Hacking WEP WiFi

This topic was published by and viewed 4793 times since "". The last page revision was "".

Viewing 1 post (of 1 total)
  • Author

  • DevynCJohnson
    • Topics - 437
    • @devyncjohnson

    WEP is a common WiFi security algorithm that has been found to have many security flaws. This security algorithm is so weak that it can be hacked in about fifteen minutes or less. Since Linux and most of its software is open-source, this makes it easy for anyone to hack WEP WiFi hotspots.

    Keep in mind that Kali Linux (formerly called "Backtrack") is not needed for hacking. Linux users can use their preferred distro. Also, hacking can be helpful when people must find or prove the existence of security flaws. This tutorial can also prove to people that they should switch from WEP to WPA2 if possible. Please use all of this knowledge for good and not evil. In addition, get permission from the Wifi before hacking.

    NOTE: All of these commands in this tutorial should be run with Root privileges.

    Obtaining the Tools

    To begin, install the needed packages. Some distros contain the needed tools in the default repos and others do not. If they are not in the Ubuntu repos, users may need to add the "ppa:darklordpaunik8880/kalibuntu" PPA by typing apt-add-repository ppa:darklordpaunik8880/kalibuntu. Once the repos are add, then on Debian-based systems, users can type apt-get install aircrack-ng. The "aircrack-ng" package adds many WiFi hacking tools and the package's dependencies provide additional utilities.


    Once the utilities are obtained, open a terminal and type airmon-ng. This will display a list of detected WiFi devices on the local system that support monitoring (this feature is needed). Then, type airmon-ng start INTERFACE where "INTERFACE" is the desired wireless device (such as "wlan0") that supports monitoring. The terminal should display a monitor interface name (such as "mon0").

    Next, type airodump-ng MONITOR-INTERFACE. This will display various information about the detected WiFi signals. Look for an ESSID that is using WEP as the encryption (ENC) and cipher. Write down the ESSID, BSSID, and channel (CH). Also, remember the wireless interface and monitoring interface.

    With the gathered information, type a command in the form airodump-ng –w DIRECTORY –c CHANNEL –bssid BSSID MONITOR-INTERFACE. The directory is used to store files on your computer for data that this process will need. After many packets have been captured, type aircrack-ng FILE.cap where "FILE.cap" is the pathname of the "*.cap" file in the directory you have previously chosen.

    The cracking process has now begun. When finished, the terminal will return a failure or a "KEY FOUND!" message containing the WEP password. Since WEP uses hexadecimal keys, if a ten-digit hex number is given, then that is the password (without the colons ":").


    WEP is very easy to crack. Obviously, people should switch to WPA2, but many people have legitimate reasons for using WEP and are unable to migrate. However, such people should enable an additional security feature called "MAC address filtering" which is supported by many wireless routers.

    Further Reading

Viewing 1 post (of 1 total)