Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: PTW attack and IVs

  1. #1
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    23

    Default PTW attack and IVs

    I've been trying out the new PTW attack and so far have had very good success - cracking 128-bit with as little as 45,000 keys.

    Yesterday though I encountered an key that would not be cracked with as many as 550,000 IVs. I finally gave up, remembering that PTW had claims such as 99% success at something like 150,000 IVs.

    Today I tried that same AP again, generating new IVs and appending them to my original cap and loading up aircrack again. Same problem, I got up to about 800,000 IVs and nothing was happening. Then, I ran aircrack-ng again on Just the IVs I had gathered today instead of including the 550,000 from the other day, and boom, instant crack.

    What could it be about those original IVs that prevent PTW from cracking the key when included with the new ones?

  2. #2
    Senior Member PrairieFire's Avatar
    Join Date
    Apr 2007
    Posts
    705

    Default

    Quote Originally Posted by heyaz View Post
    I've been trying out the new PTW attack and so far have had very good success - cracking 128-bit with as little as 45,000 keys.

    Yesterday though I encountered an key that would not be cracked with as many as 550,000 IVs. I finally gave up, remembering that PTW had claims such as 99% success at something like 150,000 IVs.

    Today I tried that same AP again, generating new IVs and appending them to my original cap and loading up aircrack again. Same problem, I got up to about 800,000 IVs and nothing was happening. Then, I ran aircrack-ng again on Just the IVs I had gathered today instead of including the 550,000 from the other day, and boom, instant crack.

    What could it be about those original IVs that prevent PTW from cracking the key when included with the new ones?
    Copy paste the exact commands you are using.
    Μολὼν λαβέ - Great spirits encounter heavy opposition from mediocre minds.

  3. #3
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Another thing you need to mention is what version of Aircrack you are using.

  4. #4
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    23

    Default

    Sure.

    I am using the dev version of aircrack-ng 1.0.dev.svn.653 that I downloaded here: slax.org/modules.php?id=1015
    Converted it to an LZM and loaded into backtrack using uselivemod

    Capturing and injection went something like the following:
    Code:
    airodump-ng -w foo --bssid xx:xx:xx:xx:xx:xx --channel x ath0
    
    aireplay-ng -3 -b xx:xx:xx:xx:xx:xx -h xx:xx:xx:xx:xx:xx ath0
    Originally ran aircrack with both cap files (the one from the other and the one I was currently gathering)

    Code:
    aircrack-ng foo*cap
    No luck, then used it with just the latest cap, and it cracked instantly:

    Code:
    aircrack-ng foo-x-x-x.cap

  5. #5
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Quote Originally Posted by heyaz View Post
    Sure.

    I am using the dev version of aircrack-ng 1.0.dev.svn.653 that I downloaded here: slax.org/modules.php?id=1015
    Converted it to an LZM and loaded into backtrack using uselivemod

    Capturing and injection went something like the following:
    Code:
    airodump-ng -w foo --bssid xx:xx:xx:xx:xx:xx --channel x ath0
    
    aireplay-ng -3 -b xx:xx:xx:xx:xx:xx -h xx:xx:xx:xx:xx:xx ath0
    Originally ran aircrack with both cap files (the one from the other and the one I was currently gathering)

    Code:
    aircrack-ng foo*cap
    No luck, then used it with just the latest cap, and it cracked instantly:

    Code:
    aircrack-ng foo-x-x-x.cap
    Well if your commands only went something like that then you are only going to get something like the results you are looking for. I know that it takes more commands than that.

    I don't understand why you would go that route to install either.

  6. #6
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    23

    Default

    Quote Originally Posted by balding_parrot View Post
    Well if your commands only went something like that then you are only going to get something like the results you are looking for. I know that it takes more commands than that.

    I don't understand why you would go that route to install either.
    Because I didn't install it, I'm running the live cd. One command to use the dev version seemed easier enough to me.

    I'm really not sure what you are trying to tell me? What other information should I provide. It really didn't take many more commands than that. I had the bssid of the AP and the MAC of a client written down already. I used Kismet to find them earlier in the week. Other than that, not much else to the attack. Inject traffic, capture it with airodump, crack it. I'm just confused as to why ptw seemed throw off by those other IVs, almost as if they were misleading it

  7. #7
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    You are asking us our opinion on why something is happening.

    If you only give us half of the information, you can only expect to get an assumption.

    The point about the aircrack module stuff is that you have used as many commands, and the same amount of time, to get it from someone you don't know that has done it correctly, when you could have made it yourself, and know that it was done right.
    In essence you are using an untrusted source, and a non recommended method, when diagnosing a possible problem.

  8. #8
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    23

    Default

    A simple "I don't know why that's happening" would have sufficed, rather than criticizing the way I chose to install aircrack and going off on a tangent.

  9. #9
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Quote Originally Posted by heyaz View Post
    A simple "I don't know why that's happening" would have sufficed, rather than criticizing the way I chose to install aircrack and going off on a tangent.
    No criticism there at all, except that you are not giving anyone anything to have a chance at seeing if there is a problem with what you did or not.

    There are plenty of possible answers, but without information, they would only be speculation.

    Or would you prefer me to say to work it out for yourself.

  10. #10
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    23

    Default

    I gave you all the commands I ran, the exact version of aircrack I was running... you didn't ask specifically for anything else, just kept telling me how I'm not giving enough information.

    what else is needed to diagnose the problem? It's on a toshiba p105-9722 laptop with a ubiquiti src card running backtrack 2 final as a live cd... I don't know what else I could provide..

    only difference between what I posted and what I actually did was specifics about the client that I"m not going to post on the forum (like the real mac addresses and file prefixes), but those should be irrelevant.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •