5. Gaining Access - WEP Cracking
Basics
- WEP means: Wired Equvalent Privacy
- It's an old encryption
- Uses an algorythm called RC4
- Still used in some networks
- Can be cracked easily
How Encryption works
- Each Package is encrypted via a unique Keystream
- Random Initialization Vector (IV) is used to generate the Keystreams
- The IV is only 24 bits
- IV + (password) Key = keystream
WEP Cracking
- IV is too small (24bits)
- IV is sent in plain text
Weakness
- IV's will repeat on busy networks
- This will make WEP vulnerable to statistical attacks
- Repeated IV's can be used to determine the Keystream
- And break the encryption
We can use the tool aircrack-ng to determine the keystream
To crack WEP we need to
1. Capture a large amount of Packages/IVs (airodump-ng)
2. Analyse the captured IVs and crack the key (aircrack-ng)
I am assuming, you already have done Part