More recent blog, that shows how to crack WPA network with WPS-enabled.
I still remember when I was living in a high rise few years ago, most of my neighbour's wifi network was unsecured. These days, most of the home wifi networks are secured. However, many of them are still using the most basic protection, WEP. I was surprised one day when my cousin moved to a new apartment, his friend cracked one wifi network for my cousin to use before the internet guys come. I knew that WEP is not secure anymore, but surprised about how many people are still using it.
While WEP can be cracked in minutes, WPA is still secure, which means there is no more efficient cracking methods than brutal force. There are people trying to ultilize GPU's to help speed up the process. This guide will show you from end to end how to crack a WEP network.
Before you start, please note that just cracking the password won't cause much trouble. However, if you start to steal their bandwidth or sniff for sensitive information, you may end up in trouble. I recommending for learning purposes, set up your own wifi network and crack it.
There is a tool suite that is written solely for the purpose of cracking wifi password, which is called aircrack. Compiling, installing, even just letting it work on your existing system is difficult. I personally prefer using a Linux LiveUSB/LiveCD that preloaded with aircrack. I was using BackTrack. However, I recently learnt that aircrack itself recommends slitaz, which should also work. Both websites have instructions for creating a bootable media.
Next step you need to make sure your wlan card is supported by aircrack. Aircrack requires a hacked driver for your wlan card in order to inject packets into the air. Aircrack can do a test by trying to inject some packets.
Then you need to choose a wifi network to crack. There are several factors. First, it has to be using WEP of course. Second, your computer and the access point should be physically close enough so that your injected packets can be heard by the access point. After all, a wifi network that can pass the Aircrack test is good. Last, there should be at least an active client in the targeted wifi network. Otherwise, there will be no data you can gather. In the case of your own wifi network, load a web page once in a while is sufficient.
There is a great official tutorial from Aircrack,
Simple WEP Crack
, which is a detailed guide on how to use aircrack to crack WEP password and I don't have to repeat. In my experience, it takes about five minutes to gather enough data to "calculate" the password. However, the above tutorial does not show how to scan for an elgible wifi network. BackTrack comes with another great tool called Kismet, which can scan for wifi networks and you can then pick one.