Welcome back, my rookie hackers.

When Wi-Fi was first developed and popularized in the late 90s, security was not a major concern. Unlike wired connections, anyone could simply connect to a Wi-Fi access point AP and steal bandwidth, or worse sniff the traffic.

The first attempt at securing these access points was termed Wired Equivalent Privacy, or simply WEP. This encryption method has been around for quite awhile and a number of weaknesses have been discovered. It has been largely replaced by WPA and WPA2.

Despite these known weaknesses, there are still a significant number of these legacy APs in use. I was recently July 2013 working at a major U.S. Department of Defense contractor in Northern Virginia, and in that building, probably a quarter of the wireless APs were still using WEP.

Apparently, a number of home users and small businesses bought their APs years ago, have never upgraded, and don t realize or don t care about its lack of security.

The flaws in WEP make it susceptible to various statistical cracking techniques. WEP uses RC4 for encryption, and RC4 requires that the initialization vectors IVs be random. The implementation of RC4 in WEP repeats that IV about every 6,000 frames. If we can capture enough of the IVs, we can decipher the key.

Now, you might be asking yourself, Why would I want to hack Wi-Fi when I have my own Wi-Fi router and access. The answer is multi-fold.

First, if you hack someone else s Wi-Fi router, you can navigate around the web anonymously, or more precisely, with someone else s IP address. Second, once you hack the Wi-Fi router, you can decrypt their traffic and use a sniffing tool like Wireshark or tcpdump to capture and spy on all of their traffic. Third, if you use torrents to download large files, you can use someone else s bandwidth, rather than your own.

Let s take a look at cracking WEP with the best wireless hacking tool available, aircrack-ng. Hacking wireless is one of my personal favorites.Step 2: Put the Wireless Adapter into Monitor Mode

Next, we need to put the wireless adapter into monitor or promiscuous mode. We can do that by typing:

Note that the interface s name has been changed to mon0 by airmon-ng.Step 3: Start Capturing Traffic

We now need to start capturing traffic. We do this by using the airmon-ng command with the monitoring interface, mon0.

As we can see, we are now able to see all the APs and clients within our range.Step 4: Start a Specific Capture on the AP

As you can see from the screenshot above, there are several APs with WEP encryption. Let s target the second one from the top with the ESSID of wonderhowto. Let s copy the BSSID from this AP and begin a capture on that AP.airodump --bssid :5B:6F:64:1E -c 11 WEPcrack mon0

This will start capturing packets from the SSID wonderhowto on channel 11 and write them to file WEPcrack in the pcap format. This command alone will now allow us to capture packets in order to crack the WEP key, if we are VERY patient.

But we re not patient, we want it now. We want to crack this key ASAP, and to do that, we will need to inject packets into the AP.

We now need to wait for someone to connect to the AP so that we can get the MAC address from their network card. When we have their MAC address, we can spoof their MAC and inject packets into their AP. As we can see at the bottom of the screenshot, someone has connected to the wonderhowto AP. Now we can hasten our attack.Step 5: Inject ARP Traffic

To spoof their MAC and inject packets, we can use the aireplay-ng command. We need the BSSID of the AP and the MAC address of the client who connected to the AP. We will be capturing an ARP packet and then replaying that ARP thousands of times in order to generate the IVs that we need to crack WEP.aireplay-ng -3 -b 00:::6F:64:1E -h :57:c:A0 mon0

Now when we inject the ARPs into the AP, we will capture the IVs that are generated in our airodump file WEPcrack.Step 6: Crack the Password

Once we have several thousand IVs in our WEPcrack file, all we need to do is run that file against aircrack-ng, such as this:aircrack-ng WEPcrack-01.cap

If we have enough IVs, aircrack-ng will display the key on our screen, usually in hexadecimal format. Simply take that hex key and apply it when logging into the remote AP and you have free wireless.

WEP is much easier to crack than WPA-PSK, as it only requires data capturing between 20k and 40k packets, while WPA-PSK needs a dictionary attack on a captured.

This tutorial walks you though a very simple case to crack a WEP key. It is intended to build your basic skills and get you familiar with the concepts.

Wait till it reaches 20000 packets, best would be to wait till it reaches around 80,000 to 90,000 packets. Its simple more the packets less the time to crack. Once.

How to Hack Wifi or how someone could Hack your Wifi. In this article I m going to teach you how a Wifi using WEP security can be easily hacked and how to protect. I ll be cracking WEP Key on Kali Linux system using Aircrack-ng software suite.

