try changing these lines 9-10
from
toCode:if [ "$SEL" != "" ] then
If that doesn't work try replacing "SEL" with another variable like "ESSID".Code:if [ "$SEL" != "" ]; then
that's the only thing I can think of... but it works fine on my system as is, as well as others... maybe it doesn't like the ESSIDs you enter, but I've also tried some of the ones posted here and I still couldn't reproduce the error.
I managed to get it to work by copy/pasting the code to a new file inside Backtrack, instead of making the file in Windows first. That seems like such a weird glitch.
Anyway, about how much data do I need to start cracking? Also, the attack managed to kill my router(WRT54GX2)and I had to restart it.
the script doesn't support blank ESSIDs, if a blank essid is entered it re-uses the old conf and last ESSID you tried to connect to. I programed it that way to make it easy to try the same AP again.
You'll have to re write it to connect to a blank ESSID, I'll see if I can in the next day or so.
hey there guys...
i have a laptop hp pavillion dv6775 with intel 4965agn ...
got everything working with it finally... every single thing...
manage the drivers is kinda easy ... then after that you can check that your card can actually do everything in aircrack-suite but not fake authenticate ... with ochlocracy script, everything got solved...
i cracked my 1st wep key ... after that, i tried to connect to the network with success, but, i couldnt use the internet cause i had to configure the Ip address of my wireless card ... that means that in this AP that im trying to connect, i cant use the internet if i dont have the ip address of the authenticated user and the ip address of the dns ... but anyways, password cracked ...
problems that i found during this new method to fake authenticate:
1 - blank essids ... yeah, if u wanna manage that, ull have to edit one fake.conf file created previously and then the script might fake authenticate you ... but in my network there were more than 1 essids blanks, so i wonder how the script would find the one i want ....
2 - you still cant fake authenticate in every single AP ... its just impossible to connect to some ...
3 - on the .conf file, is there any property to make wpa_supplicant work with BSSID's instead of the essid's ? cause i think that with bssid will be more efficient !
4 - ok i got the password ... and now ? when u try to connect to a router it comes to you that u need the IP address of ur client and of ur router... how do you do that ? i accept good answer ... ive been trying netdiscover, nmap, kismet and even wireshark ... good luck for yall!
Hello!Originally Posted by relias
You need to do a deauth of a user on the essid's network when airodump-ng are running. Then the essid will be visible for you (like normal, when not invisible). Then you do the script and start doing your thing. However, that's the way it supposed to work, but I have not managed to do that yet. My #data stops increaseing when starting fakit.sh after a deauth. I write about it yesterday in this thread.
If any of you have managed this to work, please tell us.
Regards
Well... my 1st WEP I didn't even use deauth. I remember I just had aireplay-ng running until I got one packet to resend. After that, I ran airodump, then i used the fake authentication script and after that i used the packet that i saved in order to inject. I used that interactive attack, the aireplay-ng -2 one i think ... And yes, I remember that when I tried to use the deauth, the # of data stopped increasing too...
My real worry today is: how do I discover IPs analyzing the packets that come to my card? I have the AP's and the client's mac address... but i just cant get their ip's which makes the password that i discovered practically unuseful. A lot of ppl are saying about Kismet ... I configured it properly to my card, but i dont know ... some AP's show me their IPs, but a lot still are 0.0.0.0.
Anyways, in aircrack-ng website, they opened a question: Resolve Mac addresses to IPs. They suggested 2 tools: netdiscover and ARP Tools. I didn't manage to work with ARP tools yet, but with netdiscover, it worked once using on active mode (not passive), and didnt work anymore, i dont know why. Now it always shows me an error about "unknown physical layer" or something like that...
Anyways, any help would be cool. I'll try to find more useful uses for deauth, since until now i've cracked without it.
Take care guys and thx for the many helps!
I've never had to crack a AP that wasn't broadcasting an ESSID, or I didn't know it already. But apparently it's not possible to associate with an AP unless you know the ESSID.
As Saftus said, you'll need to deauth a client connected to the AP first, if they reconnect airodump-ng will pick up the ESSID.
If someone else knows another method, please share.
I've also figured out why wpa_supplicant times out. (why the Data # stops collecting, and you need to re-fakeit) wpa_supplicant is hard coded to time out association attempts after 60 sec
Then it's no need to have lower than 60 sec's on each try? Or is it smart to set it lower, just to be sure?
Regards
Probably true... but at the time of writing the script, I didn't know there was an exact timeout, and just guesstimated 45 sec. and put that in as my default. But that makes sense now since it would take me about 15 sec. from starting fake auth, to typing up the ARP attack in another window, that's prob why I thought it was 45ish.
That said, I wouldn't use anything outside 45-60 sec.
Deleted, posted wrong place
Regards
chAngES
Posting Permissions
