Results 1 to 7 of 7

Thread: A problem in Cracking WEP with BT 3

  1. #1
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    2

    Question A problem in Cracking WEP with BT 3

    Hi all back track 3 Rulez

    I have been following a tutorial step by step trying to crack my own wireless network WEP key using aircrack-ng tools.

    I have a broadcom chipset which I’m not sure is compatible but i can receive many networks in the wireless assistant and it appears to be going in and out of monitor mode smoothly

    the problem is when i airodump-ng (interface) all the network i can i see have PWR 0 and some even -1 which is quite strange because generally i get good signals from my neighbours and excellent signals from my own network.

    Also I noticed that while i do some airmon-ng commands i get disconnected from the internet and cannot see ANY wireless networks in the wireless assistant all of a sudden.

    I’m a new user so any explanation in somewhat easy language would be great!

  2. #2
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Which chipset does your broadcom have? BT3b works out of the box and supports injection for at least all bcm43xx chipsets.

    the problem is when i airodump-ng (interface) all the network i can i see have PWR 0 and some even -1 which is quite strange because generally i get good signals from my neighbours and excellent signals from my own network.
    PWR readings are not supported for broadcom chipsets so this is nothing to be worried about.

    Also I noticed that while i do some airmon-ng commands i get disconnected from the internet and cannot see ANY wireless networks in the wireless assistant all of a sudden.
    Naturally you can not expect to stay connected to a network while putting your wireless card into promiscuous mode. And as a side note, do not use the Wireless Assistant but learn to use the command line instead and you will be spared from a lot of connection issues.
    -Monkeys are like nature's humans.

  3. #3
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    2

    Arrow

    Quote Originally Posted by =Tron= View Post
    Which chipset does your broadcom have? BT3b works out of the box and supports injection for at least all bcm43xx chipsets..
    I have Dell wireless 1390 Wlan mini card manufactured by broadcom with the bcm43xx chipset

    Quote Originally Posted by =Tron= View Post
    PWR readings are not supported for broadcom chipsets so this is nothing to be worried about..
    thanks for clearing that up! So then i have a different problem because when i enter command: aireplay-ng -1 0 <BSSID> -h <MY MAC> -e <ESSID> <interface> i get no successful authentications it just kind keeps trying for a while

    And another thing.. my ESSID is IDEX EST when i write down with the exactly the same including the space in the middle it prompts to use --help

    i hope i managed to explain myself


    Quote Originally Posted by =Tron= View Post
    Naturally you can not expect to stay connected to a network while putting your wireless card into promiscuous mode. And as a side note, do not use the Wireless Assistant but learn to use the command line instead and you will be spared from a lot of connection issues.
    Ok how do i bring it up in the command line

    Thanks for any help!

  4. #4
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Since you have a space in the name you should put a ' at each end ofthe word, i.e. 'IDEX EST'. This also goes for any other special character by the way. This might very well be the reason you are unable to fake-authenticate with the AP. Also i believe you should have a -a before the BSSID, or it might have been a -b .

    i will be assuming that your wireless interface is eth1, in that case this is how to connect using the konsole:
    Code:
    rm /etc/dhcpc/*
    iwconfig eth1 mode managed
    iwconfig eth1 essid 'IDEX EST' 
    iwconfig eth1 key xx:xx:xx
    ifconfig eth1 up 
    dhcpcd -d -n eth1
    xx:xx:xx is the WEP key in hex format
    -Monkeys are like nature's humans.

  5. #5
    Junior Member carrot's Avatar
    Join Date
    Nov 2007
    Posts
    25

    Default

    Quote Originally Posted by =Tron= View Post
    Also i believe you should have a -a before the BSSID, or it might have been a -b .
    If I remember right, it's a -a when you're doing fakeauth and a -b when you're doing arp request replay.
    A little nonsense now and then is relished by the wisest men.
    -Willy Wonka-

  6. #6
    Junior Member
    Join Date
    May 2008
    Posts
    38

    Default

    Quote Originally Posted by =Tron= View Post
    rm /etc/dhcpc/*
    iwconfig eth1 mode managed
    iwconfig eth1 essid 'IDEX EST'
    iwconfig eth1 key xx:xx:xx

    ifconfig eth1 up
    dhcpcd -d -n eth1
    I use the channel option; I am new so I don't know if I am correct;
    Well you can stick the following line into the space above, change the "6" to match the channel on your router;
    iwconfig eth1 channel 6

    I have seen the following, and I am not sure that the enc exactly means, and it worked for me:
    iwconfig eth1 enc 11111111111111111111111111
    hxxp://forums.remote-exploit.org/showpost.php?p=84667&postcount=2

    Since you cannot google "iwconfig" before your connected, I thought I would say that you can
    get little hints by typing the following:

    type bt ~ # man iwconfig
    for the Long version of help,
    or
    type bt ~ # iwconfig --help
    for the short version of help,

    ««EDocTooR»»

  7. #7
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    I use the channel option; I am new so I don't know if I am correct;
    Well you can stick the following line into the space above, change the "6" to match the channel on your router;
    iwconfig eth1 channel 6
    Actually this depends on the card/driver. A few cards require you to specify the channel that the AP is on as well, but most cards will scan through all channels until it is found. The broadcom cards will find it without the need to specify the channel.

    I have seen the following, and I am not sure that the enc exactly means, and it worked for me:
    iwconfig eth1 enc 11111111111111111111111111
    Enc = encryption. So using this command will have the same effect as my suggested iwconfig eth1 key. The numbers/letters after this is the WEP key in hex, as you see the : symbols can be left out.
    -Monkeys are like nature's humans.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •