Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: A few questions about BT2...

  1. #1
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    3

    Default A few questions about BT2...

    Hello all, I am new to the forums. I am also relatively new to Linux and BT2. I have been messing around with cracking my 64 and 128 bit WEP keys, and I have run into a few things I cant quite figure out.

    1. On one router I was able to use aireplay to send a fake auth and then start injecting packets and recieving ARP requests. All was fine until I had received around 150000 packets. Then I noticed a dramatic slowdown in the speed I was receiving new packets, so much that after an hour I had only gotten 168000. Any idea why this would be as it seems that would not be enough for me to crack 128bit wep...

    2. When I attempt to crack 128bit wep using the above packetfile, using this command: " aircrack-ng -n 128 -b 00:00:00:00:00 capturefile.cap" it states that the key has been found in a few seconds, yet gives me a 10 digit hex key. Is this simply because it is the most digits it can crack with that few IV's?

    3. On some routers I have been unable to send the fake auth request using "aireplay-ng -1 0 -a 00:00:00:00:00:00 -h 00:11:22:33:44:55 wlan0 -e mynetwork"

    On some it stops on Sending Authorization request and fails after several tries, on others it stops further along. Any reasons here, or are these networks simply not vulnerable to this attack? Are there other attacks that can be used in this case?

    I know I am asking a lot of questions. This is all very new and exciting to me, as I love learning about networks and hope to get into the security field some day. Thank you all in advance for any help you can provide.

  2. #2
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Quote Originally Posted by Ecniv View Post
    Hello all, I am new to the forums. I am also relatively new to Linux and BT2. I have been messing around with cracking my 64 and 128 bit WEP keys, and I have run into a few things I cant quite figure out.

    1. On one router I was able to use aireplay to send a fake auth and then start injecting packets and recieving ARP requests. All was fine until I had received around 150000 packets. Then I noticed a dramatic slowdown in the speed I was receiving new packets, so much that after an hour I had only gotten 168000. Any idea why this would be as it seems that would not be enough for me to crack 128bit wep...

    2. When I attempt to crack 128bit wep using the above packetfile, using this command: " aircrack-ng -n 128 -b 00:00:00:00:00 capturefile.cap" it states that the key has been found in a few seconds, yet gives me a 10 digit hex key. Is this simply because it is the most digits it can crack with that few IV's?

    3. On some routers I have been unable to send the fake auth request using "aireplay-ng -1 0 -a 00:00:00:00:00:00 -h 00:11:22:33:44:55 wlan0 -e mynetwork"

    On some it stops on Sending Authorization request and fails after several tries, on others it stops further along. Any reasons here, or are these networks simply not vulnerable to this attack? Are there other attacks that can be used in this case?

    I know I am asking a lot of questions. This is all very new and exciting to me, as I love learning about networks and hope to get into the security field some day. Thank you all in advance for any help you can provide.
    You have obviously done very little research at all

    You provide us with no information to work with

    what wireless cards are you working with (make, model, chipset)

    what EXACT commands are you using

    You mention that you are doing this against quite a few access points, what are their makes and model numbers, as some can be fussy on commands.

    What version of the aircrack suite are you using as that affects the commands you should use.

    Without at least this basic info, how can anyone help you

  3. #3
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    well

    35000 ivs is enough for 128........
    upate to aircrack 0.9.1 (info on this forum)

    use aircrack-ng -z -b MACADRESSOFROUTER XXXXXXX.cap

    some access point are sketchy

    google that "picky association point"
    you will find another command that may help

    are you on the right channel ?
    have you try lower your rate to 1M ?
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  4. #4
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    3

    Default

    I apologize. As I said I am very new to this and forgot to mention those things.

    I am running all of this from the Backtrack 2 live CD I downloaded today.

    Wireless card is Netgear WG111v2 using rt8187 chipset.

    The Access point that I had the first failure on, for starters is a 2WIRE HN180W

    The commands I listed below are what I used, suffice to say that the all 0's mac is replaced and mynetwork is the SSID of the networks.

  5. #5
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Quote Originally Posted by Ecniv View Post
    I apologize. As I said I am very new to this and forgot to mention those things.

    I am running all of this from the Backtrack 2 live CD I downloaded today.

    Wireless card is Netgear WG111v2 using rt8187 chipset.

    The Access point that I had the first failure on, for starters is a 2WIRE HN180W

    The commands I listed below are what I used, suffice to say that the all 0's mac is replaced and mynetwork is the SSID of the networks.
    OK so that's a start

    What were the other Access points/ Routers

    And you didn't post any commands

  6. #6
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Definitely do a harddrive install of BT2 Final if possible..then update your entire aircrack suite to the latest developmental version. Also you said you used this command....

    Code:
    3. On some routers I have been unable to send the fake auth request using "aireplay-ng -1 0 -a 00:00:00:00:00:00 -h 00:11:22:33:44:55 wlan0 -e mynetwork"
    As a rule of thumb, the last thing on your command line should ALWAYS be your device..so place your command in this order....

    aireplay-ng -1 0 -e "mynetwork" -a 00:00:00:00:00:00 -h 00:11:22:33:44:55 wlan0
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  7. #7
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    not always exploitz....
    here is the proof that with 1.0, it's useless

    Code:
    aireplay-ng --test rausb0
    Interface rausb0 -> driver: Unknown
    17:29:05  rausb0 channel: 10
    17:29:05  Trying broadcast probe requests...
    17:29:05  Injection is working!
    17:29:06  Found 1 AP
    
    17:29:06  Trying directed probe requests...
    17:29:06  00:1A:6B:04:9E:2F - channel: 10 - 'Livebox-a5a3'
    17:29:08  Ping (min/avg/max): 15.944ms/42.980ms/83.988ms Power: 0.00
    17:29:08   8/30:  26%
    
    bt ~ # aireplay-ng rausb0 --test
    Interface rausb0 -> driver: Unknown
    17:29:25  rausb0 channel: 10
    17:29:25  Trying broadcast probe requests...
    17:29:25  Injection is working!
    17:29:26  Found 1 AP
    
    17:29:26  Trying directed probe requests...
    17:29:26  00:1A:6B:04:9E:2F - channel: 10 - 'Livebox-a5a3'
    17:29:28  Ping (min/avg/max): 19.857ms/49.835ms/99.989ms Power: 0.00
    17:29:28  19/30:  63%
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  8. #8
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    I stand corrected. Thanks Shaman..that just reminds me to update my aircrack from .9.1 to the dev version again.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  9. #9
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    3

    Default Fake Auth successful, still no IVs

    This seems odd to me... I was able to successfully perform a fake auth and associate, then when using the -3 attack to generate IV's it counts up to 10000 read or so, gets its first ARP packet, and the starts sending like crazy.

    But the ARP's dont keep coming. I searched around but cant find anything on this. Any ideas?

    Using a Netgear WG111v2 with the RTL8187 driver, BT2 Live CD, AP is a Netgear stand alone b/g.

  10. #10
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    No need to start a new thread with what is essentially exactly the same question with information missing

    Threads merged.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •