Page 3 of 16 FirstFirst 1234513 ... LastLast
Results 21 to 30 of 159

Thread: Newbie Guide:- How to crack a WEP key, step by step. By another newbie.

  1. #21
    Junior Member
    Join Date
    Jun 2006
    Posts
    61

    Default

    Quote Originally Posted by trueblu8
    Yes, problem solved! I got rid of that damned auditor and d/l-ed BT Beta, and low and behold, problem solved, works like a charm.
    well glad it worked but this was backtrack forums u know?
    there's a forum here for auditor ;-)
    I would tell u to use it now for future problems but now you have backtrack...
    so welcome to the world of BT ;-D

  2. #22
    Just burned his ISO
    Join Date
    May 2006
    Posts
    3

    Default

    BackTrack should include TheGreatVirus' wepcrack script, its the BEST thing I've ever used. I cracked my own 128bit WEP wireless D-Link router in 28 minutes with 650k IV's total collected. I probably could have cracked it alot sooner but there seems to be a problem with aircrack running very slowly when using this script I think TGV said he was going to update the script so it works faster with aircrack. Anyways thats my 2 cents.

  3. #23
    Just burned his ISO
    Join Date
    May 2006
    Posts
    1

    Default What kind Wireless card should i use

    Hi my friends,

    I have a intel 2945abg wireless card.

    I use it to practice backtrack. When i execute the airodump, I can receive package but i can not send package. Also, when i use wepcrack, it only crack 1500 package each time. Can someone help me.

    My email is pandy1m30d@yahoo.com

    Please help me. thank you.

    Pan

  4. #24
    Just burned his ISO
    Join Date
    Jun 2006
    Posts
    4

    Unhappy

    Quote Originally Posted by BigDook
    Hi

    I have downloaded the latest BT and finally figured out how to crack a WEP key. Thought i'd post my routine for anyone else who might be having trouble.

    BTW, i'm a complete newbie to BT and any Linux related stuff, but will be hoping to change that.

    OK, first off some quick info on my specs. Acer Laptop (CeleronM) with built in Atheros 5005 wireless.

    1. Fire up Kismet and find the AP you wanna access, sort the listed AP's by using "S" then "C". Then select your AP, hit "Enter" to get any info you may need from it (MAC Address, WEP, Channel etc.) Then press "q" to come out of that details screen, and with my AP select type "L"(capital) which as far as i can see makes your card lock onto that AP.

    2. Open a console screen, then enter the following command to launch AiroDump which will "sniff" the packets about you.

    Command = "airodump-ng -w capture -c 6 ath0"

    OK, "airodump-ng" is the program itself.
    "-w capture" Gets it to write the sniffed packets to a file called "capture.cap".
    "-c 6" Makes the program ONLY sniff on channel 6.
    "ath0" The name of my wireless card.

    Leave that running, and keep an eye on the MAC address of your desired AP and the packets/data increasing (the Data is the IV's)

    3. Open another console to be used to make AirePlay perform a DE-AUTH attack on a specific machine connected to that AP. This should make that specific machine disconnect and reconnect to the AP, and in the process make it send data to the AP which will include the WEP key.

    Command = "aireplay-ng -e DLINK -a 00:11:22:33:44:55 -c 66:77:88:99:00:AA --deauth 10 ath0"

    "aireplay-ng" is the program itself
    "-e DLINK" is the name of the SSID of the target AP.
    "-a 00:11:22:33:44:55" is the MAC address of the target AP.
    "-c 66:77:88:99:00:AA" is the MAC address of the target machine connected to that AP (you should be able to find any machines connected to the AP from looking at the info in AiroDump).
    "--deauth 10" The type of attack we're performing, in this case it's the DEAUTH attack repeated 10 times.
    "ath0" The name of my wireless card.

    Have that command ready to go, but don't do it yet.

    4. Open another console screen, and again we're going to use AIREPLAY, but this time it's going to capture some packets that might contain any IV data, then keep repeating to pump this info to the AP by "pretending" to be the target machine that the other instance of Aireplay performed the DEAUTH attack on.

    Command = "aireplay-ng --arpreplay -b 00:11:22:33:44:55 -h 66:77:88:99:00:AA ath0"

    "aireplay-ng" Name of the program.
    "--arpreplay" Is the function of aireplay you are trying to perform, in this case it's a replay of a ARP request, which will contain IV data.
    "-b 00:11:22:33:44:55" MAC address of the target AP.
    "-h 66:77:88:99:00:AA" MAC address of the target machine connected to that AP.
    "ath0" Name of my wireless card.

    Right, run that command, and you should see it searching for packets.

    Fire off the previous command to initiate the DEAUTH attack, then switch back to the aireplay replay screen. And you should see it detect a deauth/discon of a machine, then it capture that packet, and start repeating to pump it back to the AP by pretending to be the target machine.

    Flick over to airodump screen, and HOPEFULLY it should have lots of DATA or IV packets coming through.

    You can close down the DEAUTH screen of aireplay now, and then let the other one keep replaying that packet until you feel you have enough packets to crack it, or just start the crack whilest more packets keep flooding through.

    5. Open the FINAL console screen which will be used to run AirCrack which will scan the captured packets from AiroDump.

    Command = "aircrack-ng -f 4 -m 00:11:22:33:44:55 -n 64 capture.cap

    "aircrack-ng" Name of the program.
    "-f 4" Run the Fudgefactor 4 times (hehe, i have no idea what this is but apparently increase the fudgefactor to have a better chance of finding the key, but will take longer the higher the number".
    "-m 00:11:22:33:44:55" MAC address of the target AP, so your not searching packets of AP's that you don't wanna crack.
    "-n 64" The amount of bits in the key, in this case it's 64, but theres also 128 etc.
    "capture.cap" Name of the capture file being created by AiroDump.

    Fire it off, and depending on how quick your machine is, how many IV's you've capped or what bit your key is (in my case only 64) and BINGO! It finds the key.

    I tested this on my home AP so i already knew the key, and only used one laptop.


    Am sure i've got some terms wrong, or could do it more efficently, but this worked for this newbie, and i'm a very happy chap.

    Hope it helps anyone.

    I downloaded BT latest version. How can I fire up Kismet? what comand to use in order to fire up Kismet? "I have to learn to walk before I can run "Sorry, I am totally new to this hobbie testing. Looking forware to hear from you all pro in this forum. Thanks

  5. #25
    Just burned his ISO
    Join Date
    Apr 2006
    Posts
    3

    Default kismet

    originaly posted by dvh 7:
    I downloaded BT latest version. How can I fire up Kismet? what comand to use in order to fire up Kismet? "I have to learn to walk before I can run "Sorry, I am totally new to this hobbie testing. Looking forware to hear from you all pro in this forum. Thanks
    ...hope I understand you right- try this command:kismet ...use Alt+F2,type kismet,or just use your mouse and take it from the BackTrack-menue -regards,Miki
    [B]arcana publicata vilescunt,et gratiam profanata amittunt;ergo ne margaritas obice porcis,seu asino substerne rosas[/B]

  6. #26
    Just burned his ISO
    Join Date
    Jun 2006
    Posts
    4

    Default Kismet!!!

    Hi Miki,
    Yes, you get what I means. All you have to do is typing kismet by using kismet comand? Íll give it a try once I get home. I'll study little by little. Thanks bro

  7. #27
    Just burned his ISO
    Join Date
    Jun 2006
    Posts
    4

    Angry Kismet!!!

    Quote Originally Posted by Miki@BT
    originaly posted by dvh 7: ...hope I understand you right- try this command:kismet ...use Alt+F2,type kismet,or just use your mouse and take it from the BackTrack-menue -regards,Miki
    I did not see Kismet by using Backtrack Menu. Miki, can you tell me more specific how to get to Kismet. Thanks

  8. #28
    Just burned his ISO
    Join Date
    Apr 2006
    Posts
    3

    Default

    Hi dvh 7,
    ok,if x is successfully started,you can use Alt+F2,then type kismet to start it.Or in the menue,klick the "K"-button on the left,on the top of the appearing menue you will see a yellow ball with a lightning-symbol,klick this to enter the BackTrack-menue,go to "Wireless Tools",there on "Analyzer","Kismet",done. greetz,Miki
    [B]arcana publicata vilescunt,et gratiam profanata amittunt;ergo ne margaritas obice porcis,seu asino substerne rosas[/B]

  9. #29
    Just burned his ISO
    Join Date
    Jun 2006
    Posts
    2

    Default

    I also have a problem:
    I am now running aircrack got 1811000 (and increasing),tested over 200 milion keys in 1 hour 40 min. and still nog key found

    - aireplay works
    - used correct encryption (wep 128 bit)
    - wireless card d-link dwl-g650 (atheros)

    does somebody know what could be wrong?

  10. #30
    Just burned his ISO
    Join Date
    Jun 2006
    Posts
    4

    Default

    Quote Originally Posted by Miki@BT
    Hi dvh 7,
    ok,if x is successfully started,you can use Alt+F2,then type kismet to start it.Or in the menue,klick the "K"-button on the left,on the top of the appearing menue you will see a yellow ball with a lightning-symbol,klick this to enter the BackTrack-menue,go to "Wireless Tools",there on "Analyzer","Kismet",done. greetz,Miki
    Thanks very much Miki, I got it. Have a nice weekend.

Page 3 of 16 FirstFirst 1234513 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •