Requirements :-
1 ) backtrack
2 ) A Wifi adapter capable of injecting packets , For this tutorial I will use Alfa AWUS036H which is a very popular card and it performs well with Backtrack.
Procedure :-
First Login to your Backtrack / Linux distro and plug in your Wifi adpter , Open a new konsole and type in the following commands
ifconfig wlan0 up

Putting your WiFi Adapter on Monitor Mode
To begin, you’ll need to first put your wireless adapter into monitor mode , Monitor mode is the mode whereby your card can listen to every packet in the air , You can put your card into monitor mode by typing in the following commands
airmon-ng start (your interface)
Example :- airmon-ng start wlan0


After putting your card into monitor mode ,we need to find a network that is protected by WEP. You can discover the surrounding networks by entering the following command
airodump-ng mon0

Now look out for a wep protected network In my case i’ll take “linksys “ as my target for rest of the tutorial
Attacking The Target
Now to crack the WEP key you’ll have to capture the targets data into a file, To do this we use airodump tool again, but with some additional switches to target a specific AP and channel. Most importantly, you should restrict monitoring to a single channel to speed up data collection, otherwise the wireless card has to alternate between all channels .You can restrict the capture by giving in the following commands
airodump-ng mon0 –bssid -c (channel ) -w (file name to save )

airodump-ng mon0 –bssid 98:fc:11:c9:14:22 -c 6 -w RHAWEP
Using Aireplay to Speed up the cracking
Now you’ll have to capture at least 20,000 data packets to crack WEP .This can be done in two ways, The first one would be a (passive attack ) wait for a client to connect to the AP and then start capturing the data packets but this method is very slow, it can take days or even weeks to capture that many data packets
The second method would be an (active attack )this method is fast and only takes minutes to generate and inject that many packets .
In an active attack you’ll have do a Fake authentication (connect) with the AP ,then you’ll have to generate and inject packets. This can be done very easily by entering the following commands
aireplay-ng – 1 3 -a (bssid of the target ) (interface)

In my case i enter the following commands
aireplay-ng -1 3 -a 98:fc:11:c9:14:22 mon0
After doing a fake authentication ,now its time to generate and inject Arp packets . To this you’ll have to open a new Konsole simultaneously and type in the following commands
aireplay-ng 3 -b (bssid of target) -h ( Mac address of mon0) (interface)

If this step was successful you’ll see Lot of data packets in the airodump capture as shown

Cracking WEP key using Aircrack
Now its time crack the WEP key from the captured data, Enter the following commands in a new konsole to crack the WEP key
aircrack-ng (name of the file )
In my case i enter
aircrack-ng RHAWEP-0.1-cap
aircrack-ng RHAWEP-0.1-cap
With in a few minutes Aircrak will crack the WEP key as shown
