When you are seeing some wi-fi signal on your neighbourhood city and you have a laptop then what will you think.Donrsquot you feel like ldquoI wish I could some how break the password and dive into the deep oceans of the informationrdquo I believe everyone should be able to have free internet. If someday I make it big enough and Irsquoll be having ample money.. I promise Irsquoll provide free WiFi hotspots all over the places.. ldquoLet there be INTERNETrdquo.. even If I donrsquot get rich.. Irsquoll become a politician and would make Internet a Fundamental right to every citizen.. Now that would be something.. Thatrsquos enough with the Castles in the air.. now lets get back to reality.. What I can do for you right now is that I can tell you how to hack a wifi network to access Internet.. Some would call it stealing.. some like me wonrsquot.. Irsquoll call it Sharing.. Sharing is what on which the whole Internet is build uponhellip SO HERE39S HOW WE DO IT The two most common encryption types are 1 WEP 2 WAP WEP i.e Wire Equivalent Privacy is not consideres as safe as WAP i.e Wireless Application Protocol. WEP have many flaws that allows a hacker to crack a WEP key easily.. whereas WAP is currently the most secure and best option to secure a wi-fi network.. It canrsquot be easily cracked as WEP because the only way to retreive a WAP key is to use a brute-force attack or dictionary atack. Here Irsquoll tell you how to Crack WEP To crack WEP we will be using Live Linux distribution called BackTrack to crack WEP. BackTrack have lots of preinstalled softwares for this very purpose.. The tools we will be using on Backtrack are Kismet ndash a wireless network detector airodump ndash captures packets from a wireless router aireplay ndash forges ARP requests aircrack ndash decrypts the WEP keys 1 First of all we have to find a wireless access point along with its bssid, essid and channel number. To do this we will run kismet by opening up the terminal and typing in kismet. It may ask you for the appropriate adapter which in my case is ath0. You can see your devicersquos name by typing in the command iwconfig. 2 To be able to do some of the later things, your wireless adapter must be put into monitor mode. Kismet automatically does this and as long as you keep it open, your wireless adapter will stay in monitor mode. 3 In kismet you will see the flags Y/N/0. Each one stands for a different type of encryption. In our case we will be looking for access points with the WEP encryption. YWEP NOPEN 0OTHERusually WAP. 4 Once you find an access point, open a text document and paste in the networks broadcast name essid, its mac address bssid and its channel number. To get the above information, use the arrow keys to select an access point and hit to get more information about it. 5 The next step is to start collecting data from the access point with airodump. Open up a new terminal and start airodump by typing in the command airodump-ng -c channel -w filename ndashbssid bssid device In the above command airodump-ng starts the program, the channel of your access point goes after -c , the file you wish to output the data goes after -w , and the MAC address of the access point goes after ndashbssid. The command ends with the device name. Make sure to leave out the brackets. 6 Leave the above running and open another terminal. Next we will generate some fake packets to the target access point so that the speed of the data output will increase. Put in the following command aireplay-ng -1 0 -a bssid -h 00112233445566 -e essid device In the above command we are using the airplay-ng program. The -1 tells the program the specific attack we wish to use which in this case is fake authentication with the access point. The 0 cites the delay between attacks, -a is the MAC address of the target access point, -h is your wireless adapters MAC address, -e is the name essid of the target access point, and the command ends with the your wireless adapters device name. 7 Now, we will force the target access point to send out a huge amount of packets that we will be able to take advantage of by using them to attempt to crack the WEP key. Once the following command is executed, check your airodump-ng terminal and you should see the ARP packet count to start to increase. The command is aireplay-ng -3 -b bssid -h 0011223344566 device In this command, the -3 tells the program the specific type of attack which in this case is packet injection, -b is the MAC address of the target access point, -h is your wireless adapters MAC address, and the wireless adapter device name goes at the end. 8 Once you have collected around 50k-500k packets, you may begin the attempt to break the WEP key. The command to begin the cracking process is aircrack-ng -a 1 -b bssid -n 128 filename.ivs In this comman d the -a 1 forces the program into the WEP attack mode, the -b is the targets MAC address, and the -n 128 tells the program the WEP key length. If you donrsquot know the -n , then leave it out. This should crack the WEP key within seconds. The more packets you capture, the bigger chance you have of cracking the WEP key.