When attacking a WEP encrypted WiFi network you can come across two different authentication methods, Open and Shared Key Authentication. In the previous example, we attacked a WEP network configured with Open Authentication.
In this video, I started aireplay-ng and try to authenticate but quickly realise it’s not using open authentication and aireplay-ng switched to Shared Key Authentication.
Next I started up airodump-ng on channel 6 and to save the captured data to a file called ‘linksys,’ next I attempted to de-authenticate an associated client, this would force the client to re-authenticated to the network and complete the authentication process, which we would capture.
Once captured we are able to use this captured SKA when we try and associate, which works fine for us and we successfully authenticated with the target network.
Like in the previous video, we proceed to capture the PRGA so that we can craft our own packets for the network and create broadcast ARP request packets in the hope that the Access Point will respond with a new IV, and finally we crack the WEP encryption key for the network using aircrack-ng.