Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

Wireless How To

Introduction

This article has been superceeded by How to Crack WEP...Reloaded.

In Part 1 of How to Crack WEP, we showed the basic approach to WEP cracking, configured a practice target WLAN and configured both sniffing and attack computers. We also introduced the Auditor Security Collection and used Kismet to find in-range wireless LANs.

In this article, we will describe how to use additional tools found on the Auditor CD to capture traffic and use it to crack a WEP key. We'll also describe how to use deauthentication and packet replay attacks to stimulate the generation of wireless traffic that is a key element of reducing the time it takes to perform a WEP key crack.

Before we get started, however, let us make a few points that may save some readers the time and effort of trying these techniques:

  • To successfully follow this How To, you need basic familiarity with networking terminology and principles. You should know how to ping, open a Windows Command Prompt, enter command lines and know your way around the Windows networking properties screens. Basic familiarity with Linux will be helpful too.

  • These procedures assume the use of specific wireless hardware described in Part 1. They will not work with other hardware types without modification.

  • These procedures assume that the target WLAN has at least one client associated with an AP or wireless router. They will not work with an AP that has no associated clients.

  • This tutorial is based on the Auditor version released April 2005. Future versions could make this attack easier or harder. In addition, some of the commands shown are Auditor-specific scripts that don't exist (but can easily be made) in other Linux distributions.

  • Accessing anyone else's network other than your own without the network owner's consent is illegal. SmallNetBuilder, Pudai, LLC and the author do not condone or approve of illegal use of this tutorial in any way

Also note that it is possible to perform WEP cracking using only one computer. But we have chosen to use two to more clearly illustrate the process and avoid some of the complications caused by using a single computer.

The four main tools used in this article are airodump, void11, aireplay and aircrack, which are included on the Auditor Security Collection CD:

  • Airodump scans the wireless network for packets and captures these packets into files
  • Void11 will deauthenticate computers from a wireless access point, which will force them to reassociate to the AP, creating an ARP request
  • Aireplay takes this ARP request and resends it to the AP, spoofing the ARP request from the valid wireless client
  • Finally, aircrack will take the capture files generated by airodump and extract the WEP key

From your scanning with Kismet as described in Part 1, you should have written down the following four pieces of information:

  • MAC Address of the wireless Access Point (AP)
  • MAC Address of the "Target" computer
  • WEP key used
  • Wi-Fi channel used

In the following procedures, we will call our laptops, Auditor-A and Auditor-B and call the target computer Target. Let's get started.

More Wireless

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Router: RT-AC3100Ver: 384.12I did something to my router RT-AC3100 and now:When I SSH in to the router all my files/folders are owned by a user that i...
Hi!I've been trying to add OpenVPN clients to my RT AC68U router with Merlin 384.12. However, when I try to upload the .ovpn file, after 3/4 secondes ...
HiBeem testing on two different providers (Nord, Express) and seem to be getting DNS leaks. It appears that I am connected to the correct server when ...
Hi,I have a problem with my NAS suddenly seems to drop off the local network, it typically happens when I copy files to the NAS (SMB, FTP) from a Win1...
Anybody can tell me about this ?View attachment 18687I can't find info about this mac addreses, but IP is from Taiwan.Its look like vpn attack ???

Don't Miss These

  • 1
  • 2
  • 3