Sunday, 24 August 2014

How to Crack WEP key with Backtrack5 r3

Security Issues With WEP

WEP (Wired Equivalent Privacy) was proved full of flaws back in 2001, WEP protocol itself has some weakness which allows the attackers to crack them in no time. The biggest flaw probably in a WEP key is that it supports only 40bit encryption which means that there are 16million possibilities only.

For more information on WEP flaws, kindly read the WEP flaws section here.
Requirements :-
Here is what you would require to crack a WEP key:

1. Backtrack or any other Linux distro with aircrack-ng installed 
2. Wifi adapter capable of injecting packets , For this tutorial I will use Alfa AWUS036H which is a very popular card and it performs well with Backtrack
Procedure :-
First Login to your Backtrack / Linux distro and plug in your Wifi adpter , Open a new konsole and type in the following commands 

ifconfig wlan0 up

where wlan0 is the name of the wireless card ,it can be different .To see all wireless cards connected to your system simply type in " iwconfig ".

Putting your WiFi Adapter on Monitor Mode

To begin, you’ll need to first put your wireless adapter into monitor mode , Monitor mode is the mode whereby your card can listen to every packet in the air , You can put your card into monitor mode by typing in the following commands.

airmon-ng start (your interface)

Example :- airmon-ng start wlan0

Now a new interface mon0 will be created , You can see the new interface is in monitor mode
by entering "iwconfig mon0" as shown

Finding a suitable Target
After putting your card into monitor mode ,we need to find a network that is protected by WEP. You can discover the surrounding networks by entering the following command

airodump-ng mon0

 Bssid shows the mac address of the AP, CH shows the channel in which AP is broadcasted and Essid shows the name broadcasted by the AP, Cipher shows the encryption type.Now look out for a wep protected network In my case i’ll take “linksys “ as my target for rest of the tutorial

Attacking The Target

Now to crack the WEP key you'll have to capture the targets data into a file, To do this we use airodump tool again, but with some additional switches to target a specific AP and channel. Most importantly, you should restrict monitoring to a single channel to speed up data collection, otherwise the wireless card has to alternate between all channels .You can restrict the capture by giving in the following commands

airodump-ng mon0 --bssid -c (channel ) -w (file name to save )

As my target is broadcasted in channel 6 and has a bssid "98:fc:11:c9:14:22" ,I give in the following commands and save the captured data as "RHAWEP"

airodump-ng mon0 --bssid 98:fc:11:c9:14:22 -c 6 -w RHAWEP

Using Aireplay to Speed up the cracking

Now you’ll have to capture at least 20,000 data packets to crack WEP .This can be done in two ways, The first one would be a (passive attack ) wait for a client to connect to the AP and then start capturing the data packets but this method is very slow, it can take days or even weeks to capture that many data packets
The second method would be an (active attack )this method is fast and only takes minutes to generate and inject that many packets .
In an active attack you'll have do a Fake authentication (connect) with the AP ,then you'll have to generate and inject packets. This can be done very easily by entering the following commands 

aireplay-ng - 1 3 -a (bssid of the target ) (interface) 

In my case i enter the following commands 

aireplay-ng -1 3 -a 98:fc:11:c9:14:22 mon0 

After doing a fake authentication ,now its time to generate and inject Arp packets . To this you'll have to open a new Konsole simultaneously and type in the following commands

aireplay-ng 3 -b (bssid of target) -h ( Mac address of mon0) (interface)

In my case i enter
aireplay-ng 3 -b 98:fc:11:c9:14:22 -h 00:c0:ca:50:f8:32 mon0

If this step was successful you'll see Lot of data packets in the airodump capture as show

Wait till it reaches 20000 packets , best would be to wait till it reaches around 80,000 to 90,000 packets .Its simple more the packets less the time to crack .Once you’ve captured enough number of packets, close all the process's by clicking the into mark which is there on the terminal

Cracking WEP key using Aircrack

Now its time crack the WEP key from the captured data, Enter the following commands in a new konsole to crack the WEP key

aircrack-ng (name of the file )

In my case i enter 

aircrack-ng RHAWEP-0.1-cap

With in a few minutes Aircrak will crack the WEP key as shown

Once the crack is successful you will be left with the KEY! Remove the colons from the output and you’ll have your WEP Key.
Hope You Enjoyed this tutorial ,For further Doubts and clarifications please pass your comments


  1. This comment has been removed by a blog administrator.

  2. Thank you for the good writeup. It in truth was a
    leisure account it. Glance advanced to more brought agreeable from you!

    However, how can we keep up a correspondence?

    Also visit my web site :: Duplicates Finder

  3. Hmm it apppears lіke yօur bog atee my first commkent (it was super
    long) sso I guess I'll juyst sum it up whst І wrote and say, I'm thoгoughly
    enjoying уour blog. ӏ ttoo amm aаn aspiring blog blogger ƅut I'm stjll neww tto the whole thing.
    Ɗo you hɑve any poіnts ffor beginner blog writers?
    ӏ'd genuinewly aappreciate іt.

    mʏ blog post ... hitt me (

  4. I llve rading a pot tҺat cɑn make mеn ɑnd wopmen think.

    Also, thankss fоr permitting me to comment!

    Look at myy wweb site ... mydirtyhobby ()

  5. Hello to all, the contents existing at this site are truly awesome for people knowledge, well, keep up
    the nice work fellows.

    my site: Raspberry Ketone

  6. I usеd to be recommended thiѕ blog by way օf my
    cousin. I'm no longeг sure whetҺer this puƅlish is written via him as nobody else
    κnow such specified apρroximately my problem. You are wondеrful!

    Taқe a look at my web site :: Tablet PC 2LooK Quad Core CPU the best performance 4GB RAM smartphone android mobitel

  7. I was curious if you ever thought of changing the structure of your site?
    Its very well written; I love what youve got to say. But maybe you could a little more
    in the way of content so people could connect with it
    better. Youve got an awful lot of text for only having 1 or
    two images. Maybe you could space it out better?

    Also visit my blog post bike race hack

  8. constantly i used to read smaller articles or reviews that also clear
    their motive, and that is also happening with this article which I am reading here.

    Review my web blog:

  9. You coukd definitely see your enthusiasm withijn the work you write.
    The world hopes for even more passionate writers like you who aren't
    afraid to say how they believe. At alll times goo after your heart.

    Feel free to surf to my web blog - купить мультикоптер

  10. This comment has been removed by a blog administrator.

  11. fantastic issues altogether, yοu just won a brand new reader.
    What would you suggest about your publish tɦat you just made some days ago?

    Any certain?

    mʏ blog post: smartphone vendor

  12. Just want to say your arricle is as surprising. Thee clarity
    iin your post iss simply nice and i can assume you're aan expert on this subject.
    Finne with yoour permission let me to grab your feed to keep up
    to date with forthcoming post. Thanks a million and please carry on the enjoyable work.

    my homepage: каркасное домостроение

  13. Wonderful, what a website it is! This weblog presents helpful data to us,
    keep it up.

    Feel free to surf to my page - ankara psikolog

  14. Do you have any video of that? I'd like to find out more details.

    Feel free to visit my web page; Koku Tespiti