Things you need:
- An Intel based macbook (other may work)
First thing you need to do is to download and install KisMAC. You can do this from http://kismac-ng.org/. Then launch the program and open Preferences.
Go to Driver tab, select Apple Airport Extreme card, passive mode and click Add. Then Select All channels and Keep everything. Make sure Start Channel is set to 1. Close the dialog box.
Click on Start Scan on the main window.
You will be asked to enter the Admin password since you have to have admin rights to use the Airport cards. Note the channel of the WEP-SSID you want to crack.
In this case the channel is 11, so we must stop the scanning process, go back to the Preferences and change the channels from All, to only 11. Then restart the scanning.
While scanning go to the top right corner of the window, press on the magnifying glass and select SSID and type name of the network you want to crack in the field next. This will filter the output and you will only see what you need.
In the main window you should now see only the network that you are interested in. Double click on it to open a new window. Scroll down the left-hand side of the window until you find the Unique IVs. It is recommended that you should continue collecting packets until that number reaches at least 100,000.
This will take a LOT of time though. A way to speed up this process is to use packet reinjection (Network -> Reinject Packets) but you need a USB wireless card to do this because the build in Airport does not support this.
To crack the password go to Network -> Crack -> Weak Scheduling Attack -> against both.
To download the instructions in a pdf format click here.