Announcement: WEPBuster Beta Finally Released!

[arche]

I'm not sure about the Intel card issue. I never had that issue before. Try putting the ap in known_ap.txt and run wepbuster repeatedly. Also try reloading the drivers before each run and see if you will always get the same results.

Sorry for wasting your time on this issue, the intel 4695agn has issues with injection. Which I can see why that would cause a issue with wepbuster. Search was not my friend this morning, but read the issues and now I am just going to try to unload the driver for that card and just use the Hawking USB.

I am going to be trying the hidden ssid with the linksys ap. Will post the results soon.

[arche]

This is weird.. I just tested an AP with a hidden SSID, and wepbuster didn't throw that error. Can you comment line 531 (that is, if you're using the latest version), and once wepbuster is finished scanning for APs, hit CTRL+C and inspect the contents of chanX-01.csv and try to look for that particular AP and see what the SSID looks like? Also, try to run the script again and increase the scan_duration to maybe 10 or 15.

ok, as you requested. I also extended the scan_duration to 15. Here is what happens:

root@bt:~/# perl wepbuster

Detecting wireless interfaces...

---------------------------------------------------------

Found wlan1...
Getting monitor interface...
monitor interface --> mon3

Found 1 useable wireless card(s)

wlan1/mon3

================================================== =======

No valid channel entered. Using the default ( US = 1 6 11 )


MODE: crack (using: wlan1/mon3 == 00:XX:XX:XX:XX:XX)

Scanning channel 6 for WEP-enabled Access Points
...............
Found 0 AP(s) on channel 6


.
Scanning channel 1 for WEP-enabled Access Points
..............
Found 1 AP(s) on channel 1

BSSID IV CHANNEL SSID ASSOCIATED CLIENTS

00:XX:XX:XX:XX:XX 11 1

.
Scanning channel 11 for WEP-enabled Access Points
..............
Found 0 AP(s) on channel 11



Total AP found: 1

Now starting to crack...


################################################## #######

Pwning "" (00:XX:XX:XX:XX:XX) Thu Jun 18 15:38:24 2009
Checking for mac filtering...sh: Syntax error: Unterminated quoted string
Trying to associate...sh: Syntax error: Unterminated quoted string

Can't associate. aireplay-ng died!

################################################## #######

And here is the contents of chan11-01.csv:

BSSID, First time seen, Last time seen, channel, Speed, Privacy, Cipher, Authentication, Power, # beacons, # IV, LAN IP, ID-length, ESSID, Key

Station MAC, First time seen, Last time seen, Power, # packets, BSSID, Probed ESSIDs


Anyways, let me know what else I can do.

[arche]

After trying this a few times over, the only output i get is out of channel 11. This is the output of chan11-01.csv:

BSSID, First time seen, Last time seen, channel, Speed, Privacy, Cipher, Authentication, Power, # beacons, # IV, LAN IP, ID-length, ESSID, Key
00:XX:XX:XX:XX:XX, 2009-06-18 16:50:18, 2009-06-18 16:50:32, 11, 54, WEP , WEP, , -42, 144, 0, 0. 0. 0. 0, 8, ^@^@^@^@^@^@^@^@,

Station MAC, First time seen, Last time seen, Power, # packets, BSSID, Probed ESSIDs

By the way, no matter what channel I try the output file is always chan11-01.csv, shouldn't the file name change with the channel change?

[wif1bust3r]

After trying this a few times over, the only output i get is out of channel 11. This is the output of chan11-01.csv:

BSSID, First time seen, Last time seen, channel, Speed, Privacy, Cipher, Authentication, Power, # beacons, # IV, LAN IP, ID-length, ESSID, Key
00:XX:XX:XX:XX:XX, 2009-06-18 16:50:18, 2009-06-18 16:50:32, 11, 54, WEP , WEP, , -42, 144, 0, 0. 0. 0. 0, 8, ^@^@^@^@^@^@^@^@,

Station MAC, First time seen, Last time seen, Power, # packets, BSSID, Probed ESSIDs

By the way, no matter what channel I try the output file is always chan11-01.csv, shouldn't the file name change with the channel change?

Filename will change of course, but before scanning a channel, webpuster deletes everything so the only dump you will find might be the last channel it has scanned. You have to comment that line I mentioned earlier to avoid this.

[arche]

Filename will change of course, but before scanning a channel, webpuster deletes everything so the only dump you will find might be the last channel it has scanned. You have to comment that line I mentioned earlier to avoid this.

I did comment out this line, you asked for the output. But before every scan I would erase the files manually. But channel 11 was the only one producing a output. Channel 1 and 11 was like what I posted before. Anything I can do?

[arche]

Just to let you know, beta 3 works fine with the hidden ssid. But beta 4 does not seem to work. One thing I did notice is that in beta 3, it actually will say hidden on the scan for the ssid. But in beta 4 it just shows "". Not sure if that helps.