Before we go further, I want you to know a little about Wifi security system. So today every wifi is somehow protected and you ll hardly find any wifi network which is open and using plane-text communication, at least not in India. You will usually find WEP, WPA or WPA2 secure wifi. WEP Wired Equivalent Privacy provides less security while WPA Wi-Fi Protected Access and WPA2 Wi-Fi Protected Access II both have better security.

So who is using WEP Wifi Security. Most Wifi devices which are old can use only WEP encryption and authentication. Some modern Wifi devices by default have WEP security or some ISP configures them like that for their users. Some home users still prefer WEP security and that s how there are many targets for a hacker.

READ: How to Hack WiFi Password. Cracking WEP, WPA/WPA2, WPS with Wifite.

HARDWARE INFO:

I have been asked several times about the hardware I m using. It s a plug-n-play wireless USB adapter TP-LINK TL-WN722N from Amazon.

If you are looking for a better range – better quality wireless adapter for KALI then I recommend using Alfa AWUSO36NH. Also, don t forget to add better antenna s 9-12 dBi.

If you are looking for Ultimate range WiFi antenna up to 56 Km. then, try – TP-LINK TL-ANT2424B 2.4GHz 24dBi.

Steps For Hacking WiFi  Cracking WEP Key on Kali Linux:

Let s begin Open the Terminal and Type the following command to find whether your wireless card is working or not.

airmon-ng

If you get something like following image then your wireless card is available and working.

Now type the following command to put your wireless card in monitoring mode.

airmon-ng start wlan0

If you got the above image then your wireless card is in monitoring mode and working. Now type the following command to listen to the wireless network around you and get details about them.

airodump-ng mon0

Note that mon0 might be mon1, mon2, mon3 etc. depending upon the number of monitoring mode already running on your system. Find the monitoring mode ie. mon1, mon2 etc.  from the precious image.

Now here our target is mtnl which is using WEP encryption and authentication. Wifi mtnl is working on channel 4 and bssid is 0C:D2:B. Now type the following command to start capturing its packet which might have encrypted password.

airodump-ng –w mtnl-org –c 4 –bssid 0C:D2:B: mon0

Let me explain the command, -w is for writing into a file that we are going to create i.e. mtnl-org, -c is used for channel which is currently 4.

Now after typing the command wait for 10-15 minutes to capture around 15,000 ivs packets. The time duration depends on the traffic on network, your distance from the access point and actually the no. of ivs you have captured refer to the next image.

Hey, if there is only few packets coming then you can try to deauth to generate more data packets with following command:

aireplay-ng -0 0 -a 0C:D2:B: mon0

Finally, Type the following command to start cracking WEP key of the network.

aircrack-ng mtnl-org-01.cap

Notice the file name carefully as the program automatically ads -01, -02, -03 etc. to the file name you have suggested. It depends upon the no. of file you have with same name.

After a few seconds or minutes you will find that the password is 100 decrypted or WEP key is cracked and password is 3937353536.

Cracking WEP Key on Kali Linux

NOTE: This was surely a little lengthy process of cracking WiFi s WEP Key. You might be interested in hacking other types of secure WiFi networks such as WPA, WPA2 or WPS in an automated way, then read my latest article – How to Hack WiFi Password. WEP, WPA/WPA2, WPS – Wifite.

Troubleshooting: If you were unable to crack WEP key of your WiFi then you might have typed wrong command or had input wrong value like channel number, bssid or something. Be Careful.

You might not have captured enough packets and ivs that are necessary to crack the WEP key. Don t worry you ll error message about this.

There is possibility that your wireless card is not working or something else might not be working well then I can t do much, you should search about it on web or watch my video about hacking and Cracking WEP Key on Kali Linux using Aircrack-ng Tool.

How to Secure your Wifi.

At this position you might have understood that WEP doesn t provide much security so you should switch to better security WPA or WPA2. Use strong password and change it regularly, in case someone got you password then he might not be able to enjoy much free access. You can find more WiFi security tips in my another article – How to Hack WiFi Password. WEP, WPA/WPA2, WPS – Wifite..

If you enjoyed this article, Get email updates It s Free.

May 17, 2011  This video shows how to hack wep key with back track 5 and also with a never seen attack in youtube or net by dnsanda videos. OK. You Guys Asked For.

• Aug 22, 2012  Download music Backtrack 5 r3 Backtrack 5 r3 kde crack wep key hack wep key new crack.
• Oct 28, 2011  You already know that if you want to lock down your Wi-Fi network, you should opt for WPA encryption because WEP is easy to crack. But did you know how.
• How to Hack Wi-Fi: Cracking WEP Passwords with Aircrack-Ng. Welcome back, my rookie hackers. When Wi-Fi was first developed and popularized in the late 90s.