Some times, the fake authentication just does not work no matter what you do and you have to proceed without it. If the previous step fails in your case, and you are unable to do authentication with either a fake or your own MAC address, the next step 6 - packet injection - will likely fail too. Try it out and see. If step 6 fails, return to this section. No worry, you can still crack WEP ; it will just take more time. If you are unable to authenticate and as a result do packet injection, you will be watching the screen which you opened in step 4 for a while.
Your goal is to see at least , in the Data column. If you look at the RXQ column in the print screen above, you can see there number This value provides information about the quality of your wireless connection between the access point and your computer.
Anything below 80 is considered weak. If the number fluctuates a lot, you have weak signal as well. The RXQ value relates to the data stream going from the access point to your computer. Even if this number is above 80, the access point still may not be able to see your computer. This is the most common reason for fake authentication and packet injection to fail.
If that is your case, just sit back and wait until the Data column shows at least ,, and then try step 7 WEP crack. Without authentication and packet injection, this process might take 1,5 - 2 hours. You can start trying WEP crack in step 7 as soon as the Data reaches at least 80,, but our experience is that WEP keys usually get cracked once having somewhere around , initiation vectors.
To crack a WEP key for a wireless access point , we need to gather a lot of initialization vectors IVs , ideally somewhere around , of them. Normal network traffic does not typically generate these initialization vectors very quickly. Theoretically, if you are patient, you can gather sufficient IVs to crack the WEP key by simply passively listening to the network traffic and saving them step 5.
Alternatively, you can use a technique called packet injection to actively speed up the process. Injection involves having the access point resend selected ARP packets they include IVs over and over very rapidly.
This allows us to capture a large number of initialization vectors in a short period of time. So, the purpose of this step is to start aireplay-ng in a mode which listens for ARP requests then reinjects them back into the network. This command will start listening for ARP requests and when it hears one, aireplay-ng will immediately start injecting it.
You can generate an ARP request by pinging some other client that is already associated. You can confirm that you are injecting by checking your airodump-ng and aireplay-ng screens.
The data packets should be increasing rapidly. The ARP packets and Sent packets should be increasing rapidly as well. Possible problem: Note, if the ARP packets count and the Sent count as well are stuck at zero, then your network interface is likely not associated with your access point.
Or, you can also be too far away from the access point weak signal. Is the source mac associated? Go back to your other window from step 5 and rerun fake authentication. This is not necessary if you went through step 3 though. Once you have captured a large number of initialization vectors, you can use them to determine the WEP key. These commands will calculate WEP key from the captured initialization vectors.
This is what the output looks like:. Now that you know how to break into a WEP-protected network and therefore have discovered the weak link in your wifi network, we would also like to draw your attention to our security tutorials. We have written a few tutorials related to wireless network security. Our wireless security tutorials help you to make your network more secure.
WEP networks can only be cracked by stimulating enough network traffic to attack the key with cryptographic means. By doing so, our adapter will be able to send forged packets to our target network, allowing us to replay any traffic that would cause the router to run out of bandwidth. WEP can only be cracked by capturing a large number of IVs first, which means we need to capture a large number of packets first. In order to crack the air, we will need to use an aircrack-ng tool.
By using this tool, you can determine the key stream and the WEP key for the target network using statistical attacks. If you receive an error message that says "Command 'ifconfig' not found" or something similar, type sudo apt install net-tools and press Enter to install the network tools.
Use Airmon-ng to put your network adapter in monitor mode. To do so, type sudo airmon-ng start [network adapter name] and press Enter. Replace "[network adapter name]" with the name of your network adapter you got from the "ifconfig" command.
This puts the network adapter in monitor mode. It will also likely change the name of your network adapter. Take note of any name changes your network adapter is given. If you are not sure what the new network adapter name is, simply run the "ifconfig" command again.
Use Airodump-ng to search for a WEP-enabled network. To do so, type sudo airodump-ng [network adapter name] --encrypt WEP and press Enter. Replace "[network adapter name]" with the current name for your network adapter. This searches the network for packets sent using WEP encryption using Airodump-ng.
Use Besside-ng to attack the network. Replace "[channel number] with the channel number you got from the airodump-ng command. Finally, replace "[network adapter name]" with the current name for your network adapter. This launches an attack against the network using the "Besside-ng" tool. The attack should take about 2 - 10 minutes. The "Besside-ng" tool first attacks first using packet injection and then by flooding the network.
All data that it gathers is saved to a ". Warning: Launching an attack against a network that you do not have authorization to audit or attack is illegal. Law enforcement will often set up WEP-encrypted networks specifically to catch criminal hackers. If you get an error that says "Network is down" or similar during the attack, simply run the command again to continue. You can also run the type the command airmon-ng check kill to automatically stop any processes that may be taking your network adapter out of monitor mode.
Use Aircrack-ng to get the network key. To do so, simply type sudo aircrack-ng. This reads back the ". It will display a list of networks it has encountered. When you see the network you want to break, press the number that corresponds to that network and press Enter. Aircrack-ng will start cracking the code. When it is finished, it will display the network key next to "Key Found!
Advise the network administrator to change their encryption. This article demonstrates just how easy it is to break WEP encryptions. Once someone is on your network, they can launch a man-in-the-middle attack, route you to fake websites, and control your internet experience. Not Helpful 0 Helpful 2. A sniffer is a tool that intercepts data flowing in a network.
If computers are connected to a local or a network that is not filtered or switched, the traffic can be broadcast to all computers contained in the same segment. Not Helpful 0 Helpful 1.
Go to the computer lab or sneak your phone into the school and make sure you have a packet-sniffing app. Not Helpful 5 Helpful 1. Include your email address to get a message when this question is answered. Laws concerning network security can differ from place to place. Make sure you know everything you need to know and be prepared to face the consequences of your actions while attempting this.
Helpful 5 Not Helpful 4. You can use other programs such as Wireshark formerly known as Ethereal , Airsnort, and Kismet to sniff packets and break a WEP encryption. They are available as source code. You will need some background in compiling source code for Linux or Windows to use Airsnort or Kismet.
Helpful 0 Not Helpful 0. Always be careful of who your target is. It's not smart to walk into your local McDonalds and try to crack their net.
The chances of you getting caught increase tenfold.
0コメント