How to crack a WEP key

In this article I will be showing you how simple and easy it is to crack a WEP key. So let’s get started. Here are the following materials you are going to need.

Materials Needed

• Backtrack 3
• ImgBurn
• A compatible wireless adapter
• A Blank CD

Run Backtrack 3

Before we can even think about cracking any WEP Keys we first have to download Backtrack 3 and burn it onto a blank CD. If you need any help burning Backtrack 3 onto a CD, here is a great tutorial. (Make sure you click on the images for better quality.)

Prepare the Wireless Adapeter

When you first boot into Backtrack 3, you should first check if your wireless adapter is compatible with the OS; you can do this by clicking on the small “K” in the bottom left hand corner, then go up to internet after that click on wireless assistant. If you can see wireless networks then that means your wireless adapter is compatible.

After you have checked that it’s time to start hacking. So open up a shell (little black box that’s next to the “K”) and type in airmon-ng. This will show you what your device is called; in my case it’s “eth1,” so I will use eth1 every time it says [device], but it may be different for you so make sure you check under interface.

So after that you’re going to type in airmon-ng stop [device]. this will stop your adapter so you can change the MAC address. Make sure you fill “[device]” with your own interface.

Then you’re going to type in ifconfig[device] down. Next you’re going to need to change the MAC address of your wireless adapter. To do this you’re going to need to type in macchanger –mac 00:11:22:33:44:55 [device].

Now that the wireless adapter is all prepped, we’re going to need to start monitor mode up again. To do this, type in airmon-ng start [device].

Next you’re going to need to find the network that you’re going to hack. So type in airodump-ng [device]. This command will start looking for all the surrounding wireless networks that are available, so when you see the one you want to attack, hit Ctrl+C to stop the scan and make a note of the BSSID and the channel. In my case I’m going to hack 2WIRE260, so the channel is 10 and the BSSID is 00:18:3F:A8:E4:69.

Hacking the Network

Now that we have our target it’s time to start cracking their WEP key, so the very first thing we need to do is start capturing data packets so that we can use them to crack the WEP key later on. To capture the data packets you’re going to type in airodump-ng -c [channel] -w [network.out] –bssid [bssid] [device]. So fill [channel] with the channel of the wireless network you’re hacking. Now [network.out] is the file where all the data packets are going, so you can name this whatever you like — I named it “hack.”

For the [BSSID], type in the network’s BSSID. In my case it would be 00:18:3F:A8:E4:69. So if you did everything right, this is what should come up. To actually crack the WEP, you’re going to need to have around 10,000 - 20,000 data packets, so the more your victim uses their internet the more data packets you receive. So as you can see, I already have 21,653 data packets which is more than enough to crack a WEP key.

But if you can’t get 10,000 data packets, here are some commands that will speed up the process. First open up a new shell and type in aireplay-ng -1 0 -a [bssid] -h 00:11:22:33:44:55[device]. This command doesn’t work on all wireless adapters, so don’t be afraid if you get an error.

Another command that speeds up the process is aireplay-ng -3 -b [bssid] -h 00:11:22:33:44:55 [device].

After you have obtained 10,000 data packets, it’s time to crack the WEP key. So type in aircrack-ng -b [bssid] [filename]-01.cap. Make sure you fill in the file name with the name you chose for [network.out] (in my case it would be “hack”). Then hit enter and wait for the key to be cracked. So the WEP key is 507251228 in my case. If you have any questions, just comment.