Crack WEP Encryption

In this post I am using the 32 bit back|track 5 VMWare image which you can use with VMWare Workstation or VMWare player.

After starting the back track Virtual Machine you can login with username root and password toor

Then type startx to start the X Window System (the Graphical Interface):

Before you go on, you need to Connect your WiFi card to the Virtual Machine using the Removable Devices menu:

Now start a Terminal using the Icon in the top bar and verify that your WiFi card is visible to back track using the command

airmon-ng

Note the interface name, I will assume it’s wlan0 from here.

Then enable this interface for monitoring with the following command:

airmon-ng start wlan0

Monitoring is now enabled on a special interface, I will assume it’s mon0 from here.

First we will see which networks are available:

airodump-ng mon0

Wait a little while to get a list of the available networks and their encryption types. This post is about WEP encryption so look for a network that has WEP in the ENC column:

We need the BSSID and the Channel in the next command:

airodump-ng -w wepkey --bssid E2:F8:47:CC:84:0C -c 6 mon0

Now we are capturing packets and we need about 20.000 data packets so just let it run for a while (note that there’s needs to be traffic in order to get data packets):

When there are enough packets captured we can stop the capture with ctrl-c. Use the dir or ls command to view the generated files, we need the wepkey-01.cap file in this case.

The actual decyphering of the key is done with the command:

aircrack –ng –a 1 –b E2:F8L47:CC:84:0C wepkey-01.cap

aircrack returns almost immediately and found the key “12345678ab” which is correct:

Conclusion: You shouldn’t use WEP since it can be hacked within a few minutes.