Manual

Step 1:

1st – Set up Priority Boot up from BIOS --select - CD ROM boot

2nd - Input the CD ROM and restart the PC
3rd – Select the 1st –“Start BackTrack FrameBuffer(1024x768)

4th -Click “Enter” twice and will appear “root@bt4:~#”

Input – “startx” and click “Enter”

5th Click “spoonwep”

6th It appears “SpoonWep2/Wep Finder/ShamanVirtuel 2K8” window

7th NET CARD – (Select RAUSB0 if using Ralink solution –Model: GS-28USB),

(Select WLAN1 if using Realtek solution –Model: GS-27USB, 30USB)

DRIVER – Chose NORMAL
MODE – Chose UNKNOWN VICTIM

8th Click NEXT-appear click LAUNCH
Waiting for the scanning
DATA numbers have to be “1” at least, if it shows “0” that mean no one connect this AP.
that’s no chance to crape the wep

9th Select “linksys” AP and click “SELECTION OK”

10th Select “ARP REPLAY ATTACK” and Click “LAUNCH”

IVS CAPTURED appears

Appear “SPOONWEP DUM” , click it and check the data IVS,

IVS CAPTURED numbers keep growing till 10000~30000 –WEP code appear

Processing time is not sure depend on AP setting

The number keep growing then the WEP Key code will appear

Note I: Beacons, #Data ‘s numbers if not growing please
try another AP.

Note II:

**There are 4 models attack ways can chose, if ARP REPLAY ATTACK doesn’t work
please try other 3 models like “FRAGMENTATION & FORGE ATTACK”

After 5-10 mins it shows “WEP Key”

Linksys AP wep code is : AE07938C6F

Remove the BT4 CD-ROM –

Reboot the PC go to Windows –Connect Gsky USB,

Go site survey, select linksys and input the WEP code.