Tech | Hack | Blog | Code

How to Hack Wifi? Cracking WEP Key on Kali Linux Using Aircrack-ng!

How to Hack Wifi or how someone could Hack your Wifi? In this article I’m going to teach you how a Wifi using WEP security can be easily hacked and how to protect. I’ll be cracking WEP Key on Kali Linux system using Aircrack-ng software suite!

Before we go further, I want you to know a little about Wifi security system. So today every wifi is somehow protected and you’ll hardly find any wifi network which is open and using plane-text communication, at least not in India. You will usually find WEP, WPA or WPA2 secure wifi. WEP (Wired Equivalent Privacy) provides less security while WPA (Wi-Fi Protected Access) and WPA2 (Wi-Fi Protected Access II) both have better security.

So who is using WEP Wifi Security? Most Wifi devices which are old can use only WEP encryption and authentication. Some modern Wifi devices by default have WEP security or some ISP configures them like that for their users. Some home users still prefer WEP security and that’s how there are many targets for a hacker.

Also READ: Wifite | How to Hack WiFi Password? Cracking WEP, WPA/WPA2, WPS!

I have been asked several times about the WiFi adapter I’m using. It’s an external USB WiFi adapter:

  • [easyazon_link identifier=”B002SZEOLG” locale=”US” tag=”himsnegi-20″]TP-LINK TL-WN722N[/easyazon_link] (I’m using this)
  • [easyazon_link identifier=”B000WXSO76″ locale=”US” tag=”himsnegi-20″]Alfa Network AWUS036H High Power Wireless Adapter | 5dBi Antenna [/easyazon_link] (more powerful)

Kali and Aircrack-ng toolkit supports several Built-in WiFi cards but not all. If your built-in WiFi isn’t supported then you need to use one of these WiFi adapter.

Note: External Antenna’s of 9 dBi (comfortable and omnidirectional) to 24dBi (directional parabolic grid antenna) can be attached to extent the range of adapter.

Also READ: What is Phishing? How to Hack Facebook Account Password?

Steps For Hacking WiFi & Cracking WEP Key on Kali Linux:

Let’s begin… Open the Terminal and Type the following command to find whether your wireless card is working or not.


If you get something like following image then your wireless card is available and working.

airmon-ng | find your wireless card

airmon-ng | find your wireless card

Now type the following command to put your wireless card in monitoring mode.

airmon-ng start wlan0

Start airmon-ng | Put your wireless card into monitoring mode

Start airmon-ng | Put your wireless card into monitoring mode

If you got the above image then your wireless card is in monitoring mode and working. Now type the following command to listen to the wireless network around you and get details about them.

airodump-ng mon0

Note that mon0 might be mon1, mon2, mon3 etc. depending upon the number of monitoring mode already running on your system. Find the monitoring mode (ie. mon1, mon2 etc.) from the precious image.

airodump-ng tool | Listen to All WiFi Networks

airodump-ng tool | Listen to All WiFi Networks

Now here our target is “mtnl” which is using WEP encryption and authentication. Wifi mtnl is working on channel 4 and bssid is 0C:D2:B5:03:43:68. Now type the following command to start capturing its packet which might have encrypted password.

airodump-ng –w mtnl-org –c 4 –bssid 0C:D2:B5:03:43:68 mon0

Capture WiFi Packets | Kali Linux

Capture WiFi Packets | Kali Linux

Let me explain the command, -w is for writing into a file that we are going to create i.e. mtnl-org, -c is used for channel which is currently 4.

Now after typing the command wait for 10-15 minutes to capture around 15,000 ivs packets. The time duration depends on the traffic on network, your distance from the access point and actually the no. of ivs you have captured (refer to the next image).

Hey, if there is only few packets coming then you can try to deauth to generate more data packets with following command:

aireplay-ng -0 0 -a 0C:D2:B5:03:43:68 mon0

Also Read: Footprinting – Information Gathering Techniques (an ethical hacking process of gathering information about the target using public domain info and free tools).

