Bypassing Shared Key Authentication

When attacking a WEP encrypted WiFi network you can come across two different authentication methods, Open and Shared Key. In the the previous video we attacked an Open WEP network, so this time we are going to attack a SKA WEP network.

In this video, I started aireplay-ng and try to authenticate but quickly realise it’s not an open network and aireplay-ng switched to Shared Key authentication.

Next I started up airodump-ng on channel 6 and to save the captured data to a file called ‘linksys,’ next I attempted to de-authenticate an associated client meaning that they would have to complete a new SKA, which we would capture.

Once captured we are able to use this captured SKA when we try and associate, which works fine for us and we successfully authenticated with the target network.

Like in the previous video, we proceed to capture the PRGA so that we can craft our own packets for the network and create broadcast ARP request packets in the hope that the Access Point will respond with a new IV, and finally we crack the WEP encryption key for the network using aircrack-ng.

Leave a Reply

Your email address will not be published. Required fields are marked *