Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: -=Xploitz=- TUTORIAL: E-Z Connect To WPA2 AES

  1. #1
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Exclamation -=Xploitz=- TUTORIAL: E-Z Connect To WPA2 AES

    Hello everyone. Its been quite some time since I last wrote another personal tutorial of mine for all my fans....So,... here's another super E-Z tutorial on "How to connect to your WPA2 Personal Network With AES Encryption Implemented".

    Lets begin shall we???




    In airodump-ng my network shows up as WPA2 CCMP PSK as seen below......







    First off....copy and paste the following, in blue, to your wpa_supplicant.conf located in your /etc directory. The actual wpa_supplicant.conf text will be at the bottom of the /etc directory.


    ctrl_interface=/var/run/wpa_supplicant
    ctrl_interface_group=0
    eapol_version=1
    # ap_scan=2 was the one for me you may try 0 or 1 indstead of 2
    ap_scan=2
    fast_reauth=1

    network={
    ssid="Xploitz Network"
    proto=RSN
    key_mgmt=WPA-PSK
    pairwise=CCMP
    group=CCMP
    psk="xploitztutorial"
    }


    Now, replace my ssid="Xploitz Network" with the name of your network....and replace my psk="-=Xploitz=-" with your Passphrase. (There is no reason to put -=Xploitz=- in hexadecimal because wpa supplicant parses it for you. So just put your passphrase in ASCII and all will be well.)

    Now save this.

    And in the same directory there is a folder called dhcpc. Go to it located in /etc/dhcpc folder and DELETE EVERYTHING!


    ***EDIT***
    ALSO PLEASE NOTE THAT WHEN YOU CHANGE ENCRYPTIONS OR CONNECT TO A NEW NETWORK, YOU WILL NEED TO DELETE EVERYTHING INSIDE THE /ETC/DHCPC FOLDER AGAIN TO BE ABLE TO CONNECT TO YOUR NEW NETWORK OR NEW NETWORKS NEW ENCRYPTION ***END EDIT***



    Next, open a new shell window and type in....

    bt ~ # chmod 777 /etc/wpa_supplicant.conf

    Next, type in....

    bt ~ # wpa_supplicant -w -Dwext -iath0 -c/etc/wpa_supplicant.conf

    (Please note in the above command my device is -iath0, yours may be wlan0, eth0, eth1..etc. Please change it to match your device; (example>>> -ieth0, or -iwlan0)

    Now you will see something similar to....

    {-=Xploitz=-} >wpa_supplicant -w -Dwext -iath0 -c/etc/wpa_supplicant
    Trying to associate with SSID 'Xploitz Network'
    Associated with 00:18:f8:b5:f2:d6
    WPA: Key negotiation completed with 00:18:f8:b5:f2:d6 [PTK=CCMP GTK=CCMP]
    CTRL-EVENT-CONNECTED - Connection to 00:18:f8:b5:f2:d6 completed (auth) [id=0 id_str=]


    And it will "Hang" here and stay. Why?? Simple. The command above will allow you to see all the "behind the scenes" action of connecting to your network, so you can troubleshoot it if need be. Now, our next command to execute....

    Open a new shell and type....

    dhcpcd ath0 (or whatever your device is)

    Now you should see a "pop-up" somewhere on your screen saying "KDE Network Monitoring...Connection Established!"

    Bingo! There ya go.

    Also please note that once you get comfortable with my method..you may change....

    bt ~ # wpa_supplicant -w -Dwext -iath0 -c/etc/wpa_supplicant.conf

    to.....


    bt ~ # wpa_supplicant -w -Dwext -iath0 -B -c/etc/wpa_supplicant.conf

    This added -B option will run the program in the background for the deamon mode, and you'll IMMEDIATELY get an "return command line" ....

    bt ~ #


    so that you can put in dhcpcd ath0



    So yet another WAP2 mystery solved by -=Xploitz=-



    And one last thing.........
    Please post your success and / or failures and problems you may have encountered here in this thread. And if you liked this tutorial and found it helpful, please take 5 minutes to say "Thanks". Because it took me hours to figure this out and 15 minutes to post this tutorial for you guys. Thank you all very much.


    Enjoy everyone!!!
    -=Xploitz=-


    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  2. #2
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    14

    Default

    Thanks for that Xploitz, worked like a charm, nice 1!

  3. #3
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by -URIX- View Post
    Thanks for that Xploitz, worked like a charm, nice 1!
    Cool! Glad you got it running. I can't believe I forgot to post this tutorial 3 months ago when I did the others...but whats worse is nobody brought it to my attention or requested it!!

    Maybe most of you guys don't use WPA2 AES or your comps or cards don't support it??

    Anyways,...sorry guys that I forgot about this one. But now you have it and you know it works.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  4. #4
    Just burned his ISO
    Join Date
    Mar 2008
    Posts
    5

    Default Need Help: Cannot connect to Linksys using WPA2...

    Ok, so I have been trying for days to connect to my WRT54GX4 from BackTrack 3 without any success. I have read, it seems like 100s of threads without any succcess. I have made sure I have followed each recommendation to the letter. I would have expected this tut to provide me with steps that worked, but I still have no success!

    I thought I would try reaching out to the community before I give-up!

    Here are the details and steps that I have followed:

    Linksys Wireless (WRT54GX4) Router Settings:
    SSID: WhatEver
    Wireless Channel: auto
    Network Mode: Mixed
    Security Mode: WPA/WPA2 Personal
    WPA Personal: Disabled
    WPA2 Personal: Enabled
    Encryption: TKIP+AES
    Key:123BillyBob
    Key Renewal: 3600 seconds


    Steps that I followed:

    1. Ran airodump-ng wlan0, I get the following results...

    BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

    00:16:B6:F7:33:03 0 277 23 0 11 54 WPA2 CCMP PSK 123BillyBob

    AS you can see, clearly the Encryption I am using is WPA2 with a cipher of CCMP and auth of PSK.


    2. I use the following settings in the wpa_suplicant.config file:

    ctrl_interface=/var/run/wpa_supplicant
    ctrl_interface_group=0
    ap_scan=1

    network={
    ssid="123BillyBob"
    proto=RSN
    key_mgmt=WPA-PSK
    pairwise=CCMP TKIP
    group=CCMP TKIP
    psk="123Junk"
    }

    3. next I delete everything in the /etc/dhcpc dir

    4. open a shell and run following: chmod 777 /etc/wpa_supplicant.conf

    5. run wpa_supplicant -w -Dwext -iwlan0 -c/etc/wpa_supplicant.conf

    When I do this, I get the following results:

    ioctl[SIOCSIWMODE]: Device or resource busy
    Could not configure driver to use managed mode
    ioctl[SIOCSIWAUTH]: Operation not supported
    WEXT auth param 4 value 0x0 - ioctl[SIOCSIWAUTH]: Operation not supported
    WEXT auth param 5 value 0x1 - ioctl[SIOCSIWSCAN]: Operation not supported
    Failed to initiate AP scan.
    ioctl[SIOCSIWSCAN]: Operation not supported
    Failed to initiate AP scan.
    ioctl[SIOCSIWSCAN]: Operation not supported
    Failed to initiate AP scan.
    ioctl[SIOCSIWSCAN]: Operation not supported
    Failed to initiate AP scan.
    ioctl[SIOCSIWSCAN]: Operation not supported
    Failed to initiate AP scan.


    5. Of course opeing a new shell and typing "dhcpcd wlano" does anything for me.

    Oh yeah, of course this works flawlessly from Windows Vista or from BackTrack 3 when the router is not setup to use WPA2!

    What could I be missing?


    Thanks for any help guys!

  5. #5
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    what card are you using ?

  6. #6
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Linksys Wireless (WRT54GX4) Router Settings:
    SSID: WhatEver
    Wireless Channel: auto
    Network Mode: Mixed
    Security Mode: WPA/WPA2 Personal
    WPA Personal: Disabled
    WPA2 Personal: Enabled
    Encryption: TKIP+AES
    Key:123BillyBob



    BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

    00:16:B6:F7:33:03 0 277 23 0 11 54 WPA2 CCMP PSK 123BillyBob

    ctrl_interface=/var/run/wpa_supplicant
    ctrl_interface_group=0
    ap_scan=1

    network={
    ssid="123BillyBob"
    proto=RSN
    key_mgmt=WPA-PSK
    pairwise=CCMP TKIP
    group=CCMP TKIP
    psk="123Junk"
    }


    ioctl[SIOCSIWMODE]: Device or resource busy
    Could not configure driver to use managed mode
    ioctl[SIOCSIWAUTH]: Operation not supported
    WEXT auth param 4 value 0x0 - ioctl[SIOCSIWAUTH]: Operation not supported
    WEXT auth param 5 value 0x1 - ioctl[SIOCSIWSCAN]: Operation not supported

    Well besides the fact that in airodump your essid is the same as your key in the section immediately following the major issue is that it seems from the errors that you are trying to do this while your card is in monitor mode. What card are you using is the question like BP asked?

  7. #7
    Just burned his ISO
    Join Date
    Mar 2008
    Posts
    5

    Default

    Sorry guys, I changed some of the details of the output, just so I wasn't sharing the "real" settings.

    The card that I am using is the "Intel(R) PRO/Wireless 3945ABG". The driver that works for me is the iwl3945 and when monitoring, I use iwpraw.

    I am at a loss now as I have tried what seems to be 100s of combinations, so I am a bit frustrated right now. The laptop I am working on is a Dell D820, which really shouldn't make a difference.

    I am sure it's going to be some small details that I am missing, but I cannot seem to put my finger on this.

    You guys have been very helpful, so any ideas are greatly appreciated!

  8. #8
    Just burned his ISO
    Join Date
    Mar 2008
    Posts
    5

    Default I switched the routers and it's working now...

    I replaced my WRT54GX4 with my old WRT54G router and the 1st time I tried to connect using WPA2/TKIP+AES it worked!

    Has anyone been able to connect to a WRT54GX4 using WPA2/TKIP+AES?

    It must be something with the firmware, but I have banged my head for way too long on this. I am able to connect to my good old WRT54G with no problems.

    Regards,
    Wishi

  9. #9
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by Wishi View Post
    I replaced my WRT54GX4 with my old WRT54G router and the 1st time I tried to connect using WPA2/TKIP+AES it worked!

    Has anyone been able to connect to a WRT54GX4 using WPA2/TKIP+AES?

    It must be something with the firmware, but I have banged my head for way too long on this. I am able to connect to my good old WRT54G with no problems.

    Regards,
    Wishi
    As per my PM to you..

    hostap is needed for your Centrino card along with a kernel recompile tweak according to the man pages on WPA supplicant I found with a Google search. See your PM for the link. I'd post it here, but I already deleted my PM sent items. Anything having to do with hosap is beyond my current knowledge as I have 0 experience with it.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  10. #10
    Just burned his ISO
    Join Date
    May 2008
    Posts
    4

    Default

    Thanks to Xploitz for all the tutorials.

    I'm just having a little problem with driver issue (I think). I'm using a Ralink chipset USB dongle (Hawkings) that comes up as rausb0 with ifconfig and iwconfig. It runs fine for WEP cracking as well as general use for net surfing using Windows and Mac laptops with WEP and WPA/WPA2 networks so hardware is fine.

    With
    wpa_supplicant -w -Dwext -irausb0 -c/etc/wpa_supplicant.conf (I substituted rausb0)
    wext driver seems to not work. I keep on getting:

    Trying to associate with SSID '<network name>'

    then whole bunch of

    WEXT auth param <#'s> value 0x<#> - ioctl [SIOCSIWAUTH]: Operation not supported

    I'm assuming wext (generic Linux driver) doesn't support Ralink, but when I try to specify '-Dralink' it just gives me 'unsupported driver' error.

    Is there a driver I should be using? Am I calling it wrong? Thanks in advance.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •