Results 1 to 4 of 4

Thread: WEP Help

  1. #1
    Just burned his ISO
    Join Date
    May 2008
    Posts
    4

    Default WEP Help

    Hi,

    I'm currently trying to crack a WEP to test out network security for a neighbor friend. I'm planning to switch their network over to WPA for them over the weekend but thought I'd get their permission to try and crack their current set up.

    I've tried to crack my WEP routers to no avail in the past. Here is my issue.

    I'm following the directions from this tutorial: forums.remote-exploit.org/showthread.php?t=9063

    When I use this command, this is what I get after several minutes:

    Code:
    aireplay-ng -3 -b 00:18:F8:50:E5:35 -h 00:11:22:33:44:55 wlan0
    
    04:37:07  Waiting for beacon frame (BSSID: 00:18:F8:50:E5:35) on channel 6
    Saving ARP requests in replay_arp-0612-043707.cap
    You should also start airodump-ng to capture replies.
    Read 25981 packets (got 0 ARP requests and 0 ACKs), sent 0 packets...(0 pps)
    I'm not sure why there are 0 ARP requsts and 0 ACKs. If there is anymore information that's needed please let me know!


    **Update**
    I started using this guide: hxxp://forums.remote-exploit.org/showthread.php?t=7872 which worked flawlessly on my neighbor friend's access point. It turns out their key is their phone number. I am still unable to successfully crack wep with the first guide that I linked.

    I had another issue that arose though. My wireless networks have essid length of more than 7.
    How do I find out the essid name when airodump only displays up to 7 characters?

    Thank you!

    PS I was successfully able to crack my friend's WPA encryption using a tutorial from xploitz. The dictionary had 4 entries though one of which was the correct key

  2. #2
    Member m1cha3l's Avatar
    Join Date
    May 2008
    Posts
    208

  3. #3
    Just burned his ISO
    Join Date
    May 2008
    Posts
    4

    Default

    Thanks for the tutorial on aircrack.

    If an Essid is longer than 7 character how can one figure out the name of it? I have two access points that I own that are called HappyDude and HappyPuppy. I'm trying to test to see if someone would be able to crack them and how they would go about doing that.

  4. #4
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    If an Essid is longer than 7 character how can one figure out the name of it?
    The sama way one would figure out a ESSID of any length. Wait until a client associates with the AP at which point the ESSID is broadcasted as clear text and can be intercepted. It is also possible to bruteforce the ESSID using mdk3. If the name doesn't fit inside the current konsole window you can just resize it to your liking.
    -Monkeys are like nature's humans.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •