Time for action cracking WEP with the Hirte attack
Create a WEP access point exactly as in the Caffe Latte attack using the airbase-ng tool. The only additional option is the -N option instead of the -L option to launch the Hirte attack:
Start airodump-ng in a separate window to capture packets for the Wireless Lab Honeypot:
Airodump-ng will now start monitoring this network and storing the packets in Hirte-01.cap file.
Once the roaming client connects to out Honeypot AP, the Hirte attack is automatically launched by airbase-ng:
We start aircrack-ng as in the case of the Caffe Latte attack and eventually the key would be cracked as shown next:
What just happened?
We launched the Hirte attack against a WEP client which was isolated and away from the authorized network. We cracked the key exactly as in the Caffe Latte attack case.
Have a go hero practice, practice, practice
We would recommend setting different WEP keys on the client and trying this exercise a couple of times to gain confidence. You may notice many times that you have to reconnect the client to get it to work.