Security
  • IT Security Knowledge Base
  • Blue team
    • Linux System Hardening
    • Phishing Analysis
    • Snort
    • Yara
  • Capture the Flag
    • OverTheWire
      • Bandit
        • Bandit Level 0
        • Bandit Level 0 → Level 1
        • Bandit Level 1 → Level 2
        • Bandit Level 2 → Level 3
        • Bandit Level 3 → Level 4
        • Bandit Level 4 → Level 5
        • Bandit Level 5 → Level 6
        • Bandit Level 6 → Level 7
        • Bandit Level 7 → Level 8
        • Bandit Level 8 → Level 9
        • Bandit Level 9 → Level 10
        • Bandit Level 10 → Level 11
        • Bandit Level 11 → Level 12
        • Bandit Level 12 → Level 13
        • Bandit Level 13 → Level 14
        • Bandit Level 14 → Level 15
        • Bandit Level 15 → Level 16
        • Bandit Level 16 → Level 17
        • Bandit Level 17 → Level 18
        • Bandit Level 18 → Level 19
        • Bandit Level 19 → Level 20
        • Bandit Level 20→ Level 21
        • Bandit Level 21→ Level 22
        • Bandit Level 22 → Level 23
        • Bandit Level 23 → Level 24
        • Bandit Level 24 → Level 25
        • Bandit Level 25 → Level 26
        • Bandit Level 26 → Level 27
        • Bandit Level 27 → Level 28
        • Bandit Level 28 → Level 29
        • Bandit Level 29 → Level 30
        • Bandit Level 30 → Level 31
        • Bandit Level 31 → Level 32
        • Bandit Level 32 → Level 33
    • OWASP Juice Shop
      • Installation
      • Level 1 - Challenges
      • Level 2 - Challenges
    • TryHackMe Rooms
      • Anthem
      • Capture!
      • Corridor
      • Gotta Catch'em All!
      • Mustacchio
      • Neighbour
      • Opacity
      • Source
    • CEH v12 practical resources
  • Cryptology
    • CryptoHack
      • Course: Introduction to CryptoHack
        • Introduction - Challenges
        • General - Encoding
        • General - XOR
      • Course: Modular Arithmetic
        • General - Mathematics
        • Mathematics - Modular Math
        • Mathematics - Brainteasers Part 1
      • Course: Symmetric Cryptography
        • How AES Works
        • Symmetric Starter
        • Block Ciphers
        • Stream Ciphers
  • Red Team
    • Reconnaissance
      • Foot-printing
      • Scanning (Nmap)
      • Enumeration
    • Vulnerability Analysis
    • Initial Access
      • Obtaining credentials
      • Vulnerability Exploitation
        • Buffer Overflow
        • Metasploit and Armitage
        • Ninja Jonin
    • Active Directory
      • Connect to AD
      • AD Explore
      • CMD and PowerShell enumeration
      • Certificates in AD
      • LDAP Pass-back Attacks
      • Cracking NetNTLM Challenge with Responder
      • Exploring Configuration Files for AD Credentials
      • Pass the hash with evil WinRM
      • Understanding Runas
    • Malware
    • Sniffing
      • Intercept HTTP traffic - Hetty
      • Intercept HTTP traffic - Bettercap
      • Wireshark
    • Social Engineering
    • Denial of Service
    • Web Hacking
      • Burp Suite
      • OWASP ZAP
      • Web servers
      • Web Server Footprinting
      • Directory Enumeration
      • Session Hijacking
      • Web Shells
      • Web vulnerability scanners
      • SQL Injection
    • Cloud
    • Wireless Networks
      • Attacking WEP
      • Attacking WPA/WPA2
    • Mobile Devices
    • Network Security Evasion
    • Privileges Escalation
    • Maintain Access and Hide Malicious Activity
      • Backdooring
    • Cover your Tracks
  • Internet of Things
    • IoT in general
    • Common IoT Protocols
      • CoAP
      • MQTT
      • ZIGBEE
      • Bluetooth
    • Scapy
      • Sniffing and spoofing
      • ARP cache Poisoning
  • Projects
    • Cybersecurity Roadshow
Powered by GitBook
On this page
  • How WEP Works
  • Security issues with WEP
  • Cracking WEP keys
  1. Red Team
  2. Wireless Networks

Attacking WEP

PreviousWireless NetworksNextAttacking WPA/WPA2

Last updated 1 year ago

How WEP Works

Wireless Equivalent Privacy (WEP) uses the following process:

  1. CRC-32 Checksum: It calculates a 32-bit integrity check value (ICV) for the data, which is then added to the data frame.

  2. Initialization Vector (IV): WEP combines a 24-bit arbitrary number known as the Initialization Vector (IV) with the WEP key. The WEP key and IV together form the WEP seed.

  3. RC4 Algorithm: The WEP seed is used as input for the RC4 encryption algorithm, generating a keystream. This keystream is bit-wise XORed with a combination of the data and ICV to produce the encrypted data.

  4. MAC Frame: The IV field (IV + PAD + KID) is added to the ciphertext to create a MAC (Message Authentication Code) frame.

Security issues with WEP

WEP suffers from several significant flaws that undermine its ability to provide robust security:

No Defined Key Distribution Method: WEP relies on Pre-Shared Keys (PSKs), which are typically set once during installation and seldom changed. The lack of a secure method for distributing encryption keys makes it vulnerable.

RC4 Vulnerabilities: RC4 was designed for a more randomized environment than WEP provides. Since the same key is often reused in WEP, attackers can monitor traffic, analyze plaintext messages, and compute the key.

Passive Data Analysis: Attackers can capture wireless traffic passively and use public tools to crack WEP keys.

Weak Key Scheduling Algorithms: WEP's key scheduling algorithms are susceptible to various attacks, making it an insecure choice for wireless security.

Cracking WEP keys

has a nice guide for this .

Just remember that a NIC supporting monitor mode is needed.

Aircrack-ng
here