How to Crack a WEP Encrypted Wireless Network on Windows Vista

First you can only use this method to crack a WEP encrypted network. WEP has been
replaced by WPA encryption which is stronger but can still be cracked, just not as
easily. To find out if the network you want to crack is WEP encryption, simply iew
the wireless networks in the !onnect to a network bo" and hold your mouse oer the
network of choice. A little bo" will tell you the encryption. #f it say WEP $ good we
can proceed, if it says anything else this tutorial wont help.
First to understand what you will be doing. %ou will be using a program to capture
packets and then use another program to analy&e those packets and crack the key,
thus allowing you to hae access to their network. To capture packets 'data from the
network we are trying to crack( you must hae the program running on your computer
and you must capture about )** *** or more #+ packets 'a special type of packet(. #
will show you how to capture the correct type of packets.
Also ,-.% certain types of wireless cards can actually capture wireless packets. #n
order to capture packets your wireless card must be able to go into monitor mode,
not eery drier or eery wireless card supports monitor mode. #n most cases you will
hae to download a special drier designed for your wireless card to put it into
monitor mode. # had to purchase a new wireless card because mine was not supported.
The program you will be using has a list of supported wireless cards and comes with
the driers needed '.ucky you(
,k, down to business. First the program you need to capture packets can be
downloaded from this link http/00www.tamos.com0download0main0ca.php
-e"t the program to analy&e the packets and finger out the password can be
downloaded from my own site. # got it to work for windows ista and then &ipped it all
into a folder for you. To get this to run all you hae to do is e"tract it, open the
aircrack folder, then open the bin folder, then double click on Aircrack$ng 12#.e"e.
3ere is the download linkhttp/00www.howtoideos.ca0images0aircrack+ista.rar just
click it and sae the file.
-ow for the dirty work, keep in mind this could take a few days to capture enough
packets. First install the !ommiew for Wifi program. %ou do this by e"tracting the
setup file from the file we downloaded earlier 'ca4.&ip( Then double click setup.e"e
and follow the prompts. When !ommiew opens for the first time it has a drier
installations guide. This replaces the old drier with a newer, better, and more
improed ersion5 3ooray. Follow the prompts to install your new drier and now we
are ready to capture. #f eerything has gone as planned when you open !ommiew for
Wifi the little play button in the top left corner will be blue. #f it is not blue the
drier has not been installed properly. 6oing on7
!lick the blue button in the top left corner and then click 8tart 8canning. !ommiew
for Wifi now starts scanning each channel looking for data that is being sent. #t will
list each network it finds. -ow click each host until you find the name of the network
key you are trying to find. -ow select the appropriate channel 'my network is
broadcasting on channel 4 so # will start capturing all data on channel 4( !lick
capture.
!ommiew for Wifi is now capturing all the packets being sent oer channel 4. ,nce
!ommiew for Wifi collects enough packets aircrack can analy&e them and crack the
wireless key. The thing is, you only need certain packets, and if you collect too many
unneeded packets aircrack may get confused. To help make things easier follow the
ne"t few steps.
First of all we only want packets from one host, not all of them. As you can see from
my screenshot below # am collecting packets from 9 different network. 'see
screenshot below(A few are WPA encrypted so they and a few are WEP. # really only
want to collect data being sent from one network, so in order to do this all you hae
to do is right click on the wireless network you want to crack and select copy mac
address.
-ow click on the rules tab. ,n the left side under simple rules click 6A! Addresses.
For action select !apture, and for Add :ecord select both. -ow click inside the entry
form bo" and hit ctrl; 'to paste the mac address( or right click and select paste.
-ow hit add 6A! Address.
What we just did is make a rule so that !ommiew for Wifi will only capture packets
coming from a certain 6A! Address 'the one we want( 1reat almost done.
-ow to make things een easier for Aircrack you only want to capture <ATA packets.
There are = types to select from 6anagement packets, <ata Packets and !ontrol
Packets. We only want <ata packets because that is where the information is that
Aircrack needs to crack the wireless encryption passkey. 8imply select the <, and
unselect the 6 and the !.
-ow !ommiew for Wifi is only capturing <ata Packets. To be more specific
!ommiew for Wifi is only capturing <ata Packets to and from a specific 6A!
address. -ow that eerything is set up to capture the right types of packets we
should start saing the logs.
%ou hae to sae all of the packets into a log for Aircrack to analy&e them. %ou can
set !ommiew for Wifi to sae them automatically, or just sae them yourself
periodically. #t is a good idea to hae them auto sae because it splits them into nicely
si&ed logs, and if you accidentally close !ommiew for Wifi they will sae and you
wont lose all your packets5 To do that just go to the logging tab and enable auto
saing. %ou can change the settings if you would like '# recommend increasing the
ma"imum directory si&e to something like >*****(.
And now we wait7 We hae to capture oer >?*** #+ packets. @ecause we set up
some rules most of the packets we capture will be #+ packets 'these are a certain
type of <ata packet with information used to crack the wireless key(. #t took me
about A days to capture enough packets, but # was not running !ommiew for Wifi non
stop. #f you are close to the network and there is heay traffic, it may only take you
a few hours. ,k what do you do nowB
Alright, so now )**** packets 'or more( later we are ready to crack the WEP
wireless key. First lets conerts all of the log files to .cap format 'shown in
screenshot below( When # cracked my first WEP key with this method # had A log
files and about ))* *** packets.1o to whereer you hae your log files saed and
double click to open it. -ow click on file $C E"port .ogs $C Tcpdump Format
8ae it as >.cap do the rest of your logs, saing them in seDuential order >.cap, ).cap,
=.cap etc.
-ow that you hae all of your log files saed in .cap format lets open Aircrack. ,pen
the aircrack folder 'whereer you e"tracted it( then open the @in folder, now double
click Aircrack$ng 12#.e"e. Aircrack will open, click the choose button and naigate to
where you hae your log files saed. To select all of your log files ' saed in .cap
format( 3old down !T:. and click each file, Then hit open.
-ow click launch, Aircrack shows you all of the different @88#<Es that it captured
data from and assigns an inde" number to each one, then it asks you #nde" number of
target networkB %ou want to enter the number of the network you want to crack.
6ine is called !rack6ePlease so # am selecting >?.
Enter the inde" number and then press enter, if you hae enough #+Es then it should
gie you the WEP key. #f not go back and capture more and try again.
ThatEs all