Featured Post

HOWTO: MySQL install guide for NAS4Free 10.2.x

Mar 27, 2013

Retreiving WEP Passwords

While this same setup can be used for retrieving/cracking WPA keys, I am going to focus on usage for retrieving lost WEP keys.  I state the word retrieving because you should never use this tool to crack a network that does not belong to you, you should use this tool to see how simply a hacker could access your network, and teach prove to yourself how useless WEP is as a form of security.

The first thing you will want to do (this is on Ubuntu) is download wifite (http://code.google.com/p/wifite/).

wget  http://code.google.com/p/wifite/downloads/detail?name=wifite-2.0r85.tar.gz&can=2&q=

Here is a list of the current features on v2.0r85:
  • sorts targets by signal strength (in dB); cracks closest access points first
  • automatically de-authenticates clients of hidden networks to reveal SSIDs
  • numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)
  • customizable settings (timeouts, packets/sec, etc)
  • "anonymous" feature; changes MAC to a random address before attacking, then changes back when attacks are complete
  • all captured WPA handshakes are backed up to wifite.py's current directory
  • smart WPA de-authentication; cycles between all clients and broadcast deauths
  • stop any attack with Ctrl+C, with options to continue, move onto next target, skip to cracking, or exit
  • displays session summary at exit; shows any cracked keys
  • all passwords saved to cracked.txt
  • built-in updater: ./wifite.py -upgrade
Upon first running this application you will be instructed that aircrack-ng (http://www.aircrack-ng.org/)is required for use with this tool.  So next lets get that.

sudo apt-get install aircrack-ng

Some other applications you will want to install to aid in wireless key retreaval, a list of these are shown when running wifite:
  • reaver, for working with WPS-encrypted networks
  • pyrit, cowpatty, tshark: not required, but help verify WPA handshake capture
Witihin the directory that you downloaded wifite make sure you make the script executable:

chmod +x wifite.py

Then for me, I check I can access all my WEP networks with the following code:

./wifite.py -all -wep
Hope this helps.