Need help with my LAB
Ello all. I was referenced this forum by my professor. He said i could have my questions answered here. If thats true i am glad to be here. I could use some help on understanding what i am doing. I do NOT have backtrack. My linux classes are strictly FC. so i am using FC 8. I hope you do not mind me posting in this forum. I will give you a little background on me so that i do not send the wrong message.
My name is Matt and i am 23 years old. I am currently enrolled in a Network Engineering program. I am working towards my RHCE. I have only been using Linux since September 6th 07. So i am still a noob. This semester was Linux fundimentals such as basic commands and how to create and manipulate files. Next semester we start with the Networking area. My goal in school is to achieve the RHCE, CCNA, CCNP, and do two cyber security classes. Thats were you guys come in. As of right now i have my CCNA classes done. I do NOT have the cert but i passed the class with a 90%, but that does not mean i understand it all, lol.
Ok, now for the questions. I am using FC8 and i have installed wireshark, airsnort, and aircrack. I have my OWN private wireless that i have set up here at my work place. My boss and i are the only two IT dudes. Any way. After using airsnort for 6 hours and it finds 274,500 unique packets, it all of a sudden stopped. I still did not find the WEP key. What does this mean? does it mean we have good security or possibly my airsnort screwed up.
When i try a
root#airodump-ng wlan0
It will scan all the channels but it cant find any AP's. i went into iwconfig and my wlan0 is set up in monitor mode. I know it is receiving packets because wireshark and airsnort can see the packets. After i run the airodump command i noticed wireshark and airsnort stopped. I then have to reboot the system. I am using the MADWIFI driver package so every time i reboot i have to run these commands
root#wlanconfig wlan0 destroy
root#wlanconfig wlan0 create wlandev wifi0 wlanmode monitor
root#ifconfig wlan0 up
that will rebuild the VAP and bind it to my Wlan device. I have noticed that under iwconfig my wlan0 has our encryption key all ready typed in after i rebuild it using the above commands.. Im wondering if that is causing the issue. airsnort may be seeing the all ready configured WEP key and not posting one. IDK.
Thanx in advance. i owe you guys one. I have a final commin up in two weeks and im gettin nervous.
If you're running WEP, it doesn't matter how good your key is, it can be compromised in under 3 minutes by someone that knows what they're doing.
Since you did not find your key, you obviously have done something wrong.
There are several tutorials on the site here on how to crack WEP quickly and efficiently. I bet you can find them if you search.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
yeah i have heard that before but for some reason it takes me like 6 hours to get 274,000 packets. The only thing i can see as of right now is that the wifi net here at work has only me on it. Thats my problem, i dont know what im doing. lol. I will have to do a search. i appreciate your help and the info. Did you write any of the tutorials? I think my problem has something to do with my wifi dev. If i turn of the key with this commandOriginally Posted by streaker69
root#iwconfig wlan0 key off
i lose the access point and the link goes down. i thought in monitor mode you did not have to be associated with the AP or have the Key. any wya i am off work now and its time to study for the final. i owe you one mate.
I wish everybody was this easy to please with that reply you gave streaker. ....No spice in it..no razz...no jazz....just plain cut and dry "search any you'll find it."..worked!
Go figure!!!
[CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
[CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
[/B][/SIZE]
[URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
[/URL]
[URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
[/URL]
[URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]
[URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
[/CENTER]
Being blunt, as I've found in my life, is both a blessing and a curse.I wish everybody was this easy to please with that reply you gave streaker. ....No spice in it..no razz...no jazz....just plain cut and dry "search any you'll find it."..worked!
Go figure!!!
Most people don't take bluntness well.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
I love bluntness. Just get to the point so I can find out what I need to know and I really don't care about the delivery as long as it contains the relevant information.
LOL. Yes it can be a curse. My only problem with being blunt is that its out of my character. I can be blunt but when i do i have to be careful because sometimes i go over board. I did an expeiriment yesterday. I went to the college and configured my card to be in monitor mode. I went to iwconfig and noticed that my works WEP key was still in there and where it said it was associated with an AP, the MAC was of a AP at my work, or at least the last 4 digits were the same. The point is, i was able to capture packets slowly but surely. However the wifi at this particular campus had absolutely no security. What i need to try is my other campus that i know has WEP and see if i can capture packets with wireshark or airsnort. I have asked my professor and received permission to capture packets. Were i am lost with all of this is why when i change or take out the WEP key using
root#iwconfig key off or
root#iwconfig key (different 128 bit hex key)
i lose all association and link quality. I am either totally missing the boat on what monitor mode really is or i am missing some other configuration. any way its time for breakfast then its back to the final.
Posting Permissions
