wifi penetration

Well here you are with a Network on your screen that requires a WEP key, and you have forgot what it is... sure you can reset your router but wouldn't it be more fun to crack the key with some basic tools that you know you want. There is a few things we need to achieve these results and most of them are free, but depending on your situation there will be some items acquired that will cost a few dollars. Lets start with what we will need:

Hardware:
A Computer that can boot from USB
A wireless network card that can be put into monitor mode (explination later)
USB flash drive minimum 2Gb (1Gb absolute minimum w/ restrictions)

Software:
A copy of Backtrack 3

With these materials we will be able to acquire the key from your network. In order to gather these tools here are some links that will help you in your search because we are here to assist.

Backtrack 3
Compatable NIC's
USB drives

After you have acquired these items you are ready to read on and see how this all works.

Back track 3 comes installed with the drivers you will need to put your NIC into monitor mode as well as the application "Spoon Wep" that will help you acquire the WEP key of you network. Sure there are methods to gather this information without using Spoon WEP but for you sake if you are reading this tutorial you will probably want the easiest way possible to crack it. We will dive into the more hands on stuff later once you have got the feel for all of this.

Lets make the USB bootable flash drive with Backtrack 3 on it shall we. First you have your flash drive and have downloaded the .iso for Backtrack 3. If you have not done this yet please scroll up and visit the provided links.

WARNING: The following step makes the device bootable by creating a Master Boot Record (MBR). Make sure you run this command from the USB stick, not from the mounted .iso, otherwise you will corrupt your existing MBR.

First, Open the BackTrack .iso file: In Windows, use a program such as Winzip, Winrar, PowerISO, or IsoBuster. In Linux, mount the .iso. (mount -o loop -t iso9660 yourcd.iso /mnt/iso) In OSX, mount the .iso.
Next, Extract and copy the /boot and /BT folders from the .iso file to the USB flash stick.
Lastly, Make the USB Stick bootable: In Windows, navigate Explorer to the /boot folder, execute the bootinst.bat, and follow the prompts. In Linux or OSX, navigate to the /boot folder, execute the bootinst.sh, and follow the prompts.

Now when we reboot our PC we will want to navigate to the Bios and make sure that the option to boot from USB is selected and in the proper order (USB should be at top of the list). This way as long as you have BT3 flash drive plugged into computer it will boot BT3. Once it boots up you want to select KDE, if this option does not work with your setup then feel free to try the other options untill you get the drive to boot up.

Once we have successfully booted into Backtrack 3 we need to put our NIC into monitor mode. And this couldn't be easier... open a command window and type /airomon-ng. This should list the available network cards you have and what mode they are in (something like that)... Once you see your NIC here type /airomon-ng start wlan1 (assuming wlan1 is the available network card), this will start monitor mode on that network card and change the interface call down to something like mon0. From this point on you will use mon0 when refering to this card.

Next we want to select our network from all the networks in the 'air'. Type /airodump-ng -w test mon0. This will start a log called test.cap that will contain data packets from all available networks, but more importantly it will show you the screen containing these network MAC addresses and BSSID's. Find the network that you want to crack the key for and note what the MAC address is for that access point, you will need this for Spoon WEP.

After you have gathered the MAC address go to the programs and find spoon wep in the menu. Open it and fill in the information, hit go and you have begun the process. After about 10-15 minutes you should have the WEP key staring you in the face in HEX format. Type this into the field that requests a key for connection and you will be connected to the network. (you can exit Backtrack3 and reboot into windows to connect thru this network)

Now that you have your feet wet, I implore you to mess around with the Aircrack-ng suite that comes on Backtrack. There are many things you can do including what Spoon WEP does but with more finesse. Here is but a few things you can do with AirCrack-ng 'besides the obvious' WEP key extraction. Aireplay-ng can send de-authorization packets to target Access Points effectively kicking clients off the AP. The client will then try to connect back and this leaves the client open for 'misleading' associations. Become the 'man in the middle' by passing the traffic between the client and the AP. We will not go into this much because of the nefarious things that can been done with this.