The first step is to download the Aicrack-ng suite.
In order to decrypt the WEP key we have to follow the next simple steps:
First, change your hardware address (MAC):
ifconfig wlan0 down ifconfig wlan0 hw ether 00:11:22:33:44:55
Now, start package monitoring in the wifi interface (peg:
wlan0), for it, we have to use
airmon-ng start wlan0
At this point we need the data necessary to attack the interested network, we will obtain it with:
It will prompt something like this:
This step is only to get the information to attack the net. From all the networks, probably the best choose will be the one with the less power (PWR column). Once we have chosen one of those, we have to remember the blue data, the BSSID (MAC address of the Access point), PWR (Power of the signal), CH (Channel of the network), ENC and CIPHER (Network security type) and ESSID (Access Point name).
Once we have all the data needed to crack the wifi we can start sniffing packets of the interested network. In our case we have selected
WLAN_DF, in channel 2 with BSSID
airodump-ng -c 2 -w packets --bssid 00:23:F8:A0:C4:A2 wlan0
At this point we only have to wait to collect about 20000 - 40000 packages, it depends from the network use.
Optional, packets injection
If our wifi driver supports packet injection we can increase collection speed by using the
aireplay-ng -1 0 -a 00:23:F8:A0:C4:A2 -h 00:11:22:33:44:55 -e WLAN_DF wlan0 aireplay-ng -3 -b 00:23:F8:A0:C4:A2 -h 00:11:22:33:44:55 wlan0
Getting the network key
Once recollected a good amount of packages (20000 - 40000) we can try to decrypt the key with the final tool,