This document outlines six steps to exploit WEP flaws using BackTrack 5 R3: 1. Start the wireless interface in monitoring mode and list all wireless access points, attached hosts, operating channels, and encryption methods. 2. Set the monitor interface to the same channel as the target access point. 3. Use airodump-ng to capture packets from the target access point and write them to a file, specifying the BSSID, channel, and output file. 4. Use aireplay-ng to inject packets and, from the output of step 3, select a connected host or wait for one to connect. Run steps 4-5-6 simultaneously on different terminals to crack the WEP