Breaking any encryption involves knowing a few things. First, you have to know that there is an encryption scheme. Secondly, you must know how encryption works. Breaking any code manually is near impossible; luckily, you can break the WEP encryption if you use a packet-sniffing program.

Steps

  1. 1
    Use Linux. Windows cannot sniff WEP packets, but you can use a bootable CD of Linux.

  2. 2
    Get a packet-sniffing program. Backtrack is a commonly-used option. Download the iso image and burn it on a bootable CD/DVD.
  3. Hackwep1.jpg
    3
    Boot Linux and Backtrack. Use your bootable CD/DVDs.
    • Note that this operating system is not required to be installed on hard drive. That means whenever you shutdown the Backtrack, all your data will be lost.
  4. Hackwep2.jpg
    4
    Select a start-up option. The following Backtrack screen will show after booting. Change the option with the up and down arrow keys and select one. This tutorial will use the first option.
  5. Hackwep3.jpg
    5
    Load the graphical interface via command base. In this option, Backtrack is started on command base. Type command: startx to continue.
  6. Hackwep4.jpg
    6
    Click on terminal button at the bottom left. It'll be the fifth option.
  7. Hackwep5.jpg
    7
    Wait for the Linux command terminal to open.
  8. Hackwep6.jpg
    8
    View your WLAN type. Enter the following command: "airmon-ng" (without quotes). You should see something like wlan0 beneath Interface.
  9. Hackwep7.jpg
    9
    Get all the required information for the access point. Enter the following command: "airodump-ng wlan0" (without quotes). You should get three things:
    • BSSID
    • Channel
    • ESSID (AP Name)
    • Here's what the tutorial case turned up:
      • BSSID 00:17:3F:76:36:6E
      • Channel number 1
      • ESSID(AP Name)Suleman
        Hackwep8.jpg
  10. Hackwep9.jpg
    10
    Enter the following command. This one will use the example information above, but you should plug in your own. Command: "airodump-ng -w wep -c 1 -- bssid 00:17:3F:76:36:6E wlan0" (without quotes).
  11. Hackwep10.jpg
    11
    Allow setup to start.
  12. Hackwep11.jpg
    12
    Open a new terminal window. Type the following command, substituting the values for your own BSSID, Channel and ESSID. Command: "aireplay-ng -1 0 –a 00:17:3f:76:36:6E wlan0" (without quotes).
  13. Hackwep12.jpg
    13
    Open another new terminal window. Type the following command: "aireplay-ng -3 –b 00:17:3f:76:36:6e wlan0" (without quotes).
  14. Hackwep13.jpg
    14
    Allow setup to start.
  15. Hackwep14.jpg
    15
    Go back to the first terminal window.
  16. Hackwep15.jpg
    16
    Allow the data in this window to reach to 30000 or above. It will take 15 to 60 minutes (or more) depending on wireless signal, hardware and load on access point.
  17. Hackwep16.jpg
    17
    Go to the third terminal window and press Ctrl + c.
  18. Hackwep17.jpg
    18
    Pull up the directories. Type the following command: "dir" (without quotes). This will show the directories saved on it during decrypting.
  19. Hackwep18.jpg
    19
    Use a cap file. For the example, it would be the following: "aircrack-ng web-02.cap" (without quotes). The setup shown below will start.
  20. Hackwep19.jpg
    20
    Break the WEP encrypted key. After this setup completes, you'll be able to break the key. In this example, it was {ADA2D18D2E}.