martedì 9 settembre 2014

How to crack WEP password (educational purpose only)

First of all I want to highlight that cracking password of someone else's access point is illegal.
However you can try with your own router just for educational purpose.
Cracking a WEP password is not difficult, you need mainly 2 things:
-a computer with linux installed in it (I use Debian)
-a wifi adapter (we'll talk about this later)

If you don't have linux installed on your computer don't worry, it's easy to install it and you can have both windows and linux on the same pc (this is called dual boot).
I never used a Mac but I know how to install linux within windows:
-create a backup (for safety)
-shrink the main volume (create a blank partition of about 30GB) --> tutorial
-go to and download the Debian installer
-run it and follow the instruction (be careful to install debian in the partition you just created)
-you've done it, when the computer starts you should be able to choose which OS you want to run

To crack the password you'll need some tools provided in the aircrack suite  but remember that
aircrack supports only some wifi adapters, here's a list.
Now if you have a compatible adapter (I used one with RTL8187B chipset) with the correct drivers installed you can install aircrack by opening the terminal and typing:
[your root password] 
apt-get install build-essential 
apt-get install wireless-tools
apt-get install aircrack-ng 

now you're ready to start:
type iwconfig to list all the wireless interfaces connected to your pc.
When you know which one is the right adapter (it should be called something like wlan0) type:
airodump-ng wlan0
start collecting information about the AP (= access point) you want to crack (bssid and channel) and write them somewhere, beacuse you'll need them.
now open another terminal and type:
airodump-ng -c [the channel of the AP] --bssid [the bssid of the AP] [your device for example wlan0] --ignore-negative-one -w output

This will start capturing initialization vectors (IVs) and when you've collected about 40'000 data packets close the terminal, all the IVs information are saved in a file called output-01.cap

Collecting so many packets can take a while but you can make injections to make this operation faster: see aireplay usage here,

Now that you've collected enough IVs run aircrack to find the password:

aircrack-ng -b [bssid of the AP you want to crack] output-01.cap

Now wait till aircrack find the password.
For the geeks who want to understand how wep cracking works here is an explaination.
I hope you like this post and remember: all the information given in this post are just for educational purpose, use this technique only to crack the password of your own access point.

For any question see aircrack-ng documentation, comment or send me an email to

Bye, Dami

Nessun commento:

Posta un commento