Forgotten your WEP key? Never wrote it down in the first place? Well it’s time to get it back.
Disclaimer: Connecting to any network without the consent of its owner is illegal in many countries (including the US). This tutorial is only meant for use with networks you own. The writer of this post aswell as its hoster do not condone or support the illegal use of this tutorial.
What You’ll Need
- A BackTrack 2 disk (you could use the beta of 3, but we use BackTrack 2 stable)
- A supported wireless card (you need a card that supports monitor mode amongst other things), if you don’t know if your card is compatible check the aircrack-ng team’s card compatability page
Backtrack 2 is a penetration testing linux live-cd that contains all of the aircrack-ng tools we are going to use. Alternatively you could install these tools yourself (if you’re running linux).
As for hardware, I first tried to use my Macbook’s built in Airport Extreme card, but found that it was not compatible. Instead I went out and bought a WUSB54GC Linksys USB Wifi Adapter.
So you’ve got your compatible card and you’ve burned your BackTrack 2 ISO to disk. Now boot Backtrack 2 (alternatively you could install BackTrack 2 in VMWare fusion; use the VMWare image here). You should be prompted with ‘boot:’, hit enter. Once BackTrack has booted you should login with username: root and password: toor. Now enter ’startx’ and hit enter to start the KDE GUI.
The first thing we need to do is upgrade aircrack-ng to the latest version. This adds some new options to aircrack that will speed things up considerably later on. Open a konsole and run:
wget http://aircrack-ng.org/doku.php?id=install_aircrack
tar -zxvf aircrack-ng-0.9.tar.gz
cd aircrack-ng-0.9
make
make install
Now we need to check if our wireless card is working. Open a terminal and run ‘iwconfig‘. You should get something like this:
In my case the feedback was for rausb0 as I was using my WUSB54GC adapter. Your output will likely be on eth0. Write down the name of your wireless device (the entry in the left column with the feedback beside it), you will be needing this later. Whenever I use ‘rausb0′ you should substitute in the name of your wireless device. If your output looks nothing like the above, try ‘ifconfig rausb0 up‘ (don’t forget to replace rausb0, with your own device name) and run ‘iwconfig‘ again to see if your card is working. The mode of your wireless card is now ‘managed’. We need to the mode to ‘monitor’. While in monitor mode, the card will passively monitor network traffic.
iwconfig rausb0 mode monitor
airmon-ng start rausb0
At first, I was unable to set my card into monitor mode. Instead of ‘monitor mode enabled’, airmon-ng returned ‘monitor mode disabled by driver’. If this is the case for you, you need to install a new driver for your card. In my case the rt73 driver. Your specific card might work best with a different driver. One word: Google.