Page 1 of 9 123 ... LastLast
Results 1 to 10 of 86

Thread: -=Xploitz=- TUTORIAL: E-Z Connect To WPA2 Personal WithTKIP+AES

  1. #1
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Exclamation -=Xploitz=- TUTORIAL: E-Z Connect To WPA2 Personal WithTKIP+AES

    Hello everyone. Just thought I would write all of my fans here a super E-Z tutorial on "How to connect to your WPA2 Personal with TKIP+AES".

    In airodump-ng my network shows up as......

    BSSID ........................PWR.........RXQ......Beaco ns...#Data,..#/s...CH...MB...ENC...... CIPHER...AUTH..............ESSID
    00:18:F8:B5:F2: D6....64.............100.........404...........9.. .......0......6.....48. WPA2.... CCMP......PSK.........Xploitz Network


    First off....copy and paste the following, in blue, to your wpa_supplicant.conf located in your /etc directory. The actual wpa_supplicant.conf text will be at the bottom of the /etc directory.


    ctrl_interface=/var/run/wpa_supplicant
    ctrl_interface_group=0
    ap_scan=1

    network={
    ssid="Xploitz Network"
    proto=RSN
    key_mgmt=WPA-PSK
    pairwise=CCMP TKIP
    group=CCMP TKIP
    psk="-=Xploitz=-"
    }


    Now, replace my ssid="Xploitz Network" with the name of your network....and replace my psk="-=Xploitz=-" with your Passphrase. (There is no reason to put -=Xploitz=- in hexadecimal because wpa supplicant parses it for you. So just put your passphrase in ASCII and all will be well.)

    Now save this.

    And in the same directory there is a folder called dhcpc. Go to it located in /etc/dhcpc folder and DELETE EVERYTHING!


    ***EDIT***
    ALSO PLEASE NOTE THAT WHEN YOU CHANGE ENCRYPTIONS OR CONNECT TO A NEW NETWORK, YOU WILL NEED TO DELETE EVERYTHING INSIDE THE /ETC/DHCPC FOLDER AGAIN TO BE ABLE TO CONNECT TO YOUR NEW NETWORK OR NEW NETWORKS NEW ENCRYPTION ***END EDIT***



    Next, open a new shell window and type in....

    bt ~ # chmod 755 /etc/wpa_supplicant.conf

    Next, type in....

    bt ~ # wpa_supplicant -w -Dwext -iath0 -c/etc/wpa_supplicant.conf

    (Please note in the above command my device is -iath0, yours may be wlan0, eth0, eth1..etc. Please change it to match your device; (example>>> -ieth0, or -iwlan0)

    Now you will see something similar to....

    Trying to associate with 00:18:f8:b5:f2:d6 (SSID='Xploitz Network' freq=2437 MHz)
    Associated with 00:18:f8:b5:f2:d6
    WPA: Key negotiation completed with 00:18:f8:b5:f2:d6 [PTK=CCMP GTK=TKIP]
    CTRL-EVENT-CONNECTED - Connection to 00:18:f8:b5:f2:d6 completed (auth) [id=0 id_str=]


    And it will "Hang" here and stay. Why?? Simple. The command above will allow you to see all the "behind the scenes" action of connecting to your network, so you can troubleshoot it if need be. Now, our next command to execute....

    Open a new shell and type....

    dhcpcd ath0 (or whatever your device is)

    Now you should see a "pop-up" somewhere on your screen saying "KDE Network Monitoring...Connection Established!"

    Bingo! There ya go.

    Also please note that once you get comfortable with my method..you may change....

    bt ~ # wpa_supplicant -w -Dwext -iath0 -c/etc/wpa_supplicant.conf

    to.....


    bt ~ # wpa_supplicant -w -Dwext -iath0 -B -c/etc/wpa_supplicant.conf

    This added -B option will run the program in the background for the deamon mode, and you'll IMMEDIATELY get an "return command line" ....

    bt ~ #


    so that you can put in dhcpcd ath0

    I really hope this helps out a lot of people, because I have had SEVERAL PMs requesting how to accomplish this. Not untill just now have I myself figured this method out. I want to take the time out to thank the people who tolerated my MANY PM's on this subject. And these people were all in the same boat as me...

    Thank you
    shamanvirtuel, for your suggestions..you were ALMOST THERE with this problem.

    Thank you balding_parrot, for you "Brainstorming" with me and tolerating all my questions about .mo and lzm files.

    And last but not least, my very good friend, purehate. Who even though he had no clue how to help me, he still offered me motivation and encouragement not to quit.

    So another mystery solved by -=Xploitz=-

    And one last thing.........
    Please post your success and / or failures and problems you may have encountered. And if you liked this tutorial and found it helpful, please take 5 minutes to say "Thanks". Because it took me days to figure this out and 15 minutes to post this tutorial for you guys. Thank you all very much.


    Enjoy everyone!!!
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  2. #2
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Great work......

    Sorry I got sidetracked from helping you with this , the sqlite / Aircrack-ng problem just took over all my time.

