Page 24 of 25 FirstFirst ... 1422232425 LastLast
Results 231 to 240 of 247

Thread: -=Xploitz=- VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"

  1. #231
    Just burned his ISO
    Join Date
    Aug 2008
    Posts
    1

    Default

    Would just like to give a big thanks to Xploitz, B_P & Purehate for the video tutorials and contributions.

    With some help from google along the way I have managed to follow all your tutorials and I am a complete Linux noob (only just got the eee which is what ive been playing on ).

    One thing that stumped me for a minute was creating the database, before realising I needed the "--" before each command. I found airolib did not recognise the "init" command even with the "--init", but jumping to the next step and importing the ssidlist.txt, airodump automatically assumes you wanted to create a new DB to put it in and thus created it.

    I also found it didn't like the "ascii" you would state after the "--import" command. Neglecting to include "ascii" seemed to resolve this.

    I am presuming these problems have arose as the software has advanced some since the date this video was created.

    Im inspired to learn more thanks to you people and I have gone and bought some heavy reading .

    A couple of questions I have though:
    - Once you have the WPA handshake saved you no longer have to be connected to the AP? So I could thus save this file and compile the DB on a more powerful PC elsewhere - My eee is a little restrained in that department.
    - Is there a way to roughly approximate the size of the DB knowing how many SSID's are being used and the size of the original wordlist? E.g If i only had 1 SSID and a 1MB word dictionary, what would the size of the batched db be?

  2. #232
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by O-Jay View Post
    A couple of questions I have though:
    - Once you have the WPA handshake saved you no longer have to be connected to the AP? So I could thus save this file and compile the DB on a more powerful PC elsewhere - My eee is a little restrained in that department.
    Correct.
    Quote Originally Posted by O-Jay View Post
    - Is there a way to roughly approximate the size of the DB knowing how many SSID's are being used and the size of the original wordlist? E.g If i only had 1 SSID and a 1MB word dictionary, what would the size of the batched db be?
    For each specified ESSID there will be computed a hash for each word present in the wordlist. Using only one ESSID the size of the database will not be much bigger, but for each added ESSID it will double in size. Using three ESSIDs instead of one would therefore result in a three times larger database.
    -Monkeys are like nature's humans.

  3. #233
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    20

    Talking Airolib

    My BT3F is installed in Vmware 6.5 (latest version), with fresh installation, i download every single software that is needed for wireless cracking with WUSB54GC :

    1. rt73-k2wrlz-3.0.1.tar.bz2
    2. kernel.lzm
    3. wpa_supplicant-0.5.10.tar.gz
    4. cowpatty-4.3.rar
    5. sqlite-3.4.0.lzm (i know this is not the latest version)
    6. wordlists-20031009.zip (for my dictionary)
    7. aircrack-ng-1.0-rc1.tar.gz

    All these files is on /root.

    How do i start?
    Open konsole,
    bt ~ # tar -xvjf rt73-k2wrlz-3.0.1.tar.bz2
    bt ~ # lzm2dir kernel.lzm /
    bt ~ # cd rt73-k2wrlz-3.0.1/Module
    bt Module # make
    bt Module # make install

    Then i plug-in the WUSB54GC, on the same konsole, cont.,
    bt Module # cd
    bt ~ # ifconfig -a

    Yes, i saw rausb0 is connected, cont.,
    bt ~ # modprobe rt73

    Now, i try to get WPA Handshake, cont.,
    bt ~ # ifconfig rausb0 up
    bt ~ # iwconfig rausb0 mode monitor rate 1M
    bt ~ # iwconfig

    Yes, i saw rausb0 with bit rate=1Mb/s, cont.,
    bt ~ # iwpriv forceprism 1
    forceprism no private ioctls
    bt ~ # iwpriv rausb0 forceprism 1
    bt ~ # iwpriv rausb0 rfmontx 1
    bt ~ # airodump-ng rausb0

    Thats odd, i got WPA handshake straight away without hv to do aireplay-ng 0 -5 -a xx:xx:xx:xx:xx:xx rausb0, then CTRL+C, cont.,

    On new konsole,
    bt ~ # airodump-ng -c 11 -w /tmp/dmp rausb0

    Again, i got WPA handshake without the help with aireplay-ng 0 -5 -a xx:xx:xx:xx:xx:xx rausb0, so i press CTRL+C, cont.,
    bt ~ # aircrack-ng -w mangled.lst -b xx:xx:xx:xx:xx:xx /tmp/dmp-01.cap

    Output,

    Aircrack-ng 1.0 rc1 r1085

    [00:04:57] 44.. keys tested (146.53k/s)
    Current passphrase: ....
    Master Key...so on..

    Ok, i got it running smoothly, CTRL+C then, question part...
    1. I dont even install wpa_supplicant-0.5.10.tar.gz but i got the handshake, why?
    2. I dont even do aireplay-ng 0 -5 -a xx:xx:xx:xx:xx:xx rausb0 but i got the handshake, why?

    So i cont, on new konsole,
    bt ~ # lzm2dir sqlite-3.4.0.lzm /
    bt ~ # tar -xzvf aircrack-ng-1.0-rc1.tar.gz
    bt ~ # cd aircrack-ng-1.0-rc1
    bt aircrack-ng-1.0-rc1 # gmake SQLITE=true
    bt aircrack-ng-1.0-rc1 # gmake SQLITE=true install
    bt aircrack-ng-1.0-rc1 # aircrack-ng

    Yes, i saw options -r <DB>, cont.,
    bt aircrack-ng-1.0-rc1 # cd
    bt ~ # airolib-ng testdb init

    Up until here, it happen this way, output,

    Airolib-ng 1.0 rc1 - (C) 2007 ebfe

    Usage: airolib-ng <database> <operation> [option]

    Operation:
    --stats : bla blaa
    --sql <sql> : bla blaa
    ...so on to all kind operation she has.

    bt ~ #

    I did not see any testdb file on my /root, why?

  4. #234
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    20

    Unhappy Cont. Airolib-ng

    Hello everyone,
    As for yesterday post, i got something weird going on here, but i need ur suggestion on this, I got WPA handshake, and now i try to use Airolib-ng with Aircrack-ng.

    bt ~ # airolib-ng testdb -init
    Database <testdb> does not already exist, creating it...
    Database <testdb> sucessfully created

    ***If u put,
    airolib-ng testdb init
    Output; -blank-

    airolib-ng testdb --init
    Output; airolib-ng: unrecognized option `--init'

    Cont.,

    bt ~ # airolib-ng testdb --import essid /root/ssidlist
    Reading file...
    Writing...
    Done.

    ***If u put,
    airolib-ng testdb import ascii essid ssidlist.txt
    airolib-ng testdb import ascii essid /root/ssidlist.txt
    airolib-ng testdb import essid ssidlist.txt
    airolib-ng testdb --import ascii essid ssidlist.txt
    airolib-ng testdb --import essid ssidlist.txt
    airolib-ng testdb --import essid /root/ssidlist.txt
    Output ; Could not open file/stream for reading.

    Cont.,

    bt ~ # airolib-ng testdb --import passwd /root/mangled.lst
    3Reading file...
    Writing...ines read, 7028658 invalid lines ignored.
    Done.

    bt ~ # airolib-ng testdb --clean all
    Deleting invalid ESSIDs and password...
    Deleting unreferenced PMKs...
    Analysing index structure...
    Vacuum-cleaning the database. This could take a while...
    SQL error, disk I/O error <-------------------------------omg omg omg
    Checking database integrity...
    intergrity_check

    I wait for 6 hours but no change even after i get home from class...so CTRL+C, anyway, cont. to next step,

    bt ~ # airolib-ng testdb --verify all
    Checking all PMKs. This could take a while...
    ESSID PASSWORD PMK_DB CORRECT

    bt ~ # aircrack-ng -r testdb /tmp/dmp-01.cap
    Opening /tmp/dmp-01.cap
    Read 3772 packets.

    # BSSID ESSID Encryption
    1 xx:xx:xx:xx: home WPA (1 handshake)

    Choosing first network as target.
    Opening /tmp/dmp-01.cap

    Aircrack-ng 1.0 rc1

    Quitting aircrack-ng...

    bt ~ #

    Nothing happen here, not even calculating...
    This might look a bit different compared to Xploitz video, as for now i assume this is a matter of program version or something else. Oh ya, i forgot the airolib-ng testdb --batch...^_^...but this does not change the main question, what happen on "SQL error, disk I/O error"? BTW, i appreciate if someone could help on this...

    Others, how much packet i have to capture for WPA cracking to be effective ?

    p/s : Hey Xploitz, nice and productive video u got, i'll try to adapt it to any ver. of aircrack or airolib. Thx alot man...

  5. #235
    Member
    Join Date
    Sep 2008
    Posts
    306

    Default

    Others, how much packet i have to capture for WPA cracking to be effective ?
    All you need is the complete 4-way Handshake. That can be within the first 10 packets, or in the 324567589 packet.

    "SQL error, disk I/O error"
    Make a smaller database (ssidlist , paswdlist) and make sure you only have one word per line and there are no escape chars , or a "." or ",".
    Try again and response your result.

    Sidenote: Please do not show all commands that do not run...even when the syntax is false.
    Be sensitive in choosing where you ask your question. You are likely to be ignored, or written off as a loser, if you:

    * post your question to a forum where it's off topic
    * post a very elementary question to a forum where advanced technical questions are expected, or vice-versa
    * cross-post to too many different newsgroups
    * post a personal e-mail to somebody who is neither an acquaintance of yours nor personally responsible for solving your problem

  6. #236
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    2

    Default

    Could Someone pls post the command for removing essid's from the DataBase i have been searching for hours.

    thanks

  7. #237
    Just burned his ISO TeK_KeN's Avatar
    Join Date
    Oct 2008
    Posts
    7

    Default

    *edit*

    post wrong section.
    sorry.

  8. #238
    Good friend of the forums
    Join Date
    Feb 2010
    Posts
    328

  9. #239
    Member
    Join Date
    May 2007
    Posts
    53

    Default is the clean/verify stage necessary?

    Having now "pw-inspector-ed" my wordlist into a slightly smaller list of valid 8-63 char words... i would like to know if the "airolib-ng <dbname> --clean all" stage is really necessary.

    Whenever I try it, i am frustrated by an SQL I/O Error, that crashes the process; causing me to start again.

    So my question is... do i HAVE to perform the 'clean all' and/or 'verify' stage? or is it not a mandatory step in the process.

    Thanks

    **Edit: Also, does anyone have any calculations/ratios for the 'salted' database? e.g. if i have a 5GB wordlist, and i salt that against TWO ssids... is it simply a case of 5GB * 2 ssids = 10GB hashtable? (roughly). I ran out of hard disk space on my last BT4 installation when i tried to salt/manipulate a WPA hashtable. **


    **Second Edit: This is not made clear in other posts, and it is something that caused me confusion before i reliased what is going on.
    at the penultimate step you must use the command airolib-ng testdb --batch to begine the computation of all your PMKs. In this part you can see
    Computed 500000 PMK in 3140 seconds (159 PMK/s, 15000 in buffer)

    Eventually this will reach "0 in buffer". And you could be forgiven for thinking it had finished. however the process has NOT COMPLETED. After a few more seconds, the Number of PMKs in the buffer will go back UP to 250000, and the buffer will begin counting down again.

    You must wait for it to complete its total computation, not just the first batch of 250000. If you can;t wait that long, you could try reading the tutorial on the use of Pyrit and CUDA and GPU processing power. http://forums.remote-exploit.org/showthread.php?t=20095

  10. #240
    Just burned his ISO
    Join Date
    Apr 2009
    Posts
    17

    Default

    in the batch process :"using dictionary 40 MB !!!"

    i open two konsole

    1st knsole type the command of the batch and wait for time "5 to 10 minutes" and give me :
    ===========================================
    root@bt:~# airolib-ng crack.db --batch
    Computed 75000 PMK in 350 seconds (214 PMK/s, 175000 in buffer)
    ===========================================



    2nd konsole : i type the command of the status but found that

    ===============================================
    There are 2 ESSIDs and 1192087 passwords in the database. 2 out of 2384174 possible combinations have been computed (8.38865e-05%).

    ESSID Priority Done
    XX 64 0.0
    XXXX 64 0.0

    ================================================== =
    the process is very slow "
    And my laptop is high performance !!
    the compute process took alot of time in small dictionary so what can i do whn use your 3 GB dictionares in your thread !!!
    [CENTER][COLOR="Red"] :: iF YOu hAvE nO iDeA aBoUt mE, pReSS F1 fOr hElP :D :: [/COLOR][/CENTER]

Page 24 of 25 FirstFirst ... 1422232425 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •