Saturday, August 6, 2011

Hacking WEP Wireless Network

To hack into a wireless network you need to find the security key. The following tutorial will deal with cracking WEP security key. This tutorial is only for educational purpose, I'm not responsible for your bad deeds. If you are looking for a guide to hack WPA/WPA2 Wireless Network click here.
For this tutorial you need backtrack 5 GNOME or the previous versions (which can be easily downloaded from its official site) and a compatible wireless card that supports packet injection.
Install backtrack on your computer using dual boot or normal method (I'm not going deep into the installing part as I guess you can figure it out on your own)

At the startup you can use "startx" for backtrack's Graphical User Interface (GUI)

If you are asked for username and password use this:
Username: root
Password: toor

Follow these steps carefully to successfully Hack into WEP Wireless Network:
Open up a terminal and once we have the terminal open we are going to type in airmon-ng and that command displays our interfaces. In my case I have wlan0, and now we are going to put it into monitor mode. To do that, type airmon-ng start wlan0. As you can see on the picture below it says (monitor mode enabled on mon0), and we are going to be using mon0 instead of wlan0 as our interface.

Type airodump-ng mon0 and that will start scanning for wi-fi networks. As you can see, there is a network called SKIDHACKER. Take a note of the BSSID the DATA, the CHANNEL and the type of ENCRYPTION. Please refer to the image below, if you have any trouble getting to that point.

Now we are going to set it to lock on a specific network named SKIDHACKER. To do that, type airodump-ng -c (channel) -w WEPcrack --bssid (bssid of the network) mon0. Replace (channel) with the channel of the network you are trying to crack, and replace (bssid of the network) with the bssid of the network you want to crack.

Okay so as you can probably see the data is going really slow, and we need to boost that up. We are going to need a lot more data, so let's preform one of the aireplay commands that will boost that data. Firstly, open up a new terminal and type aireplay-ng -1 0 -a (bsisd) mon0 where (bssid) is the bssid of the network. Now if your wi-fi card is supported, you should see Association successful, if you don't see that then your card is not supported.

Now we are going to type in aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b (bssid) mon0. And now when the question Use this packet ? pops up, just push the letter y. And now as you can see in the image below, the data went high drastically.

Okay so now lets open a new terminal and we are going to attempt to crack it with the amount of data we have. I recommend getting over 20000 data before trying to crack it. So let's type aircrack-ng WEPcrack*.cap. Replace WEPcrack with the filename you chose before when capturing the data, and don't forget to add that asterisk after the file and the extension which is .cap.

And now it will attempt to crack the password. Just wait a couple of minutes for it to complete, and once it did it will say KEY FOUND! [ XX:XX:XX:XX:XX ] where the X's will be random numbers and/or letters. That's not it, now to connect you will need to remove the semicolumns. For an example, if we were to have 12:34:52:66:59, the password would be 1232526659. Just log in to your Windows OS, and connect using that password.


  1. can't get any data, does that mean I got a "wrong" network card?

  2. yes you have a wrong card