airmon-ng stop ath0
ifconfig wifi0 down
macchanger –mac 00:11:22:33:44:55 wifi0
airmon-ng start wifi0
Now you will see something like this:
Once you’ve decided on a network, take note of its channel number and bssid. The bssid will look something like this —
The Channel number will be under a heading that says “CH”.
airodump-ng -c (channel) -w (file name) –bssid (bssid) ath0
Once you typed in that last command, the screen of airodump will change and start to show your computer gathering packets. You will also see a heading marked “IV” with a number underneath it. This stands for “Initialization Vector” but in general terms all this means is “packets of info that contain characters of the password.” Once you gain a minimum of 5,000 of these IV’s, you can try to crack the password. I’ve cracked some right at 5,000 and others have taken over 60,000. It just depends on how long and difficult they made the password. More difficult is password more packets you will need to crack it.
4. Cracking the WEP password
Now leave this Konsole window up and running and open up a 2nd Konsole window.
aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 ath0
aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 ath0
Now you need to open up a 3rd and final Konsole window. This will be where we actually crack the password.
aircrack-ng -b (bssid) (filename)-01.cap
Once you have done this you will see aircrack fire up and begin to crack the password. typically you have to wait for more like 10,000 to 20,000 IV’s before it will crack. If this is the case, aircrack will test what you’ve got so far and then it will say something like “not enough IV’s. Retry at 10,000.”
If you do everything correctly up to this point, before too long you will have the password! now if the password looks goofy, dont worry, it will still work. some passwords are saved in ASCII format, in which case, aircrack will show you exactly what characters they typed in for their password. Sometimes, though, the password is saved in HEX format in which case the computer will show you the HEX encryption of the password. It doesn’t matter either way, because you can type in either one and it will connect you to the network.
It may seem like a lot to deal with if you have never done it, but after a few successful attempts, you will get very quick with it. If I am near a WEP encrypted router with a good signal, I can often crack the password in just a couple of minutes.
I am not responsible for what you do with this information. Any malicious/illegal activity that you do, falls completely on you because…technically…this is just for you to test the security of your own network.