Step by step to crack wireless WEP encryption

For your information, WEP encryption is totally no safe at all! It can be crack within few minutes time with little effort only. WPA & WPA2 tend to have higher grade of security because you might need to match the sniff packet with the dictionary (database of all the password possibility). Perhaps, it is a 50GB text file or 100GB text file, who know? However, it seem like impossible to contains all the possibility of WPA & WPA2 password in a single text file.

So, I will demonstrate step by step on the WEP cracking process here. However, please ask permission from the owner first before doing anything silly on other people wireless network. Please take you own risk before you try the below step.

1. First of all get all the necessary tools for wireless crack. For me, I will use Backtrack 5 R3 as my based OS. Fyi, backtrack pre-loaded with all the software required by this lab. You can search for backtrack on google and download it before you start. I won't explain much on backtrack here. The software that need as follow,

• airodump-ng
• aireplay-ng
• aircrack-ng

Backtrack 5 R3 (the latest version for now)

 2. You need to get a compatible wireless card or adapter to make this work. You may google "compatibility list of wireless adapter for aircrack". Then you will get the link. For here, I am using D-link 802.11b/g wireless adapter (DWA-110).

3. Launch the terminal in backtrack. Issue the command, iwconfig. If your wireless card detected then it will show you in the list. This is quite similar to windows ipconfig but this only show details for wireless interface in linux system.

Wireless interface detected as wlan0. So, the rest of work will use wlan0 as interface

4. Make sure you mode in Monitor mode. Most of the time the mode will in Managed mode. So, you need to change it as follow command.

To change from Managed mode to Monitor mode.

5. Start to scan the wireless network. Type :

airodump-ng wlan0

You will get the result as follow. Airodump-ng will help you to scan thru all the wireless network AP & host nearby your wireless card or adapter. You will see a list of SSID & wireless in the result.

There are 2 SSID and 1 client detected on the scan.

6. We going to crack password for SSID named FreeInternetAccess. There is a client connect to the SSID. Type the below command to collect wireless network packet.

airodump-ng --bssid 00:xx:xx:xx:21:30 -w /root/Desktop/test wlan0

--bssid, the SSID you going to collect wireless packet.
-w /root/Desktop/free, you going to write the file to desktop and name it to test as pre-fix.

The command to sniff and collect wireless packet to a single file.

The screen you will get after issue the command.

7. For you to crack the WEP key, you need to collect at least 25k packets data. Normal user traffic is slow for us to hit that number of packets. So, we try to generate some wireless traffic using aireplay-ng. Type :

aireplay-ng --arpreplay -b 00:xx:xx:xx:21:30 -h C0:xx:xx:xx:37:47 wlan0

During the traffic generation, you will get something like this.

8. Stop the packet collection (by press ctrl+c) once reach 25k of it.

Under the data show 25k of packets.

 9. Check your desktop. You will see few files already there because we save it to desktop.

The few files created from airodump-ng.

 10. Lastly use aircrack-ng to crack the .cap file. Please take note that the number of 01 will automatically add on to the original pre-fix of file name. For this case, the file name will be free-01.cap Type :

aircrack-ng free-01.cap

The key for this wireless SSID is C5:EE:B4:0F:A4

11. Done.

Please take note again, this tutorial is strictly for educational purpose only. Use it on your own risk. Anything welcome to leave your comment here.

Broga Hill

Finally, we managed to make our second trip to Broga Hill. This time, we go up to third peak which the signboard located (as you can see in the photo). We took a few photos there, and I think this is the best shot. Thanks to the photographer (by the way is T2H's brother. We didn't stay there for long because there are a lot of bees flying around and keep on "landing" at our body. Behind the signboard there is another small path which bring you to mountain called "Gunung Tuk Wan" but you need to walk some more 3.1 km for the peak of 675 meter. Today we made less stop compare to last trip. Hope next time can go up third peak directly without any "pit stop".