Page 9 of 15 FirstFirst ... 7891011 ... LastLast
Results 81 to 90 of 145

Thread: 4965 agn

  1. #81
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    21

    Default

    try changing these lines 9-10

    from

    Code:
    if [ "$SEL" != "" ]
    then
    to

    Code:
    if [ "$SEL" != "" ]; then
    If that doesn't work try replacing "SEL" with another variable like "ESSID".

    that's the only thing I can think of... but it works fine on my system as is, as well as others... maybe it doesn't like the ESSIDs you enter, but I've also tried some of the ones posted here and I still couldn't reproduce the error.

  2. #82
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    11

    Default

    I managed to get it to work by copy/pasting the code to a new file inside Backtrack, instead of making the file in Windows first. That seems like such a weird glitch.

    Anyway, about how much data do I need to start cracking? Also, the attack managed to kill my router(WRT54GX2) and I had to restart it.

  3. #83
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    21

    Default

    the script doesn't support blank ESSIDs, if a blank essid is entered it re-uses the old conf and last ESSID you tried to connect to. I programed it that way to make it easy to try the same AP again.

    You'll have to re write it to connect to a blank ESSID, I'll see if I can in the next day or so.

  4. #84
    Just burned his ISO
    Join Date
    Mar 2009
    Posts
    2

    Default

    hey there guys...
    i have a laptop hp pavillion dv6775 with intel 4965agn ...
    got everything working with it finally... every single thing...
    manage the drivers is kinda easy ... then after that you can check that your card can actually do everything in aircrack-suite but not fake authenticate ... with ochlocracy script, everything got solved...

    i cracked my 1st wep key ... after that, i tried to connect to the network with success, but, i couldnt use the internet cause i had to configure the Ip address of my wireless card ... that means that in this AP that im trying to connect, i cant use the internet if i dont have the ip address of the authenticated user and the ip address of the dns ... but anyways, password cracked ...

    problems that i found during this new method to fake authenticate:

    1 - blank essids ... yeah, if u wanna manage that, ull have to edit one fake.conf file created previously and then the script might fake authenticate you ... but in my network there were more than 1 essids blanks, so i wonder how the script would find the one i want ....

    2 - you still cant fake authenticate in every single AP ... its just impossible to connect to some ...

    3 - on the .conf file, is there any property to make wpa_supplicant work with BSSID's instead of the essid's ? cause i think that with bssid will be more efficient !

    4 - ok i got the password ... and now ? when u try to connect to a router it comes to you that u need the IP address of ur client and of ur router... how do you do that ? i accept good answer ... ive been trying netdiscover, nmap, kismet and even wireshark ... good luck for yall!

  5. #85
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    5

    Default

    Quote Originally Posted by relias View Post
    problems that i found during this new method to fake authenticate:

    1 - blank essids ... yeah, if u wanna manage that, ull have to edit one fake.conf file created previously and then the script might fake authenticate you ... but in my network there were more than 1 essids blanks, so i wonder how the script would find the one i want ....
    Hello!

    You need to do a deauth of a user on the essid's network when airodump-ng are running. Then the essid will be visible for you (like normal, when not invisible). Then you do the script and start doing your thing. However, that's the way it supposed to work, but I have not managed to do that yet. My #data stops increaseing when starting fakit.sh after a deauth. I write about it yesterday in this thread.
    If any of you have managed this to work, please tell us.

    Regards

  6. #86
    Just burned his ISO
    Join Date
    Mar 2009
    Posts
    2

    Default

    Well... my 1st WEP I didn't even use deauth. I remember I just had aireplay-ng running until I got one packet to resend. After that, I ran airodump, then i used the fake authentication script and after that i used the packet that i saved in order to inject. I used that interactive attack, the aireplay-ng -2 one i think ... And yes, I remember that when I tried to use the deauth, the # of data stopped increasing too...

    My real worry today is: how do I discover IPs analyzing the packets that come to my card? I have the AP's and the client's mac address... but i just cant get their ip's which makes the password that i discovered practically unuseful. A lot of ppl are saying about Kismet ... I configured it properly to my card, but i dont know ... some AP's show me their IPs, but a lot still are 0.0.0.0.

    Anyways, in aircrack-ng website, they opened a question: Resolve Mac addresses to IPs. They suggested 2 tools: netdiscover and ARP Tools. I didn't manage to work with ARP tools yet, but with netdiscover, it worked once using on active mode (not passive), and didnt work anymore, i dont know why. Now it always shows me an error about "unknown physical layer" or something like that...

    Anyways, any help would be cool. I'll try to find more useful uses for deauth, since until now i've cracked without it.

    Take care guys and thx for the many helps!

  7. #87
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    21

    Default

    I've never had to crack a AP that wasn't broadcasting an ESSID, or I didn't know it already. But apparently it's not possible to associate with an AP unless you know the ESSID.

    As Saftus said, you'll need to deauth a client connected to the AP first, if they reconnect airodump-ng will pick up the ESSID.

    If someone else knows another method, please share.

    I've also figured out why wpa_supplicant times out. (why the Data # stops collecting, and you need to re-fakeit) wpa_supplicant is hard coded to time out association attempts after 60 sec

  8. #88
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    5

    Default

    Quote Originally Posted by ochlocracy View Post
    I've also figured out why wpa_supplicant times out. (why the Data # stops collecting, and you need to re-fakeit) wpa_supplicant is hard coded to time out association attempts after 60 sec
    Then it's no need to have lower than 60 sec's on each try? Or is it smart to set it lower, just to be sure?

    Regards

  9. #89
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    21

    Default

    Quote Originally Posted by saftus View Post
    Then it's no need to have lower than 60 sec's on each try? Or is it smart to set it lower, just to be sure?

    Regards
    Probably true... but at the time of writing the script, I didn't know there was an exact timeout, and just guesstimated 45 sec. and put that in as my default. But that makes sense now since it would take me about 15 sec. from starting fake auth, to typing up the ARP attack in another window, that's prob why I thought it was 45ish.

    That said, I wouldn't use anything outside 45-60 sec.

  10. #90
    Just burned his ISO
    Join Date
    Mar 2009
    Posts
    2

    Default

    Deleted, posted wrong place

    Regards
    chAngES

Page 9 of 15 FirstFirst ... 7891011 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •