WEP cracking with Aircrack-ng
Now that we have explored WEP vulnerabilities and its relative attacks, we are ready to begin the hands-on part. In this section, we will see how to crack WEP keys with the Aircrack-ng suite.
In the reconnaissance phase, we have collected information about each network to be tested, such as the BSSID, the channel on which it operates, and the security protocol used. Here, we focus on a WEP-protected network and we start capturing the frames exchanged by the AP and the associated clients on the relative channel.
We can try this attack ourselves by setting our Wi-Fi router to use WEP. We assume that the BSSID of the AP is 08:7A:4C:83:0C:E0 and the channel is 1. The first step is to start the monitor mode on channel 1, as we have seen in the previous chapter:
airmon-ng start wlan0 1
To capture the traffic of our target network, we will execute the following command:
airodump-ng --channel 1 --bssid 08:7A:4C:83:0C:E0 --write wep_crack mon0
This command saves all the...