This page will walk through a basic WEP cracking procedure using Kali Linux. I tested this out on my home router by switching its encryption to WEP. Within a few minutes, I had cracked the WEP passkey. Here's how.

First I'll walk you through the need-to-know basics. Then we'll dive into some command line on Kali and see how to do this.

The Background

Wireless Encryption

When you configure your home router, you've got a myriad of different options for your router security protocol. Some of these link into business systems, some are for home routers, and a few are marked as "less secure." (This tutorial will show you precisely why!) Each of these different security protocols is simply a way for the traffic that's being sent between the router and your computer to be encrypted, so that no one else can read it. But as with any cryptosystem, the more information (wireless packets) an attacker has, the better able they are to attack the encryption. The less sophisticated that encryption, the less information the attacker needs.

Weakness 1: WEP

With WEP 64 bit, the passphrase is a five-character key - pretty easy to crack. This means an attacker can listen to traffic on the network, and even though it's encrypted, still use it to determine the passphrase by brute force.

The simplicity of the WEP security protocol is the first weakness that this attack takes advantage of.

Weakness 2: Router Requests

While the WEP encryption protocol is pretty easy to crack, it requires a lot of packets - a LOT of packets - so by itself, the first weakness isn't very useful, since it might still take days just to gather enough information to crack the passphrase.

Enter weakness number two: even if you're not on a network, you can still send packets to the router. By spoofing the MAC address of a device that's already connected to the network, you can confuse the router by grabbing a packet, duplicating it, and sending a flood of these duplicate packets "from" a device on the target computer (actually sent from your computer). The router will then respond to that flood of packets with a flood of its own response packets. Since all of these packets are all encrypted, you've just tricked the router into giving you a much faster source of encrypted packets with which to crack the WEP passphrase.

The Software

Kali

For this attack you'll need a device running Kali Linux.

Wireless

You'll also need a working wiereless network device. Based on my many Kali adventures in wireless USB dongle land, I recommend Panda brand wireless USB adapters, and using the wicd network manager (do not use the built-in Gnome Network Manager!).

Aircrack

This attack will utilize aircrack, which comes with Kali Linux (it's one of the top 10 Kali programs!).