How to crack WEP protections

Lets see in this little howto how is possibile to crack a wifi wep protection, even though it's seldom to find one. This howto is merely to learn purpose, each improper use is to be considered against the reader.
This lecture it's for O.s. (l)unix based, i use ubuntu, but this should works in any other distro, moreover it's supposed that the wifi card it's properly setted, and that this could handle monitor mode to catch packets.
The first step is download, than install, airodump and aircrack which can be found on internet (or in repositories whether you are using a distro debian based).
Now we must prepare our wireless card, to know the name, from shell, just type "iwconfig" and search the one with the wifi support; from now we suppose that it's name is eth0. Now we must set the wifi card in monitor mode, therefore from shell:

– sudo ifconfig eth0 down
– sudo iwconfig eth0 mode monitor
– sudo ifconfig eth0 up

If all went well, the wifi-card can now catch the packets. Now we must find find the access point ID that uses WEP protection; to do this and therefore read the AP list just type:
– sudo airmon–ng start eth0
– sudo airodump–ng mon1;read

mon1 in the second row it's the wifi ID given by the first command, each one have to put the own. Thanks to the secondo command, we can read a networks list, with the channel numbers, beneath the ENC keyword it's even reported the protection type. So we must now find an AP which is using WEP protection and take note of its bssid.
Let's catch now the packets, filtering its by chosen network, just typing:
– airodump–­ng ­c <canale> ­bssid <bssid> –ivs ­w wep –w <nomefile> eth0

Obviously we must replace <bssid> with the access point number, and the channel with the one first found.
<nomefile> is,instead, tha name of a chosen file where will store the necessary information to break the protection, so you can pick one you like.
Now we must take a look to #Data column, which represents the amount of packets catched.
There are various ways to speed up the capture of the latter, unfortunately these methods don't run on my laptop (i have to change it :) ), so these will be placed in other howtoes.
Once we aarrived to 40000 packets catched, depending of network traffic could be neecessary very short time, we have to use aircrack software.
So open a new terminal and type:
aircrack–ng <nomefileprecedente.cap> <nome scheda di rete>

If the packets catched is enough, we have just to wait few moments to see the string KEY FOUND on our terminal.
If this should not happen, just continue to catch packets with airodump e try again later with the same commands.
Well for now it' all, if you liked this howto please make like on main page :)


Important

The use of this material at the expense of others is absolutely not approved by badnack, which is not considered in any way responsible for any damage caused by improper use of the material. Copies of the above links are for illustrative purposes only and are posted only for for educational purposes