Cracking WEP the simple way with Backtrack 3 - SpoonWEP

After your card is in monitor mode & your mac address has been spoofed, you'll run the following.

airodump-ng ath1

You'll want to copy the AP's mac (bssid) and paste it in the Victims Mac field.
Select the channel of the AP. You can leave the injection rate the way it is, & select the ARP Replay if it's not already selected. A konsole window will pop up titled WS DUMP. SpoonWEP will display the key at the bottom.

Making a password list with Backtrack 3

open konsole or xterm

type
crunch 1 9 0123456789 > numbers0-9
Break down.
crunch - script you'll run
1 9 - this can be any amount of numbers long, for example 1 5 which means 1 char to 5 chars.
0123456789 - char set you want to generate - another example abcdefghijklmnopqrstuvwxyz
> - tells crunch to output
numbers0-9 - file crunch should save list as