How To Crack WEP and WPA Wireless Networks

Cracking WEP, WPA-PSK and WPA2-PSK wireless security using aircrack-ng

Introduction
With the popularity of wireless networks and mobile computing, an overall understanding of common security issues has become not only relevant, but very necessary for both home/SOHO users and IT professionals alike. This article is aimed at illustrating current security flaws in WEP/WPA/WPA2. Successfully cracking a wireless network assumes some basic familiarity with networking principles and terminology, as well as working with command-line tools. A basic familiarity with Linux can be helpful as well. Disclaimer: Attempting to access a network other than your own, or one you have permission to use is illegal insome U.S. jurisdictions. Speed Guide, Inc. are not to be held liable for any damages resulting from the use or misuse of the information in this article. To successfully crack WEP/WPA, you first need to be able to set your wireless network card in "monitor" mode to passively capture packets without being associated with a network. This NIC mode is driverdependent, and only a relatively small number of network cards support this mode under Windows. One of the best free utilities for monitoring wireless traffic and cracking WEP/WPA-PSK keys is the aircrackng suite, which we will use throughout this article. It has both Linux and Windows versions (provided your network card is supported under Windows). The aircrack-ng site has a comprehensive list of supported network cards available here:NIC chipset compatability list. If your network card is not supported under Windows, one can use a free Linux Live CD to boot the system. BackTrack 3 is probably the most commonly used distribution, since it runs from a Live CD, and has aircrack-ng and a number of related tools already installed. For this article, I am using aircrack-ng version 1.0 on a Linux partition (Fedora Core 10, 2.6 32-bit kernel) on my Sony Vaio SZ-680 laptop, using the built-in Intel 4965agn network card. If you're using the BackTrack 3 CD aircrack-ng is already installed, with my version of linux it was as simple as finding it with: yum search aircrack-ng yum install aircrack-ng The aircrack-ng suite is a collection of command-line programs aimed at WEP and WPA-PSK key cracking. The ones we will be using are: airmon-ng - script used for switching the wireless network card to monitor mode airodump-ng - for WLAN monitoring and capturing network packets aireplay-ng - used to generate additional traffic on the wireless network aircrack-ng - used to recover the WEP key, or launch a dictionary attack on WPA-PSK using the captured data.

1. Setup (airmon-ng)
As mentioned above, to capture network traffic wihtout being associated with an access point, we need to set the wireless network card in monitor mode. To do that under linux, in a terminal window (logged in as root), type: iwconfig (to find all wireless network interfaces and their status) airmon-ng start wlan0 (to set in monitor mode, you may have to substitute wlan0 for your own interface name) Note: You can use the su command to switch to a root account. Other related Linux commands: