Jump to content
Tuts 4 You

WEP password hacking (Wi-Fi)


Recommended Posts

WEP password hacking (Wi-Fi)
Tools used:
TamoSoft CommView for WiFi 7.1.795 - collecting the packets
Wireshark version 1.12.7 - joining multiple (captured) .cab files
aircrack-ng 1.2 rc2 win  - password crackingMy target wireless network has these information:
Encryption: WEP
SSID: bluew
Vendor: Netgear
Mac: Netgear 08:54:30
but sometimes also shows 20:4E:7F:08:54:301. Collecting the packets with TamoSoft CommView
Start TamoSoft CommView for WiFi.
Click Start Capture. (Click on File->Start Capture).
Wireless networks should be showed in Nodes tab.
For showing Detailed Information about a wireless network
right click on target MAC Address (Netgear 08:54:30)
to see options and then choose "Detail...".
there you will see useful information like
how many Total Packets (Tx) are sent.
I usually let opened the Detailed Information window
while capturing.
For aircrack-ng you should collect at last 5000 IVs.
Sometimes no packets are send through network.Usually the channel is 6 on all networks, Max Rate: 72.2 Mbps.
Sometimes channel is set to "6 (6-10@40)" and Max Rate is increased
to 150.0 Mbps.2. Exporting captured packets with TamoSoft CommView
Go on Packets tab there right click on any column which contains
target mac address (Netgear 08:54:30) as a Src Mac or
as Dest MAC. Choose Quick Filter -> By MaC Address ->
From/To Netgear:08:54:30. The Log Viewer Window will be opened,
select all items, do a right click and from the options showed
select Save Packet(s) As ... ,
as Save as type choose "Wireshark/Tcpdump (.cap)".3. Joining multiple (captured) .cab files
For doing that we use Wireshark.
We open first cap file on Wireshark,
we click on File->Merge... in the file browser we choose
the second file, and done now the first and second file
are joined all we have to do now is to save the joined file:
choose File->Save As... and enter a proper file name.
Note that with this method only two files can be joined
at a time.4. Password cracking
For this we will use aircrack-ng.
For aircrack-ng you should collect at last 5000 IVs.
On captured file Wireshark reported 861 entries (packets),
aircrack-ng reported 834 IVs.
Start Aircrack-ng GUI.exe. As Encryption WEP should be chosen.
Select Filename(s) by clicking the "Choose..." button.
Finally click on Launch button.
If it writes "Failed. Next try with 5000 IVs." you should capture
more packets.
When you are asked (if you are asked) enter the index of Network from the list,
usually you should enter 1 (the first network).
If only one network SSID is on captured file,
first (right) network will be chosen automatically,
it will write on console window "Choosing first network as target".
Damn: not even 5000 IVs are not enough,
"Failed. Next try with 10000 IVs."
Next one also failed: "Failed. Next try with 15000 IVs."Damn: my stupid mistake was that I didn't choosed Key size as 64!!!
After setting Key size to 64:
KEY FOUND! [ AB:CC:BA:12:34 ]
Decrypted correctly: 100%The Key is actually ABCCBA1234

  • Like 4
Link to comment
Share on other sites

  • 1 month later...

*covers walls with aluminum foil*

The solution is to NOT USE WEP, use instead WPA, at least WPA-Personal,

WPA-Personal password length is between 8 and 63 chars,

On WPA only dictionary attack is possible,

so use a save password which would be not found in a dictionary and you are safe.

Also disable WPS:

read http://www.howtogeek.com/176124/wi-fi-protected-setup-wps-is-insecure-heres-why-you-should-disable-it/

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...