conclusion: You shouldn’t use WEP since it can be hacked within a few minutes.