Cracking WEP Protected WiFi Easily With Backtrack 5 Steps By Steps

Do you want free internet for the rest of your life? If yes, then you need to do some hacks with your neighbor’s wifi. Because with this method you can get a free internet along with good connectivity.

But most of the wifi routers are secured with the latest encryption methods such as WPA/WPA2, WPS, and WEP. WEP is one of the oldest techniques in this and it can be easily cracked with the help of some useful software like Backtrack.

So in this post, I am going to show you how to Crack WEP protected WiFi easily with the help of Backtrack 5 and I will also list the step by step procedure so you will find everything easily.

Requirements to crack a WEP key:

  • Backtrack or any other Linux distro with aircrack-ng installed 
  • A Wifi adapter capable of injecting packets, For this tutorial I will use Alfa AWUS036H which is a very popular card and it performs well with Backtrack

You can find all the backtrack 5 compatible cards from here.

Cracking WEP Protected WiFi with Backtrack 5

Step 1. First log in to your Backtrack / Linux distro and plug in your Wifi adapter, Open a new console, and type in the following commands.

ifconfig wlan0 up

where wlan0 is the name of the wireless card ,it can be different .To see all wireless cards connected to your system simply type in ” iwconfig “.

Step 2. Putting your WiFi Adapter on Monitor Mode.

To begin, you’ll need to first put your wireless adapter into monitor mode , Monitor mode is the mode whereby your card can listen to every packet in the air , You can put your card into monitor mode by typing in the following commands.

airmon-ng start (your interface)
Putting your WiFi Adapter on Monitor Mode in Bactrack 5

Example : airmon-ng start wlan0

Now a new interface mon0 will be created , You can see the new interface is in monitor mode by entering “iwconfig mon0” as shown.

Enable Monitor Mode on Bactrack 5

Step 3. Finding a suitable Target

After putting your card into monitor mode ,we need to find a network that is protected by WEP. You can discover the surrounding networks by entering the following command.

airodump-ng mon0
Finding Suiatable Target using airodump-ng mon0

BSSID shows the mac address of the AP, CH shows the channel in which AP is broadcasted and Essid shows the name broadcasted by the AP, Cipher shows the encryption type. Now lookout for a WEP protected network In my case i will take “linksys “ as my target for the rest of the tutorial.

Step 4. Attacking The Target

Now to crack the WEP key you’ll have to capture the targets data into a file, To do this we use airodump tool again, but with some additional switches to target a specific AP and channel.

Most importantly, you should restrict monitoring to a single channel to speed up data collection, otherwise, the wireless card has to alternate between all channels. You can restrict the capture by giving in the following commands.

airodump-ng mon0 –bssid -c (channel ) -w (file name to save )
Attacking The Target

As my target is broadcasted in channel 6 and has a bssid “98:fc:11:c9:14:22” ,I give in the following commands and save the captured data as RHAWEP.

airodump-ng mon0 –bssid 98:fc:11:c9:14:22 -c 6 -w RHAWEP

Step 5. Using Aireplay To Speed Up Hacking Process

Now you’ll have to capture at least 20,000 data packets to crack WEP .This can be done in two ways, The first one would be a (passive attack ) wait for a client to connect to the AP and then start capturing the data packets but this method is very slow, it can take days or even weeks to capture that many data packets

The second method would be an (active attack )this method is fast and only takes minutes to generate and inject that many packets .

In an active attack, you have to do a Fake authentication (connect) with the AP, then you’ll have to generate and inject packets. This can be done very easily by entering the following commands.

aireplay-ng – 1 3 -a (bssid of the target ) (interface)
Speeding Up WiFi Hacking Process in Backtrack 5

In my case i enter the following commands:

aireplay-ng -1 3 -a 98:fc:11:c9:14:22 mon0

Step 6. Generating and Injecting ARP Packets

After doing a fake authentication ,now its time to generate and inject Arp packets . To this you’ll have to open a new Console simultaneously and type in the following commands.

aireplay-ng 3 -b (bssid of target) -h ( Mac address of mon0) (interface)
Generating and Injecting ARP Packets using Backtrack 5

In my case i will enter the following commands in the console.

aireplay-ng 3 -b 98:fc:11:c9:14:22 -h 00:c0:ca:50:f8:32 mon0

If this step was successful you will see a lot of data packets in the airodump console as shown in the below image.

Capture ARP Packets

Wait till it reaches 20000 packets , best would be to wait till it reaches around 80,000 to 90,000 packets .Its simple more the packets less the time to crack .Once you’ve captured enough number of packets, close all the process’s by clicking the into mark which is there on the terminal.

Step 7. Cracking The WEP Key Using Aircrack-Ng

Now its time crack the WEP key from the captured data, Enter the following commands in a new console to crack the WEP key.

aircrack-ng (name of the file)
Cracking WEP Protected WiFi Easily With Backtrack 5

In my case i will enter the following commands in the console.

aircrack-ng RHAWEP-0.1-cap

Within a few minutes, Aircrak will crack the WEP key as shown in the image. Once the crack is successful you will be left with the KEY! Remove the colons from the output and you’ll have your WEP Key.

Hope You Enjoyed this tutorial , If you have any question or suggestions you are welcomed to comment below.