Time for action – cracking WEP with the Hirte attack
Follow these instructions to get started:
Create a WEP access point exactly as in the Caffe Latte attack using the airbase-ng tool. The only additional option is the -N option instead of the -L option to launch the Hirte attack:
Start airodump-ng in a separate window to capture packets for the Wireless Lab Honeypot:
Now, airodump-ng will start monitoring this network and storing the packets in the Hirte-01.cap file:
Once the roaming client connects to our Honeypot AP, the Hirte attack is automatically launched by airbase-ng:
We start aircrack-ng as in the case of the Caffe Latte attack and eventually, the key will be cracked.
What just happened?
We launched the Hirte attack against a WEP client that was isolated and away from the authorized network. We cracked the key exactly the same way as in the Caffe Latte attack case.
Have a go hero – practise, practise, practise
We recommend setting different WEP keys on the client and trying this exercise a couple of times to gain confidence. You may notice many times that you may have to reconnect the client to get it to work.