WEP
Theory
WEP is a security protocol designed to provide a wireless local area network (WLAN) with a level of security and privacy comparable to what is usually expected of a wired LAN. Although WEP was designed to ensure that only authorized users can access the wireless network and to encrypt data transmissions, it has several vulnerabilities that make it ineffective for securing wireless networks today.
Vulnerabilities:
Encryption: WEP uses the RC4 stream cipher for encryption, with a fixed key length of 40 bits or 104 bits.
Integrity Check: WEP includes a cyclic redundancy check (CRC) for data integrity, but it does not provide strong authentication or key management.
Weak encryption keys: The small key size (40 or 104 bits) and reuse of keys make it vulnerable to attacks.
IV (Initialization Vector) reuse: The IV used in WEP is not random enough, leading to predictable patterns that can be exploited.
Requirements
Wireless Network Card: A card that supports monitor mode (e.g., Atheros, Ralink).
Linux OS: Kali Linux is commonly used for penetration testing.
Tools:
Aircrack-ng suite
Reaver
Wifite
Attacks
1. Packet Sniffing
Description: Capturing wireless packets transmitted over the WEP-encrypted network.
Command Example:
Replace wlan0
with your network interface in monitor mode.
2. IV Injection Attack
Description: Exploiting the predictable nature of the IVs used in WEP, allowing attackers to inject packets into the network.
Command Example:
Replace [Target_BSSID]
with the target network's BSSID and [Your_MAC_Address]
with your own MAC address.
3. WEP Key Cracking
Description: Capturing enough packets to recover the WEP key used for encryption.
Command Example:
Replace [Capture_File].cap
with the file containing the captured packets.
4. WEP Deauthentication Attack
Description: Forcing a client to disconnect from the network, which allows the attacker to capture the handshake process and collect more IVs.
Command Example:
Replace 10
with the number of deauthentication packets to send.
Resources:
https://www.aircrack-ng.org/index.html https://vengeance.medium.com/wi-fi-hacking-series-exploring-wep-attacks-part-2-fbfc52cf9e7a
Last updated