Cracking wireless networks isn't very complicated.
Linux is the best option for this kind of adventures. However, I'm on a pc with windows xp, and I had to figure out how to hack those secret passwords from my neighbours.
First of all, download this. The rar file contains:
After downloading, unrar the package to a new folder and you're ready to begin.
Not all wireless adapters can be used to crack wireless networks. You can check if your adapter is suitable opening the "CardCheck" file provided. Open CardCheck and if you have a compatible adapter it will be shown. (in my case, the wireless adapter that came with my laptop is suitable.
If in your case, no adapters show up you can check this list of compatible adapters and consider buying one of them.
After confirming the compability of your adapter install commview6. During installation, commview6 will ask you if you wish it to install it's own drivers to control the wireless adapter. You should accept this in order to allow your adapter do be on "monitor" mode and, in this way, be able to capture wifi packets.
When you finish installing commview6, launch it. You'll have to configure a couple of things.
1. This allows commview6 to capture some extra packets (which is in your interest, the more packets the faster you crack the wireless network)
2.In the logging pannel, you can configure where to save the captured packets (confirm that you have the auto-saving activated!)
3. if you have the same values as shown, you'll be ok! basically it says to the app to divide the the reports on several 5mb files. (I used 250mb reports on mine)
4. specify where to save the info!
5.o concatenate joins several packet files in a single file (this is useful to transform the info stored on commview6 to the aircrack format)
ok! after configuring you can start capturing packets. simply press the play button (on the superior left corner on the commview6 window).
1. press this to analyse all the channels for networks. (there are 14 chanels)
2. select the AP (acess point) that you want to crack.
3. click capture to start capturing packets from the chosen chanel. (commview6 never captures packets from a single AP, it rather captures all the packets on the chanel used by the chosen AP. if you have 3 aps on the same chanel, you capture packets from all 3 aps. this is good cause with the same amount of time you may be able to get the passwords for various wireless nets)
Now that you configured commview6, it's a question of time.
The smaller the password the faster it is. Some small passwords only take 100.000 IVs packets to crack, others may take up to 100000000 IVs packets. This means that the more traffic on the chosen AP the more packets you're able to capture. Not all packets are IVs packets so you'll need tons of packets to get your precious IVs which may take more than a whole afternoon. Sometimes a whole week if you're unlucky.
After a couple of hours capturing packets use the conatenate on the logging to join the logs on your capture folder and open the resulting file. (you may delete the original files after concatenating them)
After opening the concatenated file, export it as a tcpdump (*.cap is the aircrack format).
You may go on converting the commview6 original log files to the tcdump format since you can always, in the end drag simultaneously, all the *.cap into aircrack and have him load them all.
When aircrack finishes loading all the *.cap files, you'll get a window like this:
You'll finally see how many IVs packets you have in this window. Again, easy passwords only take 100.000IVs. Harder ones may take up to 1 million IVs. Getting all those packets may take from 1 day to a whole week depending on the traffic of the chosen network. (the more traffic the more packets captured)
Back to aircrack - choose the network that you want to crack! You're almost there!
Notice that with 3050489 IVs, aircrack took 17 to find the correct password.
The password is shown as hexadecimal. Hexadecimal: CA:FE:00:00:00:00:00:00:00:00:00:00:00 so what you would have to put when asked for a password, would be: cafe0000000000000000000000 (simply erase the ":").
Hope you can manage! Take care!