For most of my password generating in windows I use a tool from pctools.com. You can get the tool here. An excerpt from the website is appropriate…

Password Generator - is an offline version of the web-based Password Generator which allows you to securely and easily create passwords locally on your own PC.

Really the only part of the tool I use but it also includes other tools…

Password Checker - a new feature that lets you check the quality and strength of a password. By entering your password in the checker it will run a series of tests on the password to indicate how strong it is, and therefore how easy it may be to guess or crack.

Could be useful, but I do most of my pentesting in linux…

Password Revealer - works with Internet Explorer to reveal saved password that you have entered in web-forms but may have subsequently forgotten or lost. Simply bring up the hidden password in Internet Explorer, highlight it, and Password Revealer will tell you the saved password.

Handy! I was able to reveal passwords when I wasn’t an admin. I’m smiling.

The web version of the password generator is here. I recommend the encrypted connection.

https://secure.pctools.com/guides/password/

I suppose there’s probably a slew of other documents detailing…or summarizing…how to crack a WEP key with BackTrack. That’s fine. I’ll probably link to some later.

I’m assuming whomever reading this already knows about atheros devices. I’m assuming a lot of other things too and I’m not one to detail the primer; plenty of linux help out there on google.

Concepts

1. Create monitoring interface.
2. Select a target.
3. Capture ARP for a replay attack.
4. Attack the client; force deauthorization and replay.
5. Crack it.

Step Through Summary

1. Created the monitoring interface using the command airmon-ng start wifi0. This created an interface ath1 which I then used for the rest of the process.
2. Using airodump I located an Access Point and chose a target associated. airodump-ng ath1 Found an AP/client pair on channel 1 and decided to pursue it using the command airodump-ng -w target1_datetime -c 1 –ivs ath1. (–ivs switch used for cracking…I recommend reading manpages [airodump-ng, ivstools, makeivs] dumpfile is required when using –ivs)
3. Grabbing the AP/client MAC mapping I’m going to try to capture IVs aireplay-ng -3 -b {APMAC} -h {CLIENTMAC} ath1. Stepping into it…
4. I want to deauth the target to capture ARP and replay when I get it. aireplay-ng -0 -2 -a {APMAC} -c {CLIENTMAC} ath1. (research the syntax. deauth(0) twice(2). I’d imagine anything much higher and you risk losing heartbeat)
5. I collected IVs over the course of a minute so I decided to try cracking it. aircrack-ng target1_datetime Wasn’t long enough…So I tried about 5 minutes. Cracked the key.

I recommend more reading on PCAP and the tools used. Also some interesting things could be done with netcat…

Google similar documents: “Backtrack 3 + cracking WEP”

I only used this on my own networks…