Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Learning pentester here

  1. #1
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    7

    Cool Learning pentester here

    Hi

    I'm studying for the ethical hacking exam and CISSP, so i stumbled on backtrack here to try some practical things.

    Have some linux experience, but i'm mainly a Windows admin. (don't want to start any flame threads here...)

    I'm trying to crack a wepkey on a testrouter, it worked once, but i'm a little confused here..

    iwconfig gives me this:
    Code:
    lo        no wireless extensions.
    
    eth0      no wireless extensions.
    
    eth1      unassociated  ESSID:off/any
              Mode:Managed  Channel=0  Access Point: Not-Associated
              Bit Rate:0 kb/s   Tx-Power=20 dBm   Sensitivity=8/0
              Retry limit:7   RTS thr:off   Fragment thr:off
              Encryption key:off
              Power Management:off
              Link Quality:0  Signal level:0  Noise level:0
              Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
              Tx excessive retries:0  Invalid misc:0   Missed beacon:0
    
    wifi0     no wireless extensions.
    
    ath0      IEEE 802.11g  ESSID:""  Nickname:""
              Mode:Managed  Channel:0  Access Point: Not-Associated
              Bit Rate:0 kb/s   Tx-Power:31 dBm   Sensitivity=0/3
              Retry:off   RTS thr:off   Fragment thr:off
              Encryption key:off
              Power Management:off
              Link Quality=0/94  Signal level=-95 dBm  Noise level=-95 dBm
              Rx invalid nwid:98  Rx invalid crypt:0  Rx invalid frag:0
              Tx excessive retries:0  Invalid misc:0   Missed beacon:0
    My wlan is a pcmcia DWL-G650 V4, i looked in the hcl list, and saw this one.
    When starting kismet i can choose between wifi0,eth1,ath0 and get an error that it cannot zet the vap in monitor mode.

    The same thing with wifi0 works, i can see my networks etc.. so is this okay?
    Then i only can use airodump with ath1
    The arpreplay and deauth i can perform perfectly

    Now is this the "normal" way? I have the feeling that pcmcia wlan cannot inject packets. I can post every step i take, but i just want to make sure i have a good wl card.

    Will try to get the wep key via an ap and no clients connected now.

    Thx in advance

  2. #2
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    7

    Default

    Just followed Xploitz instruction to crack with no clients. Great tutorial!

    I just did 1 thing differently, at the fake authentication point i used --fakeauth with the same smiley result, guess a version thing?

    Atm i don't get any arp requests...

  3. #3
    Senior Member PrairieFire's Avatar
    Join Date
    Apr 2007
    Posts
    705

    Default

    Quote Originally Posted by Cobos View Post
    Hi
    My wlan is a pcmcia DWL-G650 V4, i looked in the hcl list, and saw this one.
    When starting kismet i can choose between wifi0,eth1,ath0 and get an error that it cannot zet the vap in monitor mode.

    The same thing with wifi0 works, i can see my networks etc.. so is this okay?
    Then i only can use airodump with ath1
    The arpreplay and deauth i can perform perfectly

    Now is this the "normal" way? I have the feeling that pcmcia wlan cannot inject packets. I can post every step i take, but i just want to make sure i have a good wl card.

    Will try to get the wep key via an ap and no clients connected now.

    Thx in advance
    As you should of seen on the HCL:Wireless page the correct kismet configuration for that card.

    After you insert the card ath0 will be created in mode managed. It is always a good idea to kill any VAP's before creating new ones so:
    Code:
    wlanconfig ath0 destroy
    ifconfig wifi0 up
    airmon-ng start wifi0
    Now ath0 is in monitor mode and ready to be used with the aircrack-ng suite. You can checkout aircrack-ng's site to learn how to test your card to see if it is injecting properly.
    Μολὼν λαβέ - Great spirits encounter heavy opposition from mediocre minds.

  4. #4
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    7

    Default

    Hi thx for the reply, overlooked that one sorry...

    Did the thing you said, it works. (duh...)

    Now the thing is that i'm still waiting for any arp requests, although i found a client that should be connected to the AP.

    I tried a deauth, get the message got a deauth/disassoc paket. is the source mac associated. But it seems i can't get more data.

    thx fory any help...

  5. #5
    Senior Member PrairieFire's Avatar
    Join Date
    Apr 2007
    Posts
    705

    Default

    Quote Originally Posted by Cobos View Post
    Hi thx for the reply, overlooked that one sorry...

    Did the thing you said, it works. (duh...)

    Now the thing is that i'm still waiting for any arp requests, although i found a client that should be connected to the AP.

    I tried a deauth, get the message got a deauth/disassoc paket. is the source mac associated. But it seems i can't get more data.

    thx fory any help...

    How far are you away from your AP?
    Μολὼν λαβέ - Great spirits encounter heavy opposition from mediocre minds.

  6. #6
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    7

    Default

    After a while i got 2 arp request, and i see it's sending packets now, although the #data doesn't increase that much...

    It's the building next door (live next of my company), in windows i can see it has a reasonable signal. 3 out of 6.

    Could that be the "problem"?

    At this rate it's going to take a long time, is this normal?

    I also see a lot of Notice:got a deauth etc.. packet

    thx for the support

  7. #7
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by Cobos View Post
    It's the building next door (live next of my company), in windows i can see it has a reasonable signal. 3 out of 6.
    Are you authorized to be attacking this AP?
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  8. #8

    Default

    i think that you might be onto something that your not supposed to be??
    if it's not your router & you dont have full signal, then bad boys bad boys, watcha gonna do when the come for you?
    I could post some helpful info, but am not sure if it's your AP & I dnt wanna be helping someone that's doing illegal stuff

  9. #9
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by samsung View Post
    i think that you might be onto something that your not supposed to be??
    if it's not your router & you dont have full signal, then bad boys bad boys, watcha gonna do when the come for you?
    I could post some helpful info, but am not sure if it's your AP & I dnt wanna be helping someone that's doing illegal stuff
    Common sense tells me that you do not have authorization but rather you are trying to crack your employer's AP... probably thinking something of the lines that you're going to be able to change the numbers on your timecard

    I see this day in and day out. To me these people are either:

    1) Egotistical idiots trying to be/look cool thinking they are l33t
    2) A criminal who probably doesn't know what the hell to do once they crack an AP
    dd if=/dev/swc666 of=/dev/wyze

  10. #10
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    7

    Default

    I own my own company..

    I'm new to wireless cracking, have some experience in security auditing and have now the time to study for it in depth, hey i'm only 25... and don't want to be the "pretender".

    We have 2 ap's, one with WPA and 802.11 auth. and one that i configured now with just wep 128 bit. I just want to see if i can 1.Connect to AP and 2 checkout the network..

    So instead of blaming me.. you might want to read my first post first, no offence. We all have to start somewhere.

    Besides, for one i'm maybe a noob to pentesting, but i'm not a noob on other things. One should be glad to see some actually want to understand what they are doïng

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •