Our original WEP-cracking series appeared over two years ago and is still among the most popular articles on SmallNetBuilder. But to anyone trying to use the articles, it quickly becomes apparent that they were out of date and in desperate need of updating. That said, the originals still contain a lot of very relevant information so we suggest you read at least Part 1 before you start, as it contains some helpful background information.
Before we get started, however, let us make a few points that may save some readers the time and effort of trying these techniques:
- To successfully follow this How To, you need basic familiarity with networking terminology and principles. You should be comfortable with using command line-based programs and basic familiarity with Linux will be helpful too.
- These procedures assume that the target WLAN has at least one client associated with an AP or wireless router. They will not work with an AP that has no associated clients.
- Accessing anyone else's network other than your own without the network owner's consent is at worst illegal in some U.S. jurisdictions and at best, not a neighborly thing to do.
SmallNetBuilder, Pudai, LLC and the authors do not condone or approve of illegal use of this tutorial in any way.
With that out of the way, lets proceed. What do you need to crack a WEP-protected wireless network these days? The good news is you probably already have everything you need to do it, since, in the two years since the original article, there have been many advances in the open source and wireless exploit tool world.
Gone are the days of requiring expensive, hard-to-find hardware (like the two PRISM 2 Wi-Fi cards and two computers in the original tutorial). Many more of the popular chipsets are now supported. Also you can do it all on a single machine!
The best WEP cracking toolset has been developed by the Aircrack-ng team, so that's what we're going to use. Aircrack-ng is a collection of programs aimed at WEP and WPA-PSK key cracking. While are are seven programs (plus a few Tools) in the suite, we'll be using four of them:
- airmon-ng - for switching the wireless adapter into monitor mode
- airodump-ng - for WLAN discovery and packet capture
- aireplay-ng - for traffic generation
- aircrack-ng - for recovering the WEP key
Although there are versions of the suite that run on Windows and even Zaurus (!) OSes, we're going to use the Linux version. Don't worry about not being a Linux expert, however, since we'll be using the BackTrack 2 (BT2) live CD, which will leave your Windows machine's hard drive unchanged. BT2 comes with the entire aircrack-ng suite already installed.