Page 3 of 12 FirstFirst 12345 ... LastLast
Results 21 to 30 of 111

Thread: -=Xploitz=- VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"

  1. #21
    Just burned his ISO
    Join Date
    Jul 2006
    Posts
    3

    Default

    first of all, thanx for the tuts vid.

    3 questions.
    1. how do I find out if the net uses 64bit wep or 128bit?
    2. is there any pros / cons in this procedure of wep crack from the other tut that you have posted?
    3. is there a list of wireless routers that this attack will work on or does it work on all routers?

    cheers

  2. #22
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by asil-jinn View Post
    first of all, thanx for the tuts vid.

    3 questions.
    1. how do I find out if the net uses 64bit wep or 128bit?
    2. is there any pros / cons in this procedure of wep crack from the other tut that you have posted?
    3. is there a list of wireless routers that this attack will work on or does it work on all routers?

    cheers

    Answer to q 1.

    Its your encryption...you should know. But if your pentesting and you forgot to ask or your employer didn't tell you...you still won't know until you crack it. Start with the -n 64 option in aircrack-ng if you get nothing...just leave off the -n option and it will default to 128 bit. Get around 50,000 Ivs (Data Packets)

    Answer to q 2.

    Its more reliable and much quicker if your router doesn't like the ARP Request (-3 attack). Plus it will give you IP addresses

    Answer to question 3.

    It works on most. You'll have to experiment with the -5 (Fragmentation Attack)...-4 (Korek chopchop Attack)..and the -3 (Arp Request Attack)....to get the one that works best with the AP your dealing with. 1 of the 3 (usually the -4) will work. I haven't come across an AP yet that has WEP that I couldn't crack.


    BTW..get the latest developmental version of aircrack-ng suite if you want answer 1 to work well.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  3. #23
    Junior Member
    Join Date
    Jul 2007
    Posts
    66

    Default

    hello Xploitz,

    I'm using the chopchop method, but sometimes it works but when I do the same steps and some times it doesn't work.

    in step 4,
    bt ~ # aireplay-ng -4 -h `cat DM` -b `cat AP` eth1
    open(/dev/rtc) failed: Device or resource busy what does this error say, how can I solve this problem ?

    regards durana

  4. #24
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by durana View Post
    hello Xploitz,

    I'm using the chopchop method, but sometimes it works but when I do the same steps and some times it doesn't work.

    in step 4,
    bt ~ # aireplay-ng -4 -h `cat DM` -b `cat AP` eth1
    open(/dev/rtc) failed: Device or resource busy what does this error say, how can I solve this problem ?

    regards durana
    Ok..maybe I'm a little slow on this..but wtf does `cat DM` and `cat AP` mean??

    Do aireplay-ng -4 -h <CARDS AP> -b <AP MAC> eth1

    What card and chipset are you using??
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  5. #25
    Junior Member
    Join Date
    Jul 2007
    Posts
    66

    Default

    sorrie Xploitz,

    Becourse I'm not so good in linux,
    The reason I use `cat DM` is so that I can't make a fault in typing the MAC adres. DM is a file with my mac adres as content.

    I tried this with my rt61 onbourd chip and a Belkin Wireless PCMCIA Adapter (F5D7011df, 125Mbps) with bcm4318 chipset. Strange chipset i thought that this one should work, read this at the backtrack site.

    Is there a possibility to reload or restart the WLAN ?

  6. #26
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Have you tried doing it without the cat DM etc, and following it as it was written. I expect that this is half of your problem.

    The other half of your problem is that you really should not expect any success with a broadcom chipset.

  7. #27
    Junior Member
    Join Date
    Jul 2007
    Posts
    66

    Default

    Balding,

    yes I tried this also without de cat DM etc, with directly de mac adresses. but the same issue.
    When I reboot then I it is working again, ...injection is working perfectly, assosiation step 2 is also working but not when I do step 4 or 5 with the -4 attack, there is no assosiation, i don't see at the airodum my 00:11:22:33:44:55 client connecting and increasing the data, both my PCMCIA BCM4318 and also with onboard rt61 chipset....

    very very strange.....

    What about restarting WLAN without rebooting, is that possible.
    When I do /etc/init.d/wlan restart, I get some errors at line 77, and when I check the iwconfig it is then still the same status as before the command.

    Do you have an other method to reload/restart to default wlan settings ?

    regards Durana

  8. #28
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Well looking on the wiki, two cards are mentioned as having the RT61 chipset.
    The first says that injection is not supported, the second mentions needing to modprobe. And a search of the forum shows many people have problems with that chipset.
    We know that the broadcom card is unlikely to work with any success.

    So it sounds like you need to get a fully supported card.

    As for the commands to configure your card, look here.

  9. #29
    Junior Member
    Join Date
    Jul 2007
    Posts
    66

    Default

    ok ok,

    I bought the wrong pmcia card, Now I have to spent money again for an other card. This time I will buy an usb version...

    Is rebooting the only possiblity to reload/restard the wireless settings ?



    Thanks for your help/advise...

  10. #30
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by durana View Post
    ok ok,

    I bought the wrong pmcia card, Now I have to spent money again for an other card. This time I will buy an usb version...


    if you buy a USB,....better get the alfa 500Mw

    If you don't get a USB..make sure the card your planning on buying is supported like balding_parrot said.

    Go here to get the current supported cards and chipsets...

    http://aircrack-ng.org/doku.php?id=compatibility_drivers
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

Page 3 of 12 FirstFirst 12345 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •