Hacking a WEP secured network has never been too difficult. It was sufficient to type a couple of commands from the aircrack suite into a few terminal windows to retrieve a WEP key. But with the Fern wifi cracker, WEP hacking really has become child’s play.
With great power comes great responsibility. The purpose of this article is to demonstrate how easy WEP hacking has become. Don’t go off breaking into other’s networks. For this article I broke only into my own temporarily WEP protected network.
What you need
Here is a list of the items you’ll need to hack your WEP secured network:
- Your own WEP secured network
- An USB bootable pc with a wireless network card
- A USB thumb drive of at least 2 GB
Step 1: Get the right software
- Download Backtrack 5R3 from here.
- Install the downloaded ISO image on your USB thumb drive. This article explains how you can do that.
Backtrack 5R3 is a distro designed for penetration testing. It contains everything you need to hack into your WEP network. Although Backtrack 5R3 was released in august 2012 it still is based on ubuntu 10.04. For this article I used the gnome version because it still uses good old Gnome 2; but you can opt for a KDE version as well.
Step 2: Boot up your pc with Backtrack
Reboot your computer from the LiveUSB drive. Different from most other distros Backtrack 5R3 boots up in text mode. Once the screen shows something similar to “root@bt:~#” type in “startx” without the quotes and the Backtrack will bring up the graphical desktop environment.
Step 3: Hack your WEP protected network
As shown in the picture below the Fern wifi cracker can be found under:
Applications > Backtrack > Exploitation Tools > Wireless Exploitation Tools > WLAN Exploitation > Fern-wifi-cracker
This brings up the straightforward GUI of the Fern wifi cracker below.
- The first thing you need to do is select the wireless card you’d like to use with the “select interface” button.
- When you hit the “Scan for Access points” button. The number of WEP protected access points in your neighbourhood will be shown next to the “WiFi WEP” button.
- Clicking the lightened up “WiFi WEP” button brings up the new window below.
- Select your WEP protected network from the drop down list on top of the window and hit the “WiFi Attack” button.
Now the program will start collecting IVS. It might take a while before the number of injecting ARP packets starts to increase. In my experience it goes faster when there is a wireless connection between another device and the access point, like for example somebody is surfing the internet using the wireless access point whilst you’re hacking it.
Once enough IVS have been captured the program will calculate a WEP key that you can use to access the network.
When you look closely to the first and the last screenshots in this post you’ll notice that the time between them is only 8 minutes. This is including taking and saving screenshots.
When hacking a WEP key only takes 4 clicks and a few minutes on a modest Atom N455 powered Asus 1011 px netbook, it is easy as child’s play. If you know somebody who still has a WEP protected network help him out to change it to the more secure WPA(2) encryption.