Featured Post

HOW TO: Install VPN server on Ubuntu when server is behind firewall

The whole point in this post is to run your own VPN service, and allow you to connect remote devices to your home network. To start off yo...

Mar 27, 2013

Retreiving WEP Passwords

While this same setup can be used for retrieving/cracking WPA keys, I am going to focus on usage for retrieving lost WEP keys.  I state the word retrieving because you should never use this tool to crack a network that does not belong to you, you should use this tool to see how simply a hacker could access your network, and teach prove to yourself how useless WEP is as a form of security.

The first thing you will want to do (this is on Ubuntu) is download wifite (http://code.google.com/p/wifite/).

wget  http://code.google.com/p/wifite/downloads/detail?name=wifite-2.0r85.tar.gz&can=2&q=

Here is a list of the current features on v2.0r85:
  • sorts targets by signal strength (in dB); cracks closest access points first
  • automatically de-authenticates clients of hidden networks to reveal SSIDs
  • numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)
  • customizable settings (timeouts, packets/sec, etc)
  • "anonymous" feature; changes MAC to a random address before attacking, then changes back when attacks are complete
  • all captured WPA handshakes are backed up to wifite.py's current directory
  • smart WPA de-authentication; cycles between all clients and broadcast deauths
  • stop any attack with Ctrl+C, with options to continue, move onto next target, skip to cracking, or exit
  • displays session summary at exit; shows any cracked keys
  • all passwords saved to cracked.txt
  • built-in updater: ./wifite.py -upgrade
Upon first running this application you will be instructed that aircrack-ng (http://www.aircrack-ng.org/)is required for use with this tool.  So next lets get that.

sudo apt-get install aircrack-ng

Some other applications you will want to install to aid in wireless key retreaval, a list of these are shown when running wifite:
  • reaver, for working with WPS-encrypted networks
  • pyrit, cowpatty, tshark: not required, but help verify WPA handshake capture
Witihin the directory that you downloaded wifite make sure you make the script executable:

chmod +x wifite.py

Then for me, I check I can access all my WEP networks with the following code:

./wifite.py -all -wep
 
Hope this helps.