How to Break WEP Encryption

Wired Equivalent Privacy (WEP) is a security protocol for wireless networks that was introduced in 1997. WEP has many security flaws that make it easy to hack. Wi-Fi Protected Access (WPA) is a much stronger security protocol. It was proposed as a replacement for WEP in the early 2000's and WPA2 became the standard for wireless security by 2004.^{[1]XResearch source} In spite of the security risks, WEP networks can still be found today. It may be used by older hardware or by people who don't know the best network protocol when setting up their wireless network. This How.com.vn article teaches you how to break WEP encryption. Warning: Using these techniques to gain unauthorized access to a wireless network is illegal. Law enforcement will frequently set up WEP networks as a honeypot specifically to catch hackers. The information contained in this article is for educational purposes only. It is to demonstrate the flaws of WEP security and so that you know how to protect yourself against attacks on your own wireless network.

Part 1

Part 1 of 2:

Getting What You Need

Download Article

1
Purchase a wireless adapter that supports monitor mode and packet injection. While your laptop computer or smartphone may have a built-in wireless adapter, chances are it does not support monitor mode or packet injection. For this, you will need to purchase a separate wireless adapter. You can order a compatible wireless adapter online. Most range in price from $30 to $70. The following is a list of suitable wireless adapters:^{[2]XResearch source}
- Alfa AWUS036NH
- Alfa AWUS036NHA
- Alfa AWUS036NEH
- Panda PAU09 N600
- Panda PAU 06
2
Install Kali Linux. It is highly recommended that you use Linux when trying to break a WEP encryption. Kali Linux (formerly known as Backtrack) is a Linux distribution that is specifically designed for network penetration testing and security research. It comes with all the tools and software you need pre-installed. You can download Kali Linux for free here.
- Kali Linux can be installed as your primary operating system, or on a virtual machine. It can also be installed on a Raspberry Pi or on a bootable CD or USB drive.
- If you boot Linux from a CD or USB drive, all data will be lost when you reboot your computer, unless you allocate a partition on a USB drive for persistent storage.^{[3]XResearch source}
Advertisement
3
Install Aircrack-ng (if needed). Aircrack-ng is a suite of software tools used to assess, attack, and crack wireless networks. Kali Linux comes with Aircrack-ng already installed. If you are using a different Linux distribution, such as Ubuntu, you will need to use the following steps to install Aircrack-ng:^{[4]XResearch source}
- Press Ctrl + Alt + T to open the Terminal.
- Type sudo apt-get update
- Type sudo apt-get install -y aircrack-ng
- Enter your user password.
- Press Y when prompted.
You should be well within range to pick up a strong signal from the network. Additionally, the network should have at least 1 person connected to it. The more people using the network, the more data you will be able to collect in order to break the network encryption. Ideally, the network should have multiple people using the network and connecting and disconnecting their devices.

Part 2

Part 2 of 2:

Breaking the WEP Encryption

Download Article

This should be a network adapter that supports packet injection and monitor mode. You can connect it to any free USB port on your computer.
If Linux is your primary operating system, simply boot up your computer. If you are using a virtual machine, open your virtual machine software and launch the virtual machine that has Linux installed. If you have a bootable CD or USB drive, make sure your boot order is set to boot from that drive first in the BIOS. Then insert the disk drive and boot up your computer.
On most Linux distributions, the Terminal has an icon that resembles a black screen with a white text cursor. You can click the Terminal icon or use the keyboard shortcut (Ctrl + Alt + T) to open the Terminal.
4
Find your network adapter's name. To do so, type ifconfig and press Enter. This displays all network adapters you have connected to your computer. You will need to know the name of the network adapter you have connected to your computer. It will most likely be named "wlan0," or "wlan1" or something similar.
- If you receive an error message that says "Command 'ifconfig' not found" or something similar, type sudo apt install net-tools and press Enter to install the network tools.
5
Use Airmon-ng to put your network adapter in monitor mode. To do so, type sudo airmon-ng start [network adapter name] and press Enter. Replace "[network adapter name]" with the name of your network adapter you got from the "ifconfig" command. This puts the network adapter in monitor mode. It will also likely change the name of your network adapter. Take note of any name changes your network adapter is given.
- If you are not sure what the new network adapter name is, simply run the "ifconfig" command again.
To do so, type sudo airodump-ng [network adapter name] --encrypt WEP and press Enter. Replace "[network adapter name]" with the current name for your network adapter. This searches the network for packets sent using WEP encryption using Airodump-ng. If any networks are discovered, they will be listed with "WEP" below "ENC" in the read-out.
Once you discover a WEP network, write down the network MAC address listed below "BSSID" and also the channel number listed below "CH" in the read-out.
8
Use Besside-ng to attack the network. To do so, type sudo besside-ng -c [channel number] -b [BSSID number] [network adapter name] and press Enter. Replace "[channel number] with the channel number you got from the airodump-ng command. Replace "[BSSID number]" with the network MAC address you got from the airodump-ng command. Finally, replace "[network adapter name]" with the current name for your network adapter. This launches an attack against the network using the "Besside-ng" tool. The attack should take about 2 - 10 minutes.
- The "Besside-ng" tool first attacks first using packet injection and then by flooding the network. All data that it gathers is saved to a ".cap" file.^{[5]XResearch source}
- Warning: Entering the "Besside-ng" command without the proper network parameters will result in the Besside-ng tool attacking all available networks in range.
- Warning: Launching an attack against a network that you do not have authorization to audit or attack is illegal. Law enforcement will often set up WEP-encrypted networks specifically to catch criminal hackers.
- If you get an error that says "Network is down" or similar during the attack, simply run the command again to continue. You can also run the type the command airmon-ng check kill to automatically stop any processes that may be taking your network adapter out of monitor mode.
To do so, simply type sudo aircrack-ng ./wep.cap and press Enter. This reads back the ".cap" file that all the network data that Besside-ng has gathered back to you. It will display a list of networks it has encountered.
When you see the network you want to break, press the number that corresponds to that network and press Enter. Aircrack-ng will start cracking the code. When it is finished, it will display the network key next to "Key Found!" in both hex code format as well as the standard alpha-numeric version next to "ASCII". You can use the "ASCII" key to log into the network.
This article demonstrates just how easy it is to break WEP encryptions. Once someone is on your network, they can launch a man-in-the-middle attack, route you to fake websites, and control your internet experience. If you or anybody you know is still using WEP encryption, advise them to immediately change their encryption to something newer and more secure, such as WPA/WPA2 or WPA3.

Community Q&A

Search

Add New Question

Question
Can you use this on Kali Linux 2.0?
Community Answer
Yes.
Thanks! We're glad this was helpful.
Thank you for your feedback.
If How.com.vn has helped you, please consider a small contribution to support us in helping more readers like you. We’re committed to providing the world with free how-to resources, and even $1 helps us in our mission.Support How.com.vn
Yes No
Not Helpful 0 Helpful 3
Question
What are packet-sniffing apps?
Community Answer
A sniffer is a tool that intercepts data flowing in a network. If computers are connected to a local or a network that is not filtered or switched, the traffic can be broadcast to all computers contained in the same segment.
Thanks! We're glad this was helpful.
Thank you for your feedback.
If How.com.vn has helped you, please consider a small contribution to support us in helping more readers like you. We’re committed to providing the world with free how-to resources, and even $1 helps us in our mission.Support How.com.vn
Yes No
Not Helpful 0 Helpful 1
Question
I want hack my school WiFi but I don't have a computer. What should I do?
Raif
Community Answer
Go to the computer lab or sneak your phone into the school and make sure you have a packet-sniffing app.
Thanks! We're glad this was helpful.
Thank you for your feedback.
If How.com.vn has helped you, please consider a small contribution to support us in helping more readers like you. We’re committed to providing the world with free how-to resources, and even $1 helps us in our mission.Support How.com.vn
Yes No
Not Helpful 8 Helpful 1

Ask a Question

200 characters left

Include your email address to get a message when this question is answered.

Submit

Tips

Laws concerning network security can differ from place to place. Make sure you know everything you need to know and be prepared to face the consequences of your actions while attempting this.
Thanks
Helpful5 Not Helpful4
You can use other programs such as Wireshark (formerly known as Ethereal), Airsnort, and Kismet to sniff packets and break a WEP encryption. They are available as source code. You will need some background in compiling source code for Linux or Windows to use Airsnort or Kismet. Wireshark/Ethereal comes with an installer or you can download the source code.
Thanks
Helpful0 Not Helpful0

Submit a Tip

All tip submissions are carefully reviewed before being published

Submit

Thanks for submitting a tip for review!

Warnings

Always be careful of who your target is. It's not smart to walk into your local McDonalds and try to crack their net. The chances of you getting caught increase tenfold.
Thanks
Helpful3 Not Helpful4
This information is to be used ethically. Misuse of this information may be illegal both locally and federally.
Thanks
Helpful3 Not Helpful7
Breaking into any network you are not authorized to access is illegal.
Thanks
Helpful0 Not Helpful0
Law enforcement frequently set up WEP networks as a "honeypot." They know these networks are easy to break into and are low-hanging fruit for new hackers. Make sure you know who the network you are breaking into belongs to.
Thanks
Helpful0 Not Helpful0