Finally, Type the following command to start cracking WEP key of the network.

aircrack-ng mtnl-org-01.cap

Notice the file name carefully as the program automatically ads -01, -02, -03 etc. to the file name you have suggested. It depends upon the no. of file you have with same name.

After a few seconds or minutes you will find that the password is 100% decrypted or WEP key is cracked and password is 3937353536.

Cracking WEP Key on Kali Linux

Cracking WEP Key on Kali Linux

NOTE: This was surely a little lengthy process of cracking WiFi’s WEP Key. You might be interested in hacking other types of secure WiFi networks such as WPA, WPA2 or WPS in an automated way, then read my latest article – How to Hack WiFi Password? WEP, WPA/WPA2, WPS – Wifite!

Troubleshooting: If you were unable to crack WEP key of your WiFi then you might have typed wrong command or had input wrong value like channel number, bssid or something. Be Careful!

You might not have captured enough packets and ivs that are necessary to crack the WEP key.

Also Read: What is Steganography? How to Hide Text Message behind an Image?

BOOKS – Know More about WiFi Hacking!

If you are actually interested in WiFi hacking and Security. Then, I recommend reading:

[easyazon_image align=”none” height=”300″ identifier=”0071827633″ locale=”US” src=”” tag=”himsnegi-20″ width=”220″]

Also Read: Alternative Software To Opt Out Of Global Data Surveillance! (Protect your privacy!)

How to Secure your WiFi and its Password?

At this position you might have understood that WEP doesn’t provide enough security so you should switch to better security (WPA or WPA2).

Use strong password and change it regularly. In case, if someone gets your password they won’t be able to enjoy your free WiFi for longer.

You can find more WiFi security tips in my another article – Wifite | How to Hack WiFi Password?

Join the discussion

  1. Sudheer Yadav

    Nice article Himanshu keep it up. WI FI is very useful for all place special in office. Due to in MNC everyone use there laptop

  2. Just Saying

    you forgot to tell people to test there cards to see if they can inject using aireplay-ng –test mon0,,,,,,and also to authenticate with target using aireplay-ng -1 0 -a (bssid) mon0

  3. arvind

    I wounder how this worked to you. the #Data is 0 and with the same setup, It gave an error in the end that no data packetrs have been collected 🙁

    Fail !


      To capture packet of WEP wifi network it might take you few minutes to few hours depending on traffic over the network. The more the traffic, the lesser will be time needed to capture sufficient packets.

      In my case the #data was zero but when I begin capturing I got few packets and after around 5 hours I got this done. Actually it should take you less than a hour. Good Luck!

  4. henry

    when i am traying to open mtnl-org-01.cap file , terminal show this msg…
    Opening mtnl-org-01.cap
    open failed: No such file or directory
    Read 0 packets.
    No networks found, exiting.
    Quitting aircrack-ng…
    🙁 🙁


      That error message simply means that mtnl-org-01.cap file doesn’t exist on your system. Try to remember the file name you have used when creating a file with command: airodump-ng -w file-name-here -c 1 –bssid xx:xx:xx:xx:xx:xx mon0

  5. Raju


    I have donwloaded Kali Linux Virtual Image file and Imported to VMWARE Work station.
    In Kali Linux I amNot able to see the wlan0 or any network interfaces. But am able to ping my local network and internet also.

    Can you please help me how to add wlan0…

  6. Aman Routh

    after this command (airodump-ng mon0)
    the i get the details of all the networks around me…but am stuck .
    how can i get back next input line to type the next command in the terminal i tried hitting enter, Ctrl+enter and all.

    How can i get new input line so that i can enter te next command.

  7. Daryan

    Hi Raju

    In case you are still having a problem, you cannot use the onboard wifi device when using a virtual image.
    Try using a USB wifi device instead.

Comments are now closed.