airmon-ng
airmon-ng stop ath0
ifconfig wifi0 down
macchanger –mac 00:11:22:33:44:55 wifi0
airmon-ng start wifi0
airodump-ng ath0
Now you will see something like this:
Once you’ve decided on a network, take note of its channel number and bssid. The bssid will look something like this —
00:23:69:bb:2d:of
The Channel number will be under a heading that says “CH”.
airodump-ng -c (channel) -w (file name) –bssid (bssid) ath0
Once you type in that last command, the screen of airodump will change and start to show your computer gathering packets. You will also see a heading marked “IV” with a number underneath it. This stands for “Initialization Vector” but in general terms all this means is “packets of info that contain characters of the password.” Once you gain a minimum of 5,000 of these IV’s, you can try to crack the password. I’ve cracked some right at 5,000 and others have taken over 60,000. It just depends on how long and difficult they made their password. The more difficult the password, the more packets you will need to crack it.
4. Cracking the WEP password
Leave this Konsole window up and running and open up a 2nd Konsole window.
aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 ath0
Now type:
aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 ath0
Now you need to open up a 3rd and final Konsole window. This will be where we actually crack the password.
aircrack-ng -b (bssid) (filename)-01.cap
Once you have done this you will see aircrack fire up and begin to crack the password. You typically need to wait for 10,000 to 20,000 IV’s before it will crack. If this is the case, aircrack will test what you’ve got so far and then it will say something like “not enough IV’s. Retry at 10,000.”
If you did everything correctly up to this point, before too long you will have the password! Don’t worry if it looks a little strange, some passwords are saved in ASCII format, in which case, aircrack will show you exactly what characters they typed in. Sometimes the password is saved in HEX format in which case the computer will show you the HEX encryption of the password. You can type in either one and it will connect you to the network.
se:cr:et
0F:KW:94:27:VF
It may seem like a lot to deal with if you have never done it, but after a few successful attempts, you will be very adept. If I am near a WEP encrypted router with a good signal, I can often crack the password in just a couple of minutes.
I am not responsible for what you do with this information. Any malicious/illegal activity falls completely on you because, technically, this is just for you to test the security of your own network.