Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: somebody can do it?

  1. #1
    Just burned his ISO
    Join Date
    Apr 2007
    Posts
    9

    Default somebody can do it?

    Hello!

    I have a success on crack ap with or without client connected (thanks toeverybody here!!) but I don't know how to crack an ap with hidden ssid.
    I see kismet found my ap with hidden ssid..but I don't know how to use aircrack and airodump for crack when no ssid...somebody can help?? thx!!

  2. #2
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by xhidex View Post
    Hello!

    I have a success on crack ap with or without client connected (thanks to everybody here!!) but I don't know how to crack an ap with hidden ssid.
    I see kismet found my ap with hidden ssid..but I don't know how to use aircrack and airodump for crack when no ssid...somebody can help?? thx!!
    I think I understand your question..mabey not...but if I do understand then the answer is simple..use kismet to find the name of the hidden network..then type the name of the hidden network in the appropriate field in airodump as in....

    airodump-ng -c 6 -e Xploitz (Xploitz is name of hidden network name) -w (file name here) --ivs --bssid (AP mac addy here) YOUR DEVICE HERE

    and for aircrack-ng use aircrack-ng *.ivs -b (AP MAC HERE) hit enter

    or aircrack-ng *.cap -b (bssid) hit enter

    or if your using aircrack-ptw remeber not to use the --ivs in ariodump-ng and your aircrack-ptw will look like

    aircrack-ptw *.cap or aircrack-ptw (name of saved file).cap
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  3. #3
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    18

    Default

    you can also use a deauth attack (if there are ever clients) to get the network name, it will show up in airodump when the client resends it.

  4. #4
    Just burned his ISO
    Join Date
    May 2007
    Posts
    11

    Default

    let's be clear, is it <NO SSID> or <HIDDEN SSID> .... there is a difference.

  5. #5
    Just burned his ISO
    Join Date
    Apr 2007
    Posts
    9

    Default

    it's writed NO SSID ...what is the difference?

  6. #6
    Just burned his ISO
    Join Date
    Apr 2007
    Posts
    9

    Default

    and also a last question that i still not understand...how to do the fake auth when the network it's a SKA (shared Key Auth) and not Open Auth? thanks!!

  7. #7
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    use ska located in /pentest/wireless/
    with this norm u can do fake auth with shared key............

    like this

    aireplay-ng -4 rausb0

    after saving a packet remember the name of xor file

    ska rausb0 "BSSID" APMAC FAKEMAC file.xor

    wait after a while will say you are auth and will exit

    hope helps
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  8. #8
    Just burned his ISO
    Join Date
    Apr 2007
    Posts
    9

    Default

    Quote Originally Posted by shamanvirtuel View Post
    use ska located in /pentest/wireless/
    with this norm u can do fake auth with shared key............

    like this

    aireplay-ng -4 rausb0

    after saving a packet remember the name of xor file

    ska rausb0 "BSSID" APMAC FAKEMAC file.xor

    wait after a while will say you are auth and will exit

    hope helps
    Hello!!

    So first, thank you so much! now I feel near to can make a fake auth in a ska... but I still have some problems...
    When I use the command "aireplay-ng 4 ath1" he start to capture some packets and save in a .CAP and not in a .XOR file.
    Than, after some minute he ask me if I wanna try to authenticate with this packet.If I say "Yes" he will try something and after fail...if I say "No" he just ask me again with another key or packet...
    however I have tryed to use the cap file like a xor but when I use the command ska auth1 bssid mac fakemac file.cap he give me a error cuz no have the command "ska"

    did u have some ideas? thx!

  9. #9
    Junior Member
    Join Date
    Feb 2007
    Posts
    86

    Default

    Only when chopchop attack succed it will save the xor file
    you should get :
    .....Saving keystream in replay_dec-xxxxx.xor ...
    so keep trying to send various packets

  10. #10
    Just burned his ISO
    Join Date
    Apr 2007
    Posts
    9

    Default

    Quote Originally Posted by rumburak514 View Post
    Only when chopchop attack succed it will save the xor file
    you should get :
    .....Saving keystream in replay_dec-xxxxx.xor ...
    so keep trying to send various packets
    how can I do it? ...can you be more clear? thanks!

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •