With aireplay-ng you can only inject, but it won't do the cracking part.
What you are looking for is "wesside-ng"
[b]And of course don't use it on a network wich is not yours because it's illegal that way, but you can try it on your own as many times and ways as you want.[/b]
- crack a WEP key of an open network without user intervention
is an auto-magic tool which incorporates a number of techniques to
seamlessly obtain a WEP key in minutes. It first identifies a network,
then proceeds to associate with it, obtain PRGA (pseudo random
generation algorithm) XOR data, determine the network IP scheme,
reinject ARP requests and finally determine the WEP key. All this is
done without user intervention.
Shows the help screen.
Wireless interface name. (Mandatory)
-n <network ip>
IP as in ’who has destination IP (netip) tell source IP (myip)’.
Defaults to the source IP on the ARP request which is captured and
-m <my ip>
'who has destination IP (netip) tell source IP (myip)'. Defaults to the network.123 on the ARP request captured (Optional).
-a <source mac>
Source MAC address (Optional)
Do not crack the key. Simply capture the packets until control-C is hit to stop the program! (Optional)
-p <min PRGA>
Determines the minimum number of bytes of PRGA which is gathered. Defaults to 128 bytes. (Optional).
-v <victim MAC>
Wireless access point MAC address (Optional).
each number of IVs specified, restart the airecrack-ng PTW engine
(Optional). It will restart PTW every <threshold> IVs.
Allows the highest channel for scanning to be defined. Defaults to channel 11 (Optional).