This video tutorial demonstrates how to crack WEP in Windows using AirPcap and Cain and Abel.
Preparation
You’ll need:
Note: It is possible to get this working by using the cheaper “Classic” AirPcap, in conjunction with the old 2.0 Beta Tx Drivers for AirPcap, to enable packet injection capability, but this is entirely unsupported, and is not guaranteed to work. YMMV.
Notes
- To begin ARP injections, AirPcap must capture at least 1 ARP request from a system on the target AP. You can usually force this by sending a Deauth to a connected client.
- Make sure you have over 250,000 IVs before attempting to crack the WEP key.
- In my tests, the old AirPcap (silver-grey) appears to perform significantly faster than the new AirPcap (dark-grey). I think it’s about 10x faster.
The Video
Get the Flash Player to see the wordTube Media Player.
Click Play to get things started.
Additional
Download the full resolution video (Thanks to TAz00 from the Oxid.it forums for the hosting!)
[…] 2007-06-11: Packet Injection is now possible in Windows with the AirPcap. Please see my posts: Cracking WEP with Cain and Cracking WEP with aircrack-ptw for more […]
Any chance the new version of the AirPcap is one-tenth as fast because one-tenth of the IVs are occurring in response to something other than arp request injection? (ie. the attempted injection with the new AirPcap just isn’t resulting in any additional IVs?)
Hello Phil, i have been watching your work, very impressive stuff. i am in scotland. i am just finishing up my networking degree and am going onto my masters in “Ethical hacking and penetration testing”. Have bin mucking about with the aircrack stuff, very fun and enjoyable. Have to admit i dont have an airpcap adapter which is a bit of a bum, is there any way to set up a cisco aironet a/b/g to do the same thing do you think?
I suppose its all about the arps, and requests…hmm, wonder if i could generate the traffic needed for dump another way apart from airpcap….
anyway, would love any thoughts or insights, and chat in general is muchly welcomed, we network security guys need to hang together, lol
Regards
Frite
I was wondering would you please let me know how do I get free AirPcap driver?
Kurt,
AirPcap is a USB adapter that you must pay for (see Wireless Analysis). The driver is free, but requires the USB adapter to work.
Hey phil i have a quik question for u, when i start up my program caine i noticed in ur video demo Cracking WEP with AirPcap and Cain and Abel that the caine program has a AirPcap driver info on the left hand side of the screen now is that supposed to be there when u start up the program, or do u have to buy the adapter and then u will get the screen to pop up, any help at all would be greatly appreciated.
Thanks.
Ruslan, you need the adapter.
phil,
there is two different versions of getting a wep key , in one u say that one needs over 250,000 IVs if someone just uses cain and able alone. to me this way is less confusing but then i guess the othe way were you use aircrack, is faster. how long does it take to get the requred packets. both in the easyer way and in the more complicated version.
the other question relates to the type of adapter, i believe u talk about some different versions the adapter came in. i believe one is (silver-grey), a (dark-grey), but i also believe there is one which is (black-orange) do you know anything about these. i think it came out pretty recently, but how faster or slower is it compared to there other ones.
THANKS.
esau munoz
Esau: Usually between 5 and 10 minutes, but sometimes longer. It can take me that long to explain to my clients what I’m performing!
There are 3 adapter “releases” so far. In my experience (I tested all three thoroughly whilst at Crownhill), the latest Black-Orange adapter was faster than the previous two.
so there’s definitely no free way of getting the wep key?
Spanky,
You can use a Linux Live CD like Backtrack to do a WEP Audit. Provided your existing laptop has a supported WLAN card, it’ll end up being “free”.
Phil,
I bought an aircap adapter but I made a mistake and I choose the simple one instead of the aircap tx.
Can I still use it to do what you did in the video or I need to buy the Tx version?
Thanks for you help!
Dominik
Dominik: I just replied to you without realising you’d also sent this comment! You can try using the Beta 2.0 drivers and see if it works, but you’re probably better off exchanging your Classic for a Tx.
hi man,well a have a laptap, easy note mz350, whit windows xp and i need know if a can use the cain and abel to crack de wep password, to this program i need a special adaptor ????????????????????????
patricio: If you actually read the article above, you would not need to ask this question. I quite clearly state at the top of this article that you need the AirPcap Tx adapter.
Anyone can tell me how to modify/convert packets captured by Wireshark possibly could be cracked using aircrack-ng? I’m using Windows XP as platform. Thanks in advance.
Sunda, I’m pretty certain that Wireshark and aircrack-ng packet capture formats are inter-operable. You just need to point aircrack-ng at the Wireshark capture file. Have you tried it?
Hey Phil, awesome site. My question is about Monitor Mode. Is there any way to bypass the SSID filter and passively scan an entire channel that’s in range on the Windows platform? I’ve read that WinPcap doesn’t support it, but I wasn’t sure that if that was the end. This question partially arises from my decision on whether to buy an AirPcap and run Windows, or get a Atheros chipset and run Linux.
Thanks
Will the USB key and software work with Vista??
are there any drivers for the airpcaptx to make it usable in backtrack linux
or do you know of anyway i could write my own
Alex: AirPcap allows you to passively scan the Wi-Fi channels. To do so you’ll need the Kismet release for AirPcap, or Cain (I prefer Kismet).
Anthony: Yes, AirPcap works in Vista. I’ve not yet tested Cain in Vista, but I’m sure if you asked at Cain’s forums they’d be able to tell you.
Lee: Not that I know of no, but seeing as most Linux-compatible Wi-Fi cards are cheaper than AirPcap, I’m not sure why you’d want to buy it for Linux (besides for the hell of it!). Might be worth contacting CACE to discuss a Linux driver 🙂
When I try to run 2.0 Beta Tx Drivers for AirPcap, I am informed that no AirPcap Adapters found in the system. Yet I have an AirPcap-Ex plugged in.
hello im max , my problem is i nead to get a wep code . i just downloaded cain ; what els do i nead to hack a wep and how becous i dont now how to use this program atol
Phil, you are doing some realy good work here. It’s nice to see someone dedicating some to time and effort to helping others understand a subject. Also the way you answer questions, to some the answer may seem simple, but you still answer in a very unpatronising way.
Thanks for support and advice.
Jon
After putting a comment in i realised that i do actualy have a question.
I was looking at the Airpcap Classic and TX, from what i have read i understand that you can only realy crack WEP and WPA through the ‘TX’ adapter.
What are the main differences between the TX and Classic?
I’ve also been struggling a little from reading various bits on the net. Can you crack WPA aswell as WEP with one TX adapter. From what i can gather cain will reveal the WEP code but you have to brute force for the WPA – is this correct?
Thanks
hey phil, i’ve been using the AirPcap Tx USB(black and orange) for a while now with cain, but injecting packets doesnt work for me like it does for you in your video: that is, even when injecting, i dont get nearly as much traffic. this happens even when ARP requests have been sniffed on the target(if they havent, deauth doesnt usually do the trick for me either). any ideas?
Sorry for the above comment, after a search on the oxid.it forums it appears that this is a bug, possibly(but hopefully not) with the black/oj Tx adapter. hopefully its just the software and i didnt waste my $300.
notharry: As you have an AirPcap-Ex, you should be able to use the latest (non-beta) driver to use the transmit capabilities. I just checked, and the support matrix confirms this. FYI: the Beta driver was only intended for use with the USB AirPcap Classic.
Max: You need everything I listed in this post, particularly the AirPcap Tx adapter!
Hey Jon,
Thanks for your kind words! 🙂
Yeah, CACE neutered the original AirPcap by renaming it the Classic, and launching the Tx separately (…which is exactly the same, apart from a small change in firmware which enables injection!).
Regarding cracking… Both Cain and aircrack-ng will passively sniff WEP traffic and crack any WEP key after collecting x number of packets. They will both also passively sniff WPA EAPOL handshakes which can then be cracked, via brute force, “offline” – away from the Audit site. This takes way longer than the offset methods used in WEP cracking, and becomes pretty much unfeasible if the password isn’t in a dictionary, or is longer than 8 characters. I always recommend that WPA-PSK is deployed with at least a 20-character passphrase, and includes things like spaces and other non-alphanumeric characters.
Hey Kyle. Indeed, Cain can be very flakey with the AirPCap. From what I know, and have experienced, it’s not CACE’s fault.
If you’re not scared of a command line, you should try out my notes on using Aircrack-ng on the Windows command line. It usually works when Cain doesn’t!
Hi Phil,
1st, thanx for your great site and videos… it’s nice for tutorials and learning..
.
I have buy a AirPcapTX recently and try it with last drivers from Cace.
Packet Injection is really slow, with Cain but with aircrack-ng 0.9.2 for TX too…
from both method, i only Inject around 10 packets by seconds and capture only 1 IVs every 2 seconds… 🙁
So it seems the problem don’t come only from Cain but from the TX (or the driver) too…
I will try Kismet for Windows later see it’s working better…
Micro: Try CACE’s injection tool, which was bundled with the latest version of their drivers. It might solve your problem.
hi phil i was wondering if there was any other program that will allow me to do this without the airpcap adapter and i was wondering also if there was any special place i have to go to get this adapter
Matt: AFAIK, it can’t be done any other way in Windows – you need the AirPcap. For a free alternative, see my response to Spanky further up the page.
hi Phil,
i can not run the cain & abel properly, i installed the airpcap, but if i scan for the “wireless”. The AirPcap column, staing that driver version: not installed. and the lock on channel is inactive, as so as the other like the “analyze” button, it is not scanning for any WEP IV’s. i’m running under vista home premium. pls help me make the program works. thanks a lot.
jomar: The AirPcap Software will not work without an AirPcap Adapter. Have you bought one?
hey phil whats up?? i have air p cap ex the one with the attachable external antenna i was wondering if i can also use it as a wireless network card???? because it has lots of range…. is there any way to make it a wireless network card??? thanks
airpcap tx and packet injection
i have used airpcap and cain to successfully crack my network in wep and wpa modes
what baffles me is how to generate traffic on the network to produce more wep ivs faster
i assume that packet injection is just the feature ive been looking for but im not sure how it works… i can deauth a client on a wpa network and collect wpa 4 way handshake but if its a wep clientless network then i cant generate traffic
with linux and aireplay you simply use packetforge to increase the traffic rate but packet injection in cain with airpcap doesnt seem to work..
what am i not doing or what am i doing wrong????
“but if its a wep clientless network then i cant generate traffic”
Hey Slayer, unless Cain has changed in the last few months (possible), you can’t generate traffic against a clientless AP.
Shane, in a nutshell: No you can’t use it as a wifi card. Its firmware prevents it from doing so.
[…] – Hacking WEP + WPA Keys, Windows np…here’s a useful video if you can’t figure it out Cracking WEP with AirPcap and Cain and Abel Mind Circus […]
[…] Thanks to Phil Wiffen […]