WiFu – Cracking Clientless WEP

Filed under WiFu

In this video, I demonstrate how to authenticate with a client-less WEP Open network and breaking the WEP key in a relatively short amount of time using various aircrack-ng tools

I was using Back|Track 4 R1 in this video but the default driver doesn’t work too well with my AWUS036H USB WiFi card, so I removed the new drivers and loaded the older Back|Track 3 drivers

The next step I took was to enable monitor mode on my wireless card using airmon-ng and starting airodump-ng on channel 6 to see what was about

After I identified the target network, I started up screen and ran airodump-ng again on channel 6 and to output the captured data to a file called ‘linksys’

I then attempted to perform a fake authentication attack with the target network using aireplay-ng and started listening for data packet from the clientless network (can take up to 5 minutes) so that I could obtain a PRGA for the network which would allow me to create my own packets for later injection

Once obtained I use packetforge-ng to create a generic ARP Request packet using the broadcast range 255.255.255.255 as most wireless Access Points respond to these, and hopefully would create new IV’s for the target network

Using the newly crafted packet, I used aireplay-ng again to inject this packet, which caused the Access Point to produce new IV’s

Once enough IV’s were captured I used aircrack-ng to work out the HEX encryption code for the network

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*