Results 1 to 7 of 7

Thread: BT3 - Own WEP hack test - Final hurdle: PLS Help

  1. #1
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    5

    Default BT3 - Own WEP hack test - Final hurdle: PLS Help

    Hi all,

    I have spent a lot of time searching all posts and I have finally got my head around a hell of a lot of things regarding BT3 / WEP.

    I am at the final hurdle and now fully stumped! any ideas?

    1: Following all the advice I have a wireless USB card with seems to work fine
    (D-Link WUA-1340 / Railink)

    I can boot up my BT3 CD fine, check for networks, change Mac's and get to the point where I am injecting the WEP fine.

    MY problem is that no matter how many data packets I grab it only ever uses 10644 IV's and fails to recover the key.

    I have let the attack run from 10'000 Data packets up to my latest attempt of 250'000 and it still fails? (Says it is using 10644 IV's and suggests I use 15000)

    Why, even though I let the grab run up to 250'000 data packets it never use more than 10644 when tring to recover the WEP key?


    I have tried 2 different commands to crack the key and neither work.

    'aircrack-ng -n 64 -b (Bssid) (filename)-01.cap'

    And

    aircrack-ng -b (bssid) (filename)-01.cap'


    How come I am unable to capture enough IV's even though I let it run up to 250000 data packets?
    Am I doing something really silly wrong or can you please advise me on what the problem may be.

    Thanks

  2. #2
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Did you try it without changing the macadress?
    Tiocfaidh ár lá

  3. #3
    Just burned his ISO amphoterik's Avatar
    Join Date
    Feb 2009
    Posts
    23

    Default

    Just a guess, but the file may not be able to hold anymore because you are running off of CD and you are using all of your memory?

  4. #4
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    5

    Default

    To start with I changed the Mac address and I have also used the correct / normal mac address = Exactly the same results.

    OK ok..



    So I had another crack at this tonight and I let it grab about 750'000 #data before I went to crack. (this did take about 35 Mins)..

    And then it worked??..



    Regardless, its proof that the 'D-Link WUA-1340' which I bought off Ebay for £10 works fine out of the box..



    Many thanks for your continuious help guys.

    Adaptor here:

    Arrh, won't let me post links yet!!!

    So just go to ebay and search exactly for:
    'D-Link WUA-1340 USB 802.11g/b WIRELESS LAN ADAPTER'

    Out of the box worker for £9.11 ..........

    Still got some.....

    Enjoy..

  5. #5
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by srichards View Post
    Adaptor here:

    Arrh, won't let me post links yet!!!
    ahhem, hxxp is the way you can post links, instead of http. Which isn't really a link but others can figure it out.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  6. #6
    Senior Member
    Join Date
    Jan 2010
    Posts
    126

    Default

    Quote Originally Posted by srichards View Post
    How come I am unable to capture enough IV's even though I let it run up to 250000 data packets?
    Thanks
    This is most likely the best question for you to have asked to summarize your "problem". You are capturing data packets at a exponentially faster rate than you are capturing Initialization Vectors. There are a number of ways you can cause the access point to generate and your wifi adapter to catch IV's more rapidly. Address Resolution Protocol request replay attack, client deauthentication attack, etc.

    how you go about generating IV's more rapidly is up to your preference and other factors.

    hope this helps you a tiny bit.

  7. #7
    Member
    Join Date
    Dec 2007
    Location
    The Netherlands
    Posts
    267

    Default

    There's also a --ivs option I believe, which only saves the IV's to your harddrive, not the entire packet.

    Saves time and harddrive space.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •