Introduction :
This guide was created to demonstrate the encryption vulnerabilities of WEP (Wired Equivalent Privacy).

Breaking into a protected wireless network is illegal!
The content and instructions contained herein are for educational purposes, only. I did not break the law when creating this example. All information in the screenshots is that of my own networks that I compromised for this demonstration. You may attempt the steps outlined at your own risk - on your own network. If you wish to hack an other wireless network you must get permission from the network owner.

Breaking a WEP key involves using network monitoring software to capture weak IVs (initialization vectors) and a cracking software to decrypt them. The software we will be using in this guide is the aircrack-ng suite that is included with Backtrack linux.
There are several flavors of linux that come with this software including Auditor, Backtrack, and Kali linux.
In this guide we will be using Backtrack 5 R3.

Generally, the idea is to use your wireless adapter to capture any weak IVs being sent to/from the Access Point.
We capture these IVs by intercepting and relaying ARP requests to the Access Point causing it to reply with more IVs.
Once enough data (IVs) has been collected it can be decrypted using the Aircrack-ng software to display the wep key in plain text.

This guide has been divided into 2 sections as there are 2 possible scenarios that may be encountered when breaking a WEP key - each requiring a slightly different approach.
  1) Capturing IVs with a client connected
  2) Capturing IVs with no clients connected

Please read the following before continuing.....

The following is a direct Excerpt from Wikipedia :


Encryption details



Authentication


Copyright 2015 QuickFix PEI