Page 5 of 12 FirstFirst ... 34567 ... LastLast
Results 41 to 50 of 111

Thread: -=Xploitz=- VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"

  1. #41
    Just burned his ISO
    Join Date
    Oct 2006
    Posts
    20

    Default

    Quote Originally Posted by shamanvirtuel View Post
    instead of using a fake mac, you will need to use the mac of an authorized client because it seems mac filtering is enabled....
    If mac filtering is enabled, is it possible to get a mac of an authorised client? Or is the only way to wait out until a valid client connects to the router?

  2. #42
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by Celyst View Post
    If mac filtering is enabled, is it possible to get a mac of an authorised client? Or is the only way to wait out until a valid client connects to the router?
    Well of course it is!! Don't you have the NIC thats on the allowed list? Just pop it in and presto!..instant access. Or..if you "lost" your card..you could always go into your routers settings and remove the "lost" cards MAC address and put your other cards MAC in the filter list.

    -or-

    you wait ..like you said.

    Hope this helps.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  3. #43
    Just burned his ISO
    Join Date
    Oct 2006
    Posts
    20

    Default

    Well getting the mac from the allowed list is cheating! So I guess the only way is to wait for an authorised client to connect. Mac filtering looks like quite an obstacle then.

  4. #44
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    19

    Default

    I've "read" close to 10,000 packets and there was only one time it asked if I wanted to "use [that] packet". And when I did use that packet it did the same as this:

    Quote Originally Posted by zafari2001 View Post
    Hi everybody!
    I'm a nubi here.
    I have tried KOREK CHOPCHOP on my router but got error message. Here what I did from beggining:

    BT~# airmon-ng stop ath0
    BT~# ifconfig wifi0 down
    BT~# macchanger --mac 00:11:22:33:44:55 wifi0
    BT~# airmon-ng start wifi0

    BT~# airodump-ng ath0

    BT~# airodump-ng -c 6 -w capture --bssid AP MAC ath0
    BT~# aireplay-ng -1 0 -e MY_AP_NAME -a AP MAC -h 00:11:22:33:44:55 ath0
    BT~# aireplay-ng -4 -h 00:11:22:33:44:55 -b AP MAC ath0


    and after this line I've got this message:

    Failure: got several deauthentication packets from the AP - try running
    another aireplay-ng with attack "-1" (fake open-system authentication).


    What does it mean?

    I'm using 300mW Ubiquiti PCMCIA. My AP has a WEP encryption.
    This is my AP so I know there is no mac filtering; are there any other options?

    I am using a Hawking HWUG1 with a Ralink chipset and rt73 drivers. The arp replay works great. Does anyone know if this card works with the chop-chop attack? I have heard that the fragmentation isn't supported yet...

  5. #45
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by Celyst View Post
    Mac filtering looks like quite an obstacle then.
    No, its just a waiting game. Once the person is connected, write down the mac..then use macchanger --mac XX:XX:XX:XX:XX:XX ath0 to match the allowed mac. Now, you can continue with the cracking process.

    Quote Originally Posted by sidebottom View Post
    I've "read" close to 10,000 packets and there was only one time it asked if I wanted to "use [that] packet". And when I did use that packet it did the same as this:



    This is my AP so I know there is no mac filtering; are there any other options?

    I am using a Hawking HWUG1 with a Ralink chipset and rt73 drivers. The arp replay works great. Does anyone know if this card works with the chop-chop attack? I have heard that the fragmentation isn't supported yet...
    During that long session of reading 10,000 packets, its possible that you weren't authenticated with the AP anymore. Try to re-associate/re-authenticate with the AP again with ..

    aireplay-ng -1 0 -e ESSID -a APMAC -h yourcardsmac ath0

    then run your -4 attack.
    Hope this fixes your problem.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  6. #46
    Just burned his ISO
    Join Date
    Oct 2006
    Posts
    20

    Default

    Quote Originally Posted by -=Xploitz=- View Post
    No, its just a waiting game. Once the person is connected, write down the mac..then use macchanger --mac XX:XX:XX:XX:XX:XX ath0 to match the allowed mac. Now, you can continue with the cracking process.
    Yep, but you won't know how long before a client logs on to the network... theoretically you could be waiting for days . But just to check, once I got an allowed mac, can I just use macchanger and continue, or do I need to deauth the authorised client? Will there be a mac conflict?

  7. #47
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Quote Originally Posted by Celyst View Post
    Yep, but you won't know how long before a client logs on to the network... theoretically you could be waiting for days . But just to check, once I got an allowed mac, can I just use macchanger and continue, or do I need to deauth the authorised client? Will there be a mac conflict?
    You will know exactly how long you will have to wait, as this is your network.

  8. #48
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by Celyst View Post
    But justto check, once I got an allowed mac, can I just use macchanger and continue, or do I need to deauth the authorised client? Will there be a mac conflict?
    Just use macchanger. Then reassociate/re-authenticate. Then continue with your -4 attack.


    I'm assuming this is your network, or you have permission, therefore I will end this post with this helpful information.

    I've never came across the problem of mac conflicts, as I wait till the person is not connected to the AP. Be smart...and avoid potential problems. I'm not saying that it will cause problems, but to be sure there aren't any..just wait till they get off, or deauth them if your that impatient...but I don't suggest you deauth, cause the "client" will re-associate with the AP and be back on and it will look funny that 2 clients are online at the same time with the same MAC addy don't you think???

    Quote Originally Posted by balding_parrot View Post
    You will know exactly how long you will have to wait, as this is your network.
    I agree. (Unless of course hes been hired to pen test this network.)
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  9. #49
    Just burned his ISO
    Join Date
    Oct 2006
    Posts
    20

    Default

    Quote Originally Posted by balding_parrot View Post
    You will know exactly how long you will have to wait, as this is your network.
    Lol that's why I said theoretically . Well my question is answered, many thanks guys!

  10. #50
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    7

    Default

    Excellent tutorial Xploitz m8... managed to crack my WEP 1st time.. after trying umpteenth time with other methods... also clearly understood the commands and their meaning. Thanx a bundle m8.. learnd a lo

Page 5 of 12 FirstFirst ... 34567 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •