Page 1 of 2 12 LastLast
Results 1 to 10 of 38

Thread: few questions

Hybrid View

  1. #1
    Junior Member
    Join Date
    Jul 2008
    Posts
    66

    Default few questions

    Howdy fellas,

    Since I kept playing with BT3 further I have a few certain questions to which I could not find answers, so there they are:

    1. My neighbour agreed to let me try to crack his AP's WEP, but since we wanted it to be more realistic (if you wanna predict actions of a hacker you have to put yourself in his position), so he did not say when he's online, etc. So when I am running "aireplay-ng --arpreplay" (also use --deauth one time) the lines are running and the numbers of "got ARP requests" are increasing, packet injection is working (i suppose). But suddenly lines stop running, though ARP request's and etc. are increasing in the last line. What does that mean, does that mean that I am still geting IV's or is something wrong? Or does that mean, that there is no trafic on my neighbours AP? I'm including a picture for a clearer view:



    2. Does the range and other abilities of the wlan adapter have much influence on how much packets I can intercept/inject? When trying on my AP I was able to crack the WEP in 14 minutes (with considerable traffic of course, my HTC Diamond was watching youtube at the time), however with my neighbour's AP different story - I can keep running airdump, aireplay and aircrack the whole day and it hardly collects 25000 IV's... resulting not cracking WEP. Does the range is vital to such an attack?

    3. There is a public (without password) AP in my vicinity (could be a cafee wifi or smth., so I don't think checking it out is illegal) always with 7 or so clients like kismet shows. But I am unable to connect to it even with cloning some of the clients MAC adress, so I made assumption that it's not MAC-list enabled. What could be the reason then?

    EDIT:
    question 4. is it possible to use several *.cap files at once to crack WEP? For example if I'm running aireplay-ng each day at the end of the day stopping it collecting ~25000 ivs, so after 4 days I would have 4 cap files each approx 25000 ivs.

  2. #2
    Member m1cha3l's Avatar
    Join Date
    May 2008
    Posts
    208

    Default

    1. have you tried a clientless attack?

    2. Of course range effects the injection process. most WEP is crackable in under five mins.

    3.
    There is a public (without password) AP in my vicinity
    just because there is no encryption does not make it public. If you do not have permission from the owner then it is still illegal.

    4. as for several .cap files you have the syntax already!! it would be
    Code:
    aircrack-ng -b 00:11:22:33:44:55  *.cap
    to use all .cap files in the pwd or

    Code:
    aircrack-ng -s -b 00:11:22:33:44:55 filename*.cap
    to use only cap files of that name

  3. #3
    Junior Member
    Join Date
    Jul 2008
    Posts
    66

    Default

    Quote Originally Posted by m1cha3l View Post
    1. have you tried a clientless attack?

    2. Of course range effects the injection process. most WEP is crackable in under five mins.

    3.

    just because there is no encryption does not make it public. If you do not have permission from the owner then it is still illegal.

    4. as for several .cap files you have the syntax already!! it would be
    Code:
    aircrack-ng -b 00:11:22:33:44:55  *.cap
    to use all .cap files in the pwd or

    Code:
    aircrack-ng -s -b 00:11:22:33:44:55 filename*.cap
    to use only cap files of that name
    Of course, that few commands are very useful, didn't think of that. Also there might be a naive question, but what is clientless attack?

  4. #4
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by caballero View Post
    Of course, that few commands are very useful, didn't think of that. Also there might be a naive question, but what is clientless attack?
    Just as the name infers, an attack on an access point that has no connected cients.
    dd if=/dev/swc666 of=/dev/wyze

  5. #5
    Junior Member
    Join Date
    Jul 2008
    Posts
    66

    Default

    Quote Originally Posted by wyze View Post
    Just as the name infers, an attack on an access point that has no connected cients.
    So I guess that means that it's a is futile attack which wouldn't be so futile if the client was online? I have one more question, I am somehow confused by how programs detect AP's encryption. For example WiCrawl shows, that AP is WEP encrypted, kismet shows that the same AP is WPA encrypted. Or another example - kismet shows, that AP is WEP encrypted and Wireless Assistant shows that the same AP is not encrypted at all. What does that mean? This is a real mess that I was not expecting from linux.

  6. #6
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by caballero View Post
    So I guess that means that it's a is futile attack which wouldn't be so futile if the client was online?
    What it means is that you have to use a different method than the ARP-replay one to be able to obtain the WEP key.
    I have one more question, I am somehow confused by how programs detect AP's encryption. For example WiCrawl shows, that AP is WEP encrypted, kismet shows that the same AP is WPA encrypted. Or another example - kismet shows, that AP is WEP encrypted and Wireless Assistant shows that the same AP is not encrypted at all. What does that mean? This is a real mess that I was not expecting from linux.
    I have not noticed any inconsistencies of this kind, but I would rely on the information given by Kismet as it is one of the best wireless scanners available for any platform.
    -Monkeys are like nature's humans.

  7. #7
    Just burned his ISO
    Join Date
    Aug 2008
    Posts
    1

    Default

    Ive succesfully used your wpe cracking tutorial and got the final key. My question is how to use it, and is it possible to decrypt it, if its supposed to

    Trying to learn, plz reply

    P.S. Key - 24:95:23:06:12:87:87:82:74:25:73:18:24

  8. #8
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by caballero View Post
    Code:
        * The client MAC you have specified is not currently authenticated.
          Try running another aireplay-ng to fake authentication (attack "-1").
    None of the "Possible reasons" are really possible in my case.
    So does this mean that you sorted out your problems with authenticating with the AP? According to your previous posts it seems like you are still having issues with this step and this would then be the reason why you are receiving the error message.
    Quote Originally Posted by Infinis View Post
    Ive succesfully used your wpe cracking tutorial and got the final key. My question is how to use it, and is it possible to decrypt it, if its supposed to

    Trying to learn, plz reply

    P.S. Key - 24:95:23:06:12:87:87:82:74:25:73:18:24
    What do you need to decrypt, you already have the WEP key?

    If you mean that you want to decrypt the encrypted packets using the key without actually connecting to the AP this can be done for example using either Kismet or airdecap-ng. The information on how to connect to an WEP encrypted AP can be found in probably 50 % of the existing threads on this forum, just do some research.
    -Monkeys are like nature's humans.

  9. #9
    Junior Member
    Join Date
    Jul 2008
    Posts
    66

    Default

    Quote Originally Posted by =Tron= View Post
    So does this mean that you sorted out your problems with authenticating with the AP? According to your previous posts it seems like you are still having issues with this step and this would then be the reason why you are receiving the error message.
    Well I gues I haven't solved the authentication and probably never will with that crappy ipw2200. Just getting tired of searching and asking, every time hitting the wall.

  10. #10
    Junior Member
    Join Date
    Jul 2008
    Posts
    66

    Default

    Funny thing happened to me and I don't know is that good or bad. When last time I restarted my notebook my ipw2200 interface changed from eth1 to eth0. Is that normal? What could be the cause? Because I did not touch configuration before restarting.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •