There are many Wi-Fi encryption algorithms that are susceptible to various types of attacks, and it is incredibly easy to break them with free software such as apps found on Kali Linux. There are other methods as well that can be easily found on Windows or Ubuntu but we will be covering Kali Linux as the software we need is already installed and ready to go.
More detailed screenshots and full instruction can be found on my site.
Step 1: Use Equipment That You Own and Control
The first step is to make sure that you stay inside your home or a place where you have the right to test security features and security software. It is illegal to break into other people’s computing systems, and this could land you in big trouble unless you are practicing on your home network.
Step 2: Gather the Required Materials
There are several things you will need to carry out the attack to break WEP encryption including the following:
· Kali Linux
· A wireless home router running WEP
· The aircrack-ng program (comes with Kali)
· A wireless USB network card
· Another wireless device that is connected to the router
Step 3: Verify Your USB Wireless Interface Is Recognized and Functional
We will need to verify that your USB wireless card is seen by the Kali Linux software. Simply open the BASH shell (command prompt), and enter the ifconfig command. You should already see several interfaces such as an Ethernet interface, a loopback interface, and finally your wireless interface with a name of wlan0 or wlan1.
Step 4: Capture Packets
Next we are going to use the dump command to actually capture packets from the other connected wireless device to initiate the attack. Essentially, the software will make some comparisons between the captured packets using a complex algorithm to deduce the network key. Issue the following command in the BASH shell:
· airodump-ng mon0
Step 5: Store the Capture Packets
The next step is to actually store the captured packets from your USB wireless card. After running the previous command, you should see several wireless networks and related information such as their BSSID, channel, and other key data. Run the following command:
· airodump-ng –w [ESSID] –c [Channel] –bssid [BSSID] mon0
To run this command, you need to search the output for a given wireless router’s ESSID, channel, and BSSID. At this point, your wireless interface is capturing packets, but you’ll want to let it capture at least 10,000 packets before proceeding. You can use the following command to save the captured data to your local HDD:
· airodump-ng mon0 –[file-name]
Step 6: Run Aircrack-ng Against the Captured Data
Now you actually need to run the cracking software against all the data you have collected (about 10,000 packets at this point). Run the following command and plugin the name of the file you saved the captured data to:
· aircrack-ng [file-name].cap
Step 7: If at First You Don’t Succeed, Capture More Packets and Try Again
If all of the commands succeeded, you should be able to see the WEP key now. However, if the cracking process failed, you simply need to collect more packets. This time, let the software collect 15,000 packets and everything should go according to plan. Also remember that the more wireless hosts are connected to a device, the faster the packet capturing process will go.