[align=center]Wireless Network Penetration: WEP Encryption
Written by me, and as always all rights belong to me. Don't copy unless permission is given.[/align]

Why do it this tut?
Well I know this is a new forum and some newer members to hacking may want a tutorial to guide them through the process. Not only that but experienced members can use this as reference. I wrote this a while ago but I like it because as you will see i've put the outputs I got onscreen while completing the tasks.

What will we be doing?
Basic WEP encryption crack to gain access to a network, nothing special just the basic execution of the aircrack-ng suite.

What will you need?
Ubuntu/Mint/Backtrack/etc... [Any Linux distro basically, you can also use these tools in Windows but I will be concentrating only with Linux methods at the moment.]
Aircrack-ng suite.
Compatible wireless interface that supports packet injection, I personally prefer the ALFA 1000mW USB interface. If you're wanting to find out what hardware is compatible google search backtrack HCL [hardware compatibility list].

A word of warning, what we will be doing, well what I'll be doing and you following is illegal if you breach a network/system you do not own or have permission to access. So setup a fake AP [Access Point] and practice or get permission.

Right guys, lets crack on [haha], I will be using Linux Mint 8 'Helena' for this demo, as this type of tutorial has been replicated so so many times on Back|Track and I thought I'd do it on a more widely used non-pentesting distro. These commands and tutorials can be replicated on many different distro's.

If you haven't got Back|Track then you'll need some basic tools to turn your distro into a Wireless cracking machine (well for WEP anyway).
To download/install Aircrack-ng suite:

To download/install macchanger:


**Now I am assuming that you have your wireless interface connected already. I will be using live networks and blocking out the addresses [XX:XX:XX:XX:XX:XX is the address i will be cracking.]**

Make sure you aren't connected to the internet on the wireless interface your going to be using to crack and use the following to view interfaces picked up by Aircrack suite.

First switch to root:


I'll be copying as I go so the commands are after the '#' symbol. This isn't 'cos it's easier for me but so you can see the outputs I get and compare them to your own if you go wrong.

From this we can see Wlan0 is my ALFA usb interface and Wlan1 Is my built in Broadcom wireless. The broadcom cannot be used for cracking so we forget this and only need Wlan0. First we need to change the MAC address for anonymity.

To stop the interface:


To change the MAC [You can replace 00:11:22:33:44:55 with any MAC address you wish to spoof]:


To re-enable the interface and put it in monitor mode:

Don't worry about the errors/warnings, you will also notice it has created a interface called 'mon0' which is Wlan0 in monitor mode.

Now we have set everything up we can scan for near-by Access Points [AP's].

The output, which are the networks that our interface can pick up, generally the higher up the list the better the connection will be.


Then stop the search when you have a AP that has WEP encrpytion using "Ctrl+C". Here i have two, both which I have cracked months ago and have the passwords already. But for these purposes i'll be using them. For reference they're the first and last ones.

So we need to isolate and monitor ONE of these using the below commands [-c is the channel of the AP, -w states the filename you wish to write to, and --bssid is the address of the AP you wish to crack]:

And the output:


What we're interested in is the #Data column, when we start monitoring packets we need this to get to at least 5k [5000]. It can take more but a general rule is don't try the lst step until it hits 5k's worth of IV's.

So our next move is to associate our interface with the AP as at the moment all we have is a AP we're monitoring. In a new terminal window follow these commands, don't close the current terminal session though!!!

The output:

Now we are associated... as shown if you go back to your first terminal window, you will see your interface associated at the bottom, with the AP.

Next up is us getting the packets [ARP & ACKs], we do this in the same terminal using:

The output of this will be a the interface collecting the packets. Don't cancel it whatever happens!!! This is important, if you get a De-auth [de-authorised packet] then use Ctrl+C to stop the collection of packets and use the association commands again and try this again when thats completed.

So we get the minimum required amount of IV's [5000] then we open a 3rd terminal window and type:

Where -b is the address of the AP, and wep replaced by the filename of your initial file you chose. This will present you with the aircrack attempting to find the key. This will stop if it can't find it and wait for more IV's. Once it has enough data it will present you with the code in a AD:12:AS:AS:AF:GE type format, remove the ':' and you have the password!

Thankyou and a goodnight xD