Hacking a WEP Connection

 

                                                       Hacking a WEP Connection 

 Here, you will find out how a connection with low level of security can easily be hacked. To attempt this hack, you will need a wireless adapter, aircrack-ng, and BackTrack. Once you have those tools, follow these steps:

     1. Load the aircrack-ng in Backtrack

Once you fire up Backtrack, plug in your wireless adapter and see if it is running. To do that, enter the command: 

Iwconfig

After doing so, you will be able to see if your adapter is recognized. You may see that as wlan0, wlan1, and so on.

   2. Place the wireless adapter in promiscuous mode

Now, search for the available connections nearby by placing your wireless adapter into monitor mode or promiscuous mode. To do that, enter the following command:

airmon-ng start wlan0

After doing so, airmon-ng will change the name of your interface to mon0. Once you are able to place your wireless adapter into monitor mode, you will be able to capture the available traffic by entering the following command:

airodump-ng mon0

Now, you will be able to see all access points and their corresponding clients that are all within your range.

   3. Start capturing on a particular access point

 If you see a BSSID or an ESSID that has a WEP encryption, you already get the idea that that will be the connection that is easiest to crack within the list of APs that you were able to capture. Now, copy the BSSID of the chosen AP and begin capturing using this command:

airodump-ng --bssid [BSSID of target] -c [channel number] -w WEPcrack mon0  

After entering the command, Backtrack will start capturing packets from the targeted access point on its particular channel and then write the WEPcrack in the format of pcap. This will allow you to get all the packets that you need to decode the passkey used in the connection that you want to tap into. However, getting enough packets for decryption can take a long time. If you can’t wait to get enough packets, you can inject ARP traffic instead. 

 4. Inject ARP Traffic

If you do not have the patience to get enough packets for the WEPkey capture, you can capture an ARP packet and then replay that multiple times in order to get all the IVs that you need to get in order to crack the WEPkey. Since you already have the BSSID and the MAC address of the target (these can both be gathered on Step 3), enter the following command:

aireplay-ng -3 -b [BSSID] -h [MAC address] mon0  

Now, you are able to inject the captured ARPs right into the target access point. All you need to do now is to capture the IVs that will be generated right into the airodump. 

 5. Crack the WEPkey 

Once you are able to have enough IVs in the WEPcrack file, you will be able to run the file in aircrack-ng by entering the following command:

aircrack-ng [name of file, ecample:WEPcrack-01.cap]

The aircrack-ng will usually enter the passkey on your screen on a hexadecimal format. All you need to do is to apply that key into the remote access point to enjoy your free internet.