Page 1 of 4 123 ... LastLast
Results 1 to 10 of 38

Thread: few questions

  1. #1
    Junior Member
    Join Date
    Jul 2008
    Posts
    66

    Default few questions

    Howdy fellas,

    Since I kept playing with BT3 further I have a few certain questions to which I could not find answers, so there they are:

    1. My neighbour agreed to let me try to crack his AP's WEP, but since we wanted it to be more realistic (if you wanna predict actions of a hacker you have to put yourself in his position), so he did not say when he's online, etc. So when I am running "aireplay-ng --arpreplay" (also use --deauth one time) the lines are running and the numbers of "got ARP requests" are increasing, packet injection is working (i suppose). But suddenly lines stop running, though ARP request's and etc. are increasing in the last line. What does that mean, does that mean that I am still geting IV's or is something wrong? Or does that mean, that there is no trafic on my neighbours AP? I'm including a picture for a clearer view:



    2. Does the range and other abilities of the wlan adapter have much influence on how much packets I can intercept/inject? When trying on my AP I was able to crack the WEP in 14 minutes (with considerable traffic of course, my HTC Diamond was watching youtube at the time), however with my neighbour's AP different story - I can keep running airdump, aireplay and aircrack the whole day and it hardly collects 25000 IV's... resulting not cracking WEP. Does the range is vital to such an attack?

    3. There is a public (without password) AP in my vicinity (could be a cafee wifi or smth., so I don't think checking it out is illegal) always with 7 or so clients like kismet shows. But I am unable to connect to it even with cloning some of the clients MAC adress, so I made assumption that it's not MAC-list enabled. What could be the reason then?

    EDIT:
    question 4. is it possible to use several *.cap files at once to crack WEP? For example if I'm running aireplay-ng each day at the end of the day stopping it collecting ~25000 ivs, so after 4 days I would have 4 cap files each approx 25000 ivs.

  2. #2
    Member m1cha3l's Avatar
    Join Date
    May 2008
    Posts
    208

    Default

    1. have you tried a clientless attack?

    2. Of course range effects the injection process. most WEP is crackable in under five mins.

    3.
    There is a public (without password) AP in my vicinity
    just because there is no encryption does not make it public. If you do not have permission from the owner then it is still illegal.

    4. as for several .cap files you have the syntax already!! it would be
    Code:
    aircrack-ng -b 00:11:22:33:44:55  *.cap
    to use all .cap files in the pwd or

    Code:
    aircrack-ng -s -b 00:11:22:33:44:55 filename*.cap
    to use only cap files of that name

  3. #3
    Junior Member
    Join Date
    Jul 2008
    Posts
    66

    Default

    Quote Originally Posted by m1cha3l View Post
    1. have you tried a clientless attack?

    2. Of course range effects the injection process. most WEP is crackable in under five mins.

    3.

    just because there is no encryption does not make it public. If you do not have permission from the owner then it is still illegal.

    4. as for several .cap files you have the syntax already!! it would be
    Code:
    aircrack-ng -b 00:11:22:33:44:55  *.cap
    to use all .cap files in the pwd or

    Code:
    aircrack-ng -s -b 00:11:22:33:44:55 filename*.cap
    to use only cap files of that name
    Of course, that few commands are very useful, didn't think of that. Also there might be a naive question, but what is clientless attack?

  4. #4
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by caballero View Post
    Of course, that few commands are very useful, didn't think of that. Also there might be a naive question, but what is clientless attack?
    Just as the name infers, an attack on an access point that has no connected cients.
    dd if=/dev/swc666 of=/dev/wyze

  5. #5
    Junior Member
    Join Date
    Jul 2008
    Posts
    66

    Default

    Quote Originally Posted by wyze View Post
    Just as the name infers, an attack on an access point that has no connected cients.
    So I guess that means that it's a is futile attack which wouldn't be so futile if the client was online? I have one more question, I am somehow confused by how programs detect AP's encryption. For example WiCrawl shows, that AP is WEP encrypted, kismet shows that the same AP is WPA encrypted. Or another example - kismet shows, that AP is WEP encrypted and Wireless Assistant shows that the same AP is not encrypted at all. What does that mean? This is a real mess that I was not expecting from linux.

  6. #6
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by caballero View Post
    So I guess that means that it's a is futile attack which wouldn't be so futile if the client was online?
    What it means is that you have to use a different method than the ARP-replay one to be able to obtain the WEP key.
    I have one more question, I am somehow confused by how programs detect AP's encryption. For example WiCrawl shows, that AP is WEP encrypted, kismet shows that the same AP is WPA encrypted. Or another example - kismet shows, that AP is WEP encrypted and Wireless Assistant shows that the same AP is not encrypted at all. What does that mean? This is a real mess that I was not expecting from linux.
    I have not noticed any inconsistencies of this kind, but I would rely on the information given by Kismet as it is one of the best wireless scanners available for any platform.
    -Monkeys are like nature's humans.

  7. #7
    Junior Member
    Join Date
    Jul 2008
    Posts
    66

    Default

    Quote Originally Posted by =Tron= View Post
    What it means is that you have to use a different method than the ARP-replay one to be able to obtain the WEP key. I have not noticed any inconsistencies of this kind, but I would rely on the information given by Kismet as it is one of the best wireless scanners available for any platform.
    I see. Yes, usually kismet agrees with airodump-ng. Would you care to shed at least some basic info about that different method to obtain the WEP key when there are no clients connected or if there are client connected, but his traffic is rather low? Because from all I have read in this forum I thought it's impossible.

  8. #8
    Member m1cha3l's Avatar
    Join Date
    May 2008
    Posts
    208

    Default

    try typing "aircrack-ng" into google!

  9. #9
    Junior Member
    Join Date
    Jul 2008
    Posts
    66

    Default

    Quote Originally Posted by m1cha3l View Post
    try typing "aircrack-ng" into google!
    is it something that sounds like "Fake authentication" method then?

  10. #10
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by caballero View Post
    I see. Yes, usually kismet agrees with airodump-ng. Would you care to shed at least some basic info about that different method to obtain the WEP key when there are no clients connected or if there are client connected, but his traffic is rather low? Because from all I have read in this forum I thought it's impossible.
    It is most definitely possible and I do not know which posts on the forum would make you think any different. A tutorial on how to crack WEP without any connected clients can be found on the following location:
    http://aircrack-ng.org/doku.php?id=h...ith_no_clients
    There are also several good howtos on this subject posted on the forum.
    Quote Originally Posted by caballero View Post
    is it something that sounds like "Fake authentication" method then?
    Sounds like you should take some time to actually get to understand the process of cracking WEP a bit better. More good tutorials can be found here:
    http://aircrack-ng.org/doku.php?id=tutorial
    -Monkeys are like nature's humans.

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •