Cracking Clientless WEP

In this video, I demonstrate how to authenticate with a client-less WEP Open network and breaking the WEP key in a relatively short amount of time using various aircrack-ng tools

I was using Back|Track 4 R1 in this video but the default driver doesn’t work too well with my AWUS036H USB WiFi card, so I removed the new drivers and loaded the older Back|Track 3 drivers

The next step I took was to enable monitor mode on my wireless card using airmon-ng and starting airodump-ng on channel 6 to see what was about

After I identified the target network, I started up screen and ran airodump-ng again on channel 6 and to output the captured data to a file called ‘linksys’

I then attempted to perform a fake authentication attack with the target network using aireplay-ng and started listening for data packet from the clientless network (can take up to 5 minutes) so that I could obtain a PRGA for the network which would allow me to create my own packets for later injection

Once obtained I use packetforge-ng to create a generic ARP Request packet using the broadcast range as most wireless Access Points respond to these, and hopefully would create new IV’s for the target network

Using the newly crafted packet, I used aireplay-ng again to inject this packet, which caused the Access Point to produce new IV’s

Once enough IV’s were captured I used aircrack-ng to work out the HEX encryption code for the network

Leave a Reply

Your email address will not be published. Required fields are marked *