This is my written tutorial on WEP wifi cracking using Gerix-wifi-cracker in Backtrack 5 and 5r1. All words in [ ] are either tabs or buttons we will use in gerix. First off go to applications> exploitation tools> wireless exploitation> WLAN exploitation> gerix-wifi-cracker-ng. Once gerix opens, go to the [configuration] tab. Click on your wlan0 interface. Click on [enable/disable monitor mode] -gerix will now start a new interface- mon0 Click [set random MAC address] Now go down towards the bottom of that same window and find the -channel- drop down menu. -Find -all channels- and click that Next to that is the -seconds- drop down menu. -Choose somewhere between 5 and 15 Click [rescan networks] Gerix will display all the visible wifi networks Look in the ENC column and make sure the network you wish to crack is WEP WEP now click on that network Go to the [WEP] tab -After that click [start sniffing and logging] -gerix will open a black window labeled (sniff-dump...blah blah blah) Now make sure the AUTH column in the sniff-dump window says OPN -this is to make sure that this network will allow a fake authentication connection -if it does say OPN then you can continue if not you must choose a network that does in order to crack -leave the sniff-dump window open. You will need it. Go to WEB attacks (no-client) Under "fragmentation attack" options click [associate AP using fake auth] Then click on [fragmentation attack] -a new window will open -whenever it says "use this packet" type "Y" and then "enter" -continue this until it say something like "saving key stream in fragment......" - then close that window Now go back to gerix and click [create the ARP packet.....] Next click [inject the created packet on victim access point] -this will again open a new window labeled something like "output_FORGED2 mon0" -again type "Y" and "enter" -it should start injecting Look at the sniff-dump window and watch until the #data column reaches between 10000-20000. -the higher the number the more success the crack will be -once it reaches your target number, stop injecting and sniffing but closing the "output" and "sniff-dump" windows Lastly go to the [cracking] tab -click [aircrack-ng decrypt WEP password] -the last window will pop up, labeled "aircrack-log.txt" -it is now decrypting the password -once it is done it will display "KEY FOUND" and give you the key in a "XX:XX:XX:XX:XX" format - this is your cracked password, just don't use the colons when trying to connect to the network This is a quick run through of gerix-wifi-cracker If you have any questions or problems either comment or send me an email at cripticassassin@yahoo.com. But make sure the subject says "gerix-wifi-cracker" or I may not even open it.