In this chapter, we will cover the Wired Equivalent Privacy (WEP) protocol and its vulnerabilities, showing how to crack the WEP keys with some of the tools included in Kali Linux, namely, the Aircrack-ng suite and Fern WiFi Cracker.
We will cover the following topics:
The WEP protocol was introduced with the original 802.11 standard as a means to provide authentication and encryption to wireless LAN implementations. It is based on the RC4 (Rivest Cipher 4) stream cypher with a preshared secret key (PSK) of 40 or 104 bits, depending on the implementation. A 24 bit pseudo-random Initialization Vector (IV) is concatenated with the preshared key to generate the per-packet keystream used by RC4 for the actual encryption and decryption processes. Thus, the resulting keystream could be 64 or 128 bits long.
In the encryption phase, the keystream is XORed with the plaintext data to obtain the encrypted data, while in the decryption phase the encrypted data is XORed with the keystream to obtain the plaintext data. The encryption process is shown in the following diagram:
First of all, we must say that WEP is an insecure protocol and has been deprecated by the Wi-Fi Alliance. It suffers from various vulnerabilities related...
WEP cracking with Aircrack-ng
Now that we have explored WEP vulnerabilities and its relative attacks, we are ready to begin the hands-on part. In this section, we will see how to crack WEP keys with the Aircrack-ng suite.
In the reconnaissance phase, we have collected information about each network to be tested, such as the BSSID, the channel on which it operates, and the security protocol used. Here, we focus on a WEP-protected network and we start capturing the frames exchanged by the AP and the associated clients on the relative channel.
We can try this attack ourselves by setting our Wi-Fi router to use WEP. We assume that the BSSID of the AP is 08:7A:4C:83:0C:E0 and the channel is 1. The first step is to start the monitor mode on channel 1, as we have seen in the previous chapter:
To capture the traffic of our target network, we will execute the following command:
This command saves all the...
In this chapter, we covered the WEP protocol, the attacks that have been developed to crack the keys, the Aircrack-ng suite and other automated tools included in Kali Linux that implement these attacks.
In the next chapter, we will cover the WPA/WPA2 protocol and the tools used to attack it.