    This is why RE and BT2 are #1

    We solve the problems

  3. #3
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    No need for any apologies balding_parrot. I completely understand. Besides, its more gratifying when you do it all yourself.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  4. #4
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Quote Originally Posted by -=Xploitz=- View Post
    Hello everyone. Just thought I would write all of my fans here a super E-Z tutorial on "How to connect to your WPA2 Personal with TKIP+AES".

    In airodump-ng my network shows up as......

    BSSID ........................PWR.........RXQ......Beaco ns...#Data,..#/s...CH...MB...ENC...... CIPHER...AUTH..............ESSID
    00:18:F8:B5:F2: D6....64.............100.........404...........9.. .......0......6.....48. WPA2.... CCMP......PSK.........Xploitz Network


    First off....copy and paste the following, in blue, to your wpa_supplicant.conf located in your /etc directory. The actual wpa_supplicant.conf text will be at the bottom of the /etc directory.


    ctrl_interface=/var/run/wpa_supplicant
    ctrl_interface_group=0
    ap_scan=1

    network={
    ssid="Xploitz Network"
    proto=RSN
    key_mgmt=WPA-PSK
    pairwise=CCMP TKIP
    group=CCMP TKIP
    psk="-=Xploitz=-"
    }


    Now, replace my ssid="Xploitz Network" with the name of your network....and replace my psk="-=Xploitz=-" with your Passphrase. (There is no reason to put -=Xploitz=- in hexadecimal because wpa supplicant parses it for you. So just put your passphrase in ASCII and all will be well.)

    Now save this.

    Go to your /etc/dhcpc folder and DELETE EVERYTHING!

    Next, open a new shell window and type in....

    bt ~ # chmod 755 /etc/wpa_supplicant.conf

    Next, type in....

    bt ~ # wpa_supplicant -w -Dwext -iath0 -c/etc/wpa_supplicant.conf

    (Please note in the above command my device is -iath0, yours may be wlan0, eth0, eth1..etc. Please change it to match your device; (example>>> -ieth0, or -iwlan0)

    Now you will see something similar to....

    Trying to associate with 00:18:f8:b5:f2:d6 (SSID='Xploitz Network' freq=2437 MHz)
    Associated with 00:18:f8:b5:f2:d6
    WPA: Key negotiation completed with 00:18:f8:b5:f2:d6 [PTK=CCMP GTK=TKIP]
    CTRL-EVENT-CONNECTED - Connection to 00:18:f8:b5:f2:d6 completed (auth) [id=0 id_str=]


    And it will "Hang" here and stay. Why?? Simple. The command above will allow you to see all the "behind the scenes" action of connecting to your network, so you can troubleshoot it if need be. Now, our next command to execute....

    Open a new shell and type....

    dhcpcd ath0 (or whatever your device is)

    Now you should see a "pop-up" somewhere on your screen saying "KDE Network Monitoring...Connection Established!"

    Bingo! There ya go.

    Also please note that once you get comfortable with my method..you may change....

    bt ~ # wpa_supplicant -w -Dwext -iath0 -c/etc/wpa_supplicant.conf

    to.....


    bt ~ # wpa_supplicant -w -Dwext -iath0 -B -c/etc/wpa_supplicant.conf

    This added -B option will run the program in the background for the deamon mode, and you'll IMMEDIATELY get an "return command line" ....

    bt ~ #


    so that you can put in dhcpcd ath0

    I really hope this helps out a lot of people, because I have had SEVERAL PMs requesting how to accomplish this. Not untill just now have I myself figured this method out. I want to take the time out to thank the people who tolerated my MANY PM's on this subject. And these people were all in the same boat as me...

    Thank you
    shamanvirtuel, for your suggestions..you were ALMOST THERE with this problem.

    Thank you balding_parrot, for you "Brainstorming" with me and tolerating all my questions about .mo and lzm files.

    And last but not least, my very good friend, purehate. Who even though he had no clue how to help me, he still offered me motivation and encouragement not to quit.

    So another mystery solved by -=Xploitz=-

    And one last thing.........
    Please post your success and / or failures and problems you may encounter. And if you liked this tutorial and found it helpful, please take 5 minutes to say "Thanks". Because it took me days to figure this out and 15 minutes to post this tutorial for you guys. Thank you all very much.


    Enjoy everyone!!!
    Thanks bro Im glad you figured it out. If I wasnt so busy with work I would have tried to help more. I wonder though does this same method work for wpa radius and leap. I m thinking of switching to radius as it is the only unbreakable wireless "so far". A lot of people are requesting it and I need to do it at home first.

  5. #5
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Question

    Quote Originally Posted by purehate View Post
    Thanks bro Im glad you figured it out. If I wasnt so busy with work I would have tried to help more. I wonder though does this same method work for wpa radius and leap. I m thinking of switching to radius as it is the only unbreakable wireless "so far". A lot of people are requesting it and I need to do it at home first.
    I have the ability to use WPA2 Enterprise which is Radius, with my router....but to be honest, I've never really played with it. I do however have an wpa_supplicant that is suppose to work. I will make this my new project and when I figureit out I will post another tutorial for Radius. Try this out purehate...


    # EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the old
    peaplabel

    network={
    ssid="Xploitz Network"
    scan_ssid=1
    key_mgmt=WPA-EAP
    eap=PEAP
    identity="your-username"
    password="your-password"
    phase1="peaplabel=0"
    phase2="auth=MSCHAPV2"
    priority=1
    }

    ***EDIT***

    Also, I just found this one...

    WPA-RADIUS/EAP-PEAP/MSCHAPv2 with RADIUS servers that use old peaplabel
    (e.g., Funk Odyssey and SBR, Meetinghouse Aegis, Interlink RAD-Series)

    ctrl_interface=/var/run/wpa_supplicant
    ctrl_interface_group=wheel
    network={
    ssid="Xploitz Network"
    scan_ssid=1
    key_mgmt=WPA-EAP
    eap=PEAP
    identity="user@example.com"
    password="foobar"
    ca_cert="/etc/cert/ca.pem"
    phase1="peaplabel=0"
    phase2="auth=MSCHAPV2"
    }

    If ANYONE gets a chance to test these before me, which I'll test out tomorrow, PLEASE POST YOUR SUCCESS / FAILURES HERE!
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  6. #6
    Junior Member
    Join Date
    May 2007
    Posts
    60

    Default

    Xploitz,

    I have WPA-AES which is not the same as WPA2. Will this wpa_supplicant work?

    Thanks,

  7. #7
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Thumbs up

    Quote Originally Posted by bound4h View Post
    Xploitz,

    I have WPA-AES which is not the same as WPA2. Will this wpa_supplicant work?

    Thanks,
    To answer your question, No. This is a tutorial for WPA2 Personal with TKIP+AES.

    See my other tutorial for WPA with AES here please....

    http://forums.remote-exploit.org/showthread.php?t=7482
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  8. #8
    Member
    Join Date
    Apr 2007
    Posts
    163

    Default

    bt ~ # wpa_supplicant -w -Dwext -iath0 -c/etc/wpa_supplicant.conf
    just to round this up, with an additional "-dd" you can see the network scan and the EAPOL handshake for the connection. Helped me figure out what's going on.

    Another great job -=Xploitz=-, thank you so much for this! You're just too

    The answer is 42.

  9. #9
    Member
    Join Date
    Apr 2007
    Posts
    163

    Default

    i am not sure what happened, i can't connect to my ap anymore. i mean, it worked, and i didn't change anything. i checked the ssid more than once, and the psk. as i said, i did't change something. it worked. after reboot, it wouldn't. It seems that the wpa_supplicant finds my network, but can't validate it with my config file. here is my wpa.conf:

    Code:
    ctrl_interface=/var/run/wpa_supplicant
    network={
    ssid="operators_wireless_name"
    key_mgmt=WPA-PSK
    proto=WPA
    pairwise=CCMP TKIP
    group=CCMP TKIP
    psk="operators_psk"
    priority=3
    }
    so when i try to do a

    Code:
    wpa_supplicant -w -Dwext -iath0 -c/etc/wpa_supplicant.conf -dd
    i get this:

    Code:
    No suitable AP found.
    Setting scan request: 0 sec 0 usec
    Starting AP scan (broadcast SSID)
    RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
    Wireless event: cmd=0x8b19 len=8
    Received 239 bytes of scan results (1 BSSes)
    Scan results: 1
    Selecting BSS from priority group 3
    0: xx:xx:xx:e9:8d:15 ssid='' wpa_ie_len=26 rsn_ie_len=0 caps=0x11
       skip - SSID mismatch
    No suitable AP found.
    Setting scan request: 5 sec 0 usec
    CTRL-EVENT-TERMINATING - signal 2 received
    Removing interface ath0
    State: SCANNING -> DISCONNECTED
    wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
    WEXT: Operstate: linkmode=-1, operstate=5
    No keys have been configured - skip key clearing
    EAPOL: External notification - portEnabled=0
    EAPOL: External notification - portValid=0
    wpa_driver_wext_set_wpa
    wpa_driver_wext_set_drop_unencrypted
    wpa_driver_wext_set_countermeasures
    No keys have been configured - skip key clearing
    Cancelling scan request
    Cancelling authentication timeout
    WEXT: Operstate: linkmode=0, operstate=6
    where "0: xx:xx:xx:e9:8d:15 ssid='' " is the right AP mac. is it because my AP doesn't broadcast my network name? i was wondering, because it did work.
    and i am also up to use the generic linux drivers. this is an atheros based card, the orinoco gold 8470wd. as i said, it worked until reboot.
    Anyone there with an idea?
    The answer is 42.

  10. #10
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Not meaning to belittle you, or state what could be the obvious, but you did up the card first didn't you ?

Page 1 of 9 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •