How to Crack a Wi-Fi Network's WEP Password with BackTrack

http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-pass...

TOP STORIES

WI-FI

How to Crack a Wi-Fi Networks WEP Password with BackTrack

You already know that if you want to lock down your Wi-Fi network, you should opt for WPA encryption because WEP is easy to crack. But did you know how easy? Take a look. If the network you want to test is running

BY GINA TRAPANI

OCT 28, 2011 9:30 AM 3,603,269 467

Like

3k

FOLLOW LIFEHACKER
Like 351766 likes. Sign Up to see what your friends like.

the more popular WPA encryption, see our guide to cracking a Wi-Fi network's WPA password with Reaver instead. Today we're going to run down, step-by-step, how to crack a Wi-Fi network with WEP security turned on. But first, a word: Knowledge is power, but power doesn't mean you should be a jerk, or do anything illegal. Knowing how to pick a lock doesn't make you a thief. Consider this post educational, or a proof-of-concept intellectual exercise. Dozens of tutorials on how to crack WEP are already all over the internet using this method. SeriouslyGoogle it. This ain't what you'd call "news." But what is surprising is that someone like me, with minimal networking experience, can get this done with free software and a cheap Wi-Fi adapter. Here's how it goes.

What You'll Need

Unless you're a computer security and networking ninja, chances are you don't have all the tools on hand to get this job done. Here's what you'll need: A compatible wireless adapterThis is the biggest requirement. You'll need a wireless adapter that's capable of packet injection, and chances are the one in your computer is not. After consulting with my friendly neighborhood security expert, I purchased an Alfa AWUS050NH USB adapter, pictured here, and it set me back about $50 on Amazon. Update: Don't do what I did. Get the Alfa AWUS036H, not the US050NH, instead. The guy in

1 of 8

01/12/2012 01:51 PM

How to Crack a Wi-Fi Network's WEP Password with BackTrack

http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-pass...

LOGIN MOST POPULAR 25,034 CURRENTLY READING

TIPS AND DOWNLOADS FOR GETTING THINGS DONE

below is using a $12 model he bought on Ebay (and is even selling his router of plenty of resources on getting aircrack-compatible adapters out there. A BackTrack 3 Live CD. We already took you on a full screenshot tour of how to install ARDUINO 883 and use BackTrack 3, the Linux Live CD that lets you do all sorts of security testing and tasks. Download yourself copy of the CD and burn it, or load it up in VMware to get Electronics withaArduino and Other Code started. (I tried Peoples the BackTrack 4 pre-release, and it didn't work as well as BT3. Do yourself a favor and stick with BackTrack 3 for now.)
WINDOWS DOWN

How to Start Making Your Own

712 A nearby WEP-enabled Wi-Fi network. The signal should be strong and ideally people Amazons Send to App Makes Sending are usingKindle it, connecting and disconnecting their devices from it. The more use it gets while Documents to need Yourto Kindle as crack, the better your chances of success. you collect the data you run your Easy as Right-Clicking
Patience with the command line. This is an ten-step process that requires typing in INFOGRAPHICS 589around for your Wi-Fi card to collect data in order to long, arcane commands and waiting crack the password. Like the doctor said to the short person, be a little patient.

The Best Tech-Friendly Airports and Airlines

Crack That ASK WEP LIFEHACKER

568 How Can I Protect My To crack WEP, you'll need to launch Konsole, BackTrack's built-in command line. It's right there Computers and Data When on the taskbar in the lower left corner, button to the right. Now, the commands. Someone Else Is Using second My Network?
First run the following to get a list of your network interfaces:

472 How Often Should I Charge My airmon-ng Gadgets Battery to Prolong Its Lifespan?
ASK LIFEHACKER

The only one I've got there is labeled ra0. Yours may be different; take note of the label and write it down.Is From here in, substitute There anon Easy Way to it in everywhere a command includes (interface). Now, run the following four commands. See the output that I got for them in the screenshot below.
CROWDHACKER

379

Measure the Height of a Tree?

airmon-ng stop (interface) ifconfig (interface) down macchanger --mac 00:11:22:33:44:55 (interface) airmon-ng start (interface)

MORE STORIES...

2 of 8

01/12/2012 01:51 PM

How to Crack a Wi-Fi Network's WEP Password with BackTrack

http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-pass...

LOGIN MOST POPULAR 25,034 CURRENTLY READING

If you don't get the same results from these commands as pictured here, most likely your network adapter won't work with this particular crack. If you do, you've successfully "faked" a new MAC address on your network interface, 00:11:22:33:44:55.

TIPS AND DOWNLOADS FOR GETTING THINGS DONE

883 How to Start Making Your Own Electronics with Arduino To see a list of wireless networks aroundand you. When you see the one you want, hit Ctrl+C to stop Other Peoples Code the list. Highlight the row pertaining to the network of interest, and take note of two things: its
ARDUINO

airodump-ng (interface)

BSSID and its channel (in the column labeled CH), as pictured below. Obviously the network you
WINDOWS DOWN

want to crack Amazons should have WEPto encryption 712 (in the ENC) column, not WPA or anything else. Send

Kindle App Makes Sending Documents to Your Kindle as Easy as Right-Clicking 589 The Best Tech-Friendly Airports and Airlines
INFOGRAPHICS ASK LIFEHACKER

Like I said, hit Ctrl+C to stop this listing. (I had to do this once or twice to find the network I was looking for.) Once you've got it, highlight the BSSID and copy it to your clipboard for reuse in the upcoming commands.

568

How Can I Protect My Computers and Data When Someone Else Is Using My Network?
Now we're going toOften watchShould what's going on with How I Charge My that network you chose and capture that information to a file. Run: Gadgets Battery to Prolong Its
ASK LIFEHACKER

472

Lifespan?
airodump-ng -c (channel) -w (file name) --bssid (bssid) CROWDHACKER 379 (interface) Is There an Easy Way to

Measure the Height of a Tree?

Where (channel) is your network's channel, and (bssid) is the BSSID you just copied to clipboard. You can use the Shift+Insert key combination to paste it into the command. Enter anything descriptive for (file name). I chose "yoyo," which is the network's name I'm cracking.

You'll get output like what's in the window in the background pictured below. Leave that one be. Open a new Konsole window in the foreground, and enter this command:

MORE -1 STORIES... aireplay-ng 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid)

3 of 8

01/12/2012 01:51 PM

How to Crack a Wi-Fi Network's WEP Password with BackTrack

http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-pass...

(interface)

LOGIN

Here the ESSID is the access point's SSID name, which in my case is yoyo. What you want to get after this command is the reassuring "Association successful" message with that smiley face. You're almost there. Now it's time for:

MOST POPULAR 25,034 CURRENTLY READING

TIPS AND DOWNLOADS FOR GETTING THINGS DONE

aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 (interface)

Here we're creating router traffic to capture more throughput faster to speed up our crack. After a few minutes, that front window will start going crazy with read/write

883 packets. (Also, I was unable to surf the web How to Start Making Your Own with the yoyo network on a separate Electronics with Arduino and computer while this was going on.) Here's the part where you might have to grab yourself a cup Other Peoples Code
ARDUINO

of coffee or take a walk. Basically you want to wait until enough data has been collected to run
WINDOWS DOWN your crack. Watch the number in the "#Data" columnyou want it to go above 10,000. (Pictured

712 Kindle App Makes Sending Documents to Your Kindle (mine as is inexplicably low at -32 in that screenshot, Depending on the power of your network Easy as Right-Clicking Amazons below it's only at 854.) Send to

even though the yoyo AP was in the same room as my adapter), this process could take some time. Wait until that #Data goes over 589 10k, thoughbecause the crack won't work if it doesn't. In INFOGRAPHICS

Tech-Friendly Airports fact, you may The needBest more than 10k, though that seems to be a working threshold for many. and Airlines 568 How Can I Protect My Computers and Data When Someone Else Is Using My Network?
ASK LIFEHACKER

472 How Often Should I Charge My Gadgets Battery to Prolong Its Lifespan?
ASK LIFEHACKER

379 Is There an Easy Way to Once you've collected enough data, of it'sathe moment of truth. Launch a third Konsole window and Measure the Height Tree?
CROWDHACKER

run the following to crack that data you've collected:

aircrack-ng -b (bssid) (file name-01.cap)

Here the filename should be whatever you entered above for (file name). You can browse to your Home directory to see it; it's the one with .cap as the extension. If you didn't get enough data, aircrack will fail and tell you to try again with more. If it succeeds, it will look like this:

MORE STORIES...

4 of 8

01/12/2012 01:51 PM

How to Crack a Wi-Fi Network's WEP Password with BackTrack

http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-pass...

LOGIN MOST POPULAR 25,034 CURRENTLY READING

The WEP key appears next to "KEY FOUND." Drop the colons and enter it to log onto the network.

TIPS AND DOWNLOADS FOR GETTING THINGS DONE

With this article I set out to prove that cracking WEP is a relatively "easy" process for someone determined and willing to get the hardware and software going. I still think that's true, but

883 How to Start Making Your Own that the last screenshot upwith there doesn't and look like the othersit's because it's not mine. Even Electronics Arduino though the AP which I was cracking was my own and in the same room as my Alfa, the power Other Peoples Code
ARDUINO

unlike the guy in the video below, I had several difficulties along the way. In fact, you'll notice

reading on the signal was always around -30, and so the data collection was very slow, and
WINDOWS DOWN BackTrack would consistently crash before it was complete. After about half a dozen attempts

712 Amazons Send to Kindle App Makes Sending haven't captured enough data for aircrack to decrypt the key. Documents to Your Kindle as Easy as Right-Clicking

(and trying BackTrack on both my Mac and PC, as a live CD and a virtual machine), I still

So while this process is easy in theory, your mileage may vary depending on your hardware, proximity to the AP point, and the way the planets are aligned. Oh yeah, and if you're on INFOGRAPHICS 589 The Best Tech-Friendly Airports deadlineMurphy's Law almost guarantees it won't work if you're on deadline.

and Airlines
To see the video version of these exact instructions, check out this dude's YouTube video. ASK LIFEHACKER 568

How Can I Protect My Computers and Data When Someone Else Is Using My Network? 472 How Often Should I Charge My Gadgets Battery to Prolong Its Lifespan?
ASK LIFEHACKER

379 Is There an Easy Way to Measure the Height of a Tree?

CROWDHACKER

Got any experience with the WEP cracking courtesy of BackTrack? What do you have to say about it? Give it up in the comments. Contact Gina Trapani:
RELATED STORIES COMMENT

The Best Tech-Friendly Airports and Airlines How to Crack a Wi-Fi Network's WPA Password with Reaver If You Don't Need LTE, Motorola's Taking Wi-Fi Xyboard Pre-Orders and Shipping in Two Weeks GIZMODO
Download Password Manager
Never Forget Your Passwords Again. Over 50 Million Downloads To Date!
www.RoboForm.com/PasswordManager

DISCUSSION THREADS

FEATURED

ALL START A NEW THREAD

evilegg2000

25 Oct 2010 1:09 PM

My wi-fi is completely open. It makes my life easier and I figure I would notice the guy sitting on MORE STORIES...

5 of 8

01/12/2012 01:51 PM

How to Crack a Wi-Fi Network's WEP Password with BackTrack

http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-pass...

my lawn.

LOGIN
promoted by freedomweasel

MOST POPULAR 25,034 CURRENTLY READING

: You computer can save your wifi passwords. You only need to type it in once.

TIPS AND DOWNLOADS FOR : Enjoy that kiddie porn that a random person driving by your house uploads to GETTING THINGS DONE
your computers right before they call the FBI.

: It's really easy to put a password on your router, and as freedomweasel mentioned, that's all you'll ever have to do. ARDUINO 883

How to Start Making Your Own Electronics with Arduino and paravorheim @evilegg2000 Other Peoples Code
@evilegg2000: Right now, as we speak, I can access the router from 2 houses down from me.
WINDOWS DOWN I'm fairly positive they can't see me on their lawn.

712 Amazons Send to Kindle App Makes Sending Documents to Your Kindle as evilegg2000 @freedomweasel Easy as Right-Clicking

@freedomweasel: I have to remember what it is when one of my friends stops by with his laptop, INFOGRAPHICS 589 iPod... and wants to go online.

The Best Tech-Friendly Airports and Airlines

freedomweasel @evilegg2000

@evilegg2000: Sticky note on the router. If you give out your password to everyone who asks, it

568 How Can I Protect My does no harmComputers to have it written down on the router. It'll still keep the random neighbor from and Data When Someone Else Is Using My hogging bandwidth. Network?
ASK LIFEHACKER

472 How Often Should I Charge My @evilegg2000: Sweet, time to go connect and try out firesheep! Gadgets Battery to Prolong Its Lifespan?
blue_solace @evilegg2000
CROWDHACKER

aliskaba @evilegg2000 ASK LIFEHACKER

379

Is With There an Easy Way toa person can be more than a mile away and steal your @evilegg2000: the right antenna,
bandwidth. Measure the Height of a Tree?
senshikaze @freedomweasel

@freedomweasel: also your traffic will be encrypted. the advantage to using wpa is not to keep mooches off, it is to encrypt your traffic.
promoted by freedomweasel

acutelyaware @evilegg2000

@evilegg2000: if you live on a property that has enough land for neighbours to not pick it up, then yeah id keep it open. i hate the time i waste trying to remember the password for friends.
promoted by tchrman35

tkuhl87 @evilegg2000

@evilegg2000: and with WPA you can just create some easy to remember phrase like say your address, or lyrics or something like that. Simple, easy to remember and very secure. For fun I've accessed open routers and added a password, or blocked very specific websites like Google...sick sense of humor I guess, but there are far more nefarious things someone could do.

MORE STORIES...

6 of 8

01/12/2012 01:51 PM

How to Crack a Wi-Fi Network's WEP Password with BackTrack

http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-pass...

guyston @evilegg2000

LOGIN

MOST POPULAR 25,034 CURRENTLY READING : Used to take this view and it is pretty good providing you live remotely but I
opted for a password recently because I was suspicious of my pesky neighbours.

: What about the guy that is 1 mile away siffing your traffic to steal your identity. I does happen to real people. Secondly make it something easy like your phone number. TIPS AND DOWNLOADS FOR

GETTING THINGS DONE

@evilegg2000

: Just set your WPA password to "EvilEgg2000" or something. It's secure, and you'll always remember it.

@acutelyaware: People, if it's that much trouble to remember a short passphrase, and if sticky notes aren't your thing, buy some printable Business Cards, throw down 100 of them, and put WINDOWS DOWN

883 How to Start Making Your Own tchrman35 @acutelyaware Electronics with Arduino and Other Peoples Code
ARDUINO

712 them in a little business card holder your kitchen junk drawer. Amazons Send to in Kindle App Makes Sending Documents to Your Kindle as I think you can go overboard with security, but I still throw the deadbolt when I'm away or
asleep. It doesn't mean I don't trust my neighbors. It does mean I am willing to believe there might be people out there who care more INFOGRAPHICS 589 about their wants/needs than about my

Easy as Right-Clicking

The Best Tech-Friendly Airports safety/property rights. and Airlines

Just secure the network. Or be prepared to live with the consequences, should they bite you.

568 How Can I Protect My Computers and Data When freedomweasel @senshikaze Someone Else Is Using My @senshikaze:Network? Very true. For some reason I always focus on people stealing bandwidth.
ASK LIFEHACKER

472 How Often Should I Charge My Gadgets Battery Prolong Itsprint that can be read from across the room. My @freedomweasel: I put it on my to fridge. I large Lifespan?
jeffeb3 @freedomweasel
ASK LIFEHACKER

friends still ask for the password (because they can't read I guess).
CROWDHACKER

379

Is There an Easy Way to Joel @freedomweasel

Measure the Height of a Tree?

@freedomweasel, et al: If you don't care about sharing internet, and just want encryption, and don't want to forget the password, make the SSID something like PWis(Insert Password Here). No stickies, no remembering, easy! And you can turn on AP isolation if you're not sharing across the router. (Sorta - draw a network graph as always, helps you figure stuff out.)
zakany001 @evilegg2000

@evilegg2000: I hope you don't mind me changing your router's settings, because I will do so to keep my children from bypassing my home network.
SmarchHare @xaronax

This comment shows up on any discussion of open wifi. Has this ever happened in the history of ever?
belch @zakany001

Just because my wifi is open, does not mean my router is set to the default password. In fact it is not.

MORE STORIES... If you want me to block your mac addresses, just let me know and I'll do it for you.

7 of 8

01/12/2012 01:51 PM

How to Crack a Wi-Fi Network's WEP Password with BackTrack

http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-pass...

LOGIN MOST POPULAR 25,034 CURRENTLY READING

A friend showed me how to leave a network free of password protection, yet still protected from unauthorized access. It was set up such that anyone could connect to the router, but they had no access to the internet or the other computers on the network. When someone tried to connect, the administrator would get a popup on their computer saying [computer name] is trying to connect to [network name], and from there you could give them access or deny it. Once they had
RossLH @evilegg2000

TIPS AND DOWNLOADS FOR GETTING THINGS DONE

Ours is too, but since we live in the woods a quarter mile away from anyone, I figured we were safe. Alas, distance isn't a viable security strategy for everyone.
ARDUINO @SmarchHare883 IAmMarchHare

How to Start Making Your Own Other Peoples Code

Electronics with Arduino and @SmarchHare

[o.seattletimes.nwsource.com]

WINDOWS DOWN

712 Amazons Send to Kindle App Makes Sending Documents to Your Kindle as Easy as Right-Clicking 589 The Best Tech-Friendly Airports and Airlines
INFOGRAPHICS

Edited by IAmMarchHare at 10/28/11 3:34 PM

568 How Can I Protect My Computers and Data When About Help Forums Legal My Privacy Someone Else Jobs Is Using Network?
ASK LIFEHACKER

Permissions

Advertising

Subscribe

Send a tip

472 How Often Should I Charge My Gadgets Battery to Prolong Its Lifespan?
ASK LIFEHACKER

379 Is There an Easy Way to Measure the Height of a Tree?

CROWDHACKER

MORE STORIES...

8 of 8

01/12/2012 01:51 PM