[wif1bust3r]

I did comment out this line, you asked for the output. But before every scan I would erase the files manually. But channel 11 was the only one producing a output. Channel 1 and 11 was like what I posted before. Anything I can do?

Not sure about this one. You have to compare the txt output of airodump-ng using BT3 against BT4 (e.g., if SSID is hidden, the field is left blank, while in another version, the field contains e.g., @@@@). It would be great if you can verify this as I don't have any of those Live CDs lying around at the moment.

[Missing File]

First things first. I'm very happy that you came up with a script like this. Its amazing!

Right now I don't have BT3-4 (long story) so I tried it out on my server (Gentoo-Sabayon based). I downloaded the latest off the google page including the precompiled aircrack/odump/eplay-ng. I replaced them accordingly in /usr/bin/ and /usr/sbin/.

This is my output:

[note:Ignore the "WARNING" thing. My network has a medieval feeling to it. We added that.]

king |tarball_staging|# perl wepbuster
WARNING: *Running as King! This could be dangerous!*
1...2...3...4...5... Running! Long live the King!

Detecting wireless interfaces...

---------------------------------------------------------

Found wlan0...
Getting monitor interface...
monitor interface --> mon0

Found 1 useable wireless card(s)

wlan0/mon0

================================================== =======

No valid channel entered. Using the default ( US = 1 6 11 )


MODE: crack (using: wlan0/mon0 == xx:xx:xx:xx:xx:xx)
.
Scanning channel 6 for WEP-enabled Access Points
.....
Found 1 AP(s) on channel 6

BSSID IV CHANNEL SSID ASSOCIATED CLIENTS

XX:XX:XX:XX:XX:XX 0 6 TheVillage

Scanning channel 1 for WEP-enabled Access Points
......
Found 0 AP(s) on channel 1


.
Scanning channel 11 for WEP-enabled Access Points
.....
Found 0 AP(s) on channel 11



Total AP found: 1

Now starting to crack...

################################################## #######

Pwning "TheVillage" (XX:XX:XX:XX:XX:XX) Mon Jun 22 03:29:06 2009
Checking for mac filtering...Trying to associate...aireplay-ng: /usr/lib/libcryp
to.so.0.9.8: no version information available (required by aireplay-ng)
ioctl(SIOCSIWMODE) failed: Device or resource busy

ARP linktype is set to 1 (Ethernet) - expected ARPHRD_IEEE80211,
ARPHRD_IEEE80211_FULL or ARPHRD_IEEE80211_PRISM instead. Make
sure RFMON is enabled: run 'airmon-ng start wlan0 <#>'
Sysfs injection support was not found either.

Can't associate. aireplay-ng died!

################################################## #######

Doh'! I had network manager on. It would be an awesome idea for wepbuster to close any program that could interfere with it, just saying. I closed it and it went well till this part:

################################################## #######

Pwning "TheVillage" (XX:XX:XX:XX:XX:XX) Mon Jun 22 04:24:51 2009
Checking for mac filtering...
Can't associate. aireplay-ng died!

################################################## #######

I tried running it without replacing the precompiled aireplay-ng (but replacing only airodump and aircrack-ng). Same results.

Any help?

[wif1bust3r]

First things first. I'm very happy that you came up with a script like this. Its amazing!

Any help?

Aireplay-ng died.. It cannot associate. Have you tried associating manually? Most likely you will end up with the default aireplay-ng error message:


Attack was unsuccessful. Possible reasons:
* Perhaps MAC address filtering is enabled.
* Check that the BSSID (-a option) is correct.
* Try to change the number of packets (-o option).
* The driver/card doesn't support injection.
* This attack sometimes fails against some APs.
* The card is not on the same channel as the AP.
* You're too far from the AP. Get closer, or lower
the transmit rate.


For those errors, you have to ask aircrack-ng developers.

[banderaz]

BT4-pre
Clean install, made it persistent
put aircrack-ng, aireplay-ng and airodump-ng in:
usr/bin usr/sbin usr/local/bin usr/local/sbin
(this after hints on your code page and reading the thread)

webbuster script put in a folder on root/wepbuster
edit the script, since I am in EU

This is what happens when executing:

Code:

root@bt:~/wepbuster# perl wepbuster

Detecting wireless interfaces...
.......................................................
Found wlan0...
Getting monitor interface...
monitor interface --> mon1|

Found 1 useable wireless card(s)
wlan0/mon1
===============================
No calid channel entered. Using the default ( EU = 1 5 9 13)
MODE: crack    (using: wlan0/mon1 == 00:11:00:11:00:AB) (masked)
Scanning channel 1 for WEP-enabled Access Points
.................Killed

Is there something I overlooked in the thread?
My AP is currently on channel 9, but it never go pass working on #1...

Hardware: Dell Inspiron 9400 with intel 3945ABG using driver iwl3845
I have not done anything other than making a persistent usb of the live cd.

Looks to be a very good script btw!