Page 11 of 66 FirstFirst ... 9101112132161 ... LastLast
Results 101 to 110 of 651

Thread: -=Xploitz=- VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"

  1. #101
    Junior Member
    Join Date
    Aug 2007
    Posts
    27

    Default

    Quote Originally Posted by -=Xploitz=- View Post
    Then if the -3 attack still doesn't work...look at my other vidoe tutorial....and remember not every ROUTER/Ap responds to the -3 attack right off the bat. Could take 1 second up to and over an hour.
    [/URL]
    I've tried everything as you said and also tried your Chopchop Attack Tutorial. Chopchop also doesn't even send any packets.

    Here is what I noticed: I get a "your interface ath0 is channel hopping" message when doing the aireplay-ng -1 0 attack. I also noticed that after a while, I no longer see any AP showing up.

    On a side note: what is one supposed to do when instead of the router's name, all I get is <length:10> or something? That only happens when I don't broadcast the SSID. Since I know my router's name, this isn't any problem, but how would one solve this in the real field?

    thank you

  2. #102
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    You are getting the length mess. because the essid is being stealthed in some way. Keep airodumping or deauth a connected client and that should do the trick.

    You should lock your card on the specific channel "ifconfig -c 1 ath0"

    And futher more there is another attack called the frag attack it is th -5 option in aireplay.

  3. #103
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    yep surely for decloak hidden essid there's is mdk2 on bt2

    cd /pentest/wireless/mdk2-v31/

    mdk2

    p - Basic probing and ESSID Bruteforce mode
    Probes AP and check for answer, useful for checking if SSID has
    been correctly decloaked or if AP is in your adaptors sending range
    Use -f and -t option to enable SSID Bruteforcing.
    OPTIONS:
    -e <ssid>
    Tell mdk2 which SSID to probe for
    -f <filename>
    Read lines from file for bruteforcing hidden SSIDs
    -t <bssid>
    Set MAC adress of target AP
    -s <pps>
    Set speed (Default: unlimited, in Bruteforce mode: 300)
    -b <character set>
    Use full Bruteforce mode (recommended for short SSIDs only!)
    Use this switch only to show its help screen.


    and if it's your router , you must know the essid .....

    BTW, if you need essid for auth, you can just remove the -e switch ....
    i never use it now .....
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  4. #104
    Junior Member
    Join Date
    Aug 2007
    Posts
    27

    Unhappy

    the problem with channel jumping is solved now...I didn't close that survey window. Anyway, I'm getting the same messages like in the video up until this command:

    aireplay-ng -3 -b [AP] -h 00:11:22:33:44:55 ath0
    it just sends packets forever but the ARP stays at 0.

    I've also tried attack -4 and it just reads packets (several thousand) and that's it. According to the bt2 wiki, my wireless card supports all attack modes. I've got a Netgear WPN511 Range Max.

    Any help would be greatly appreciated.

    thank you

  5. #105
    Just burned his ISO
    Join Date
    Apr 2006
    Posts
    5

    Default

    Quote Originally Posted by -=Xploitz=- View Post
    Your aireplay command line appears correct..but might want to add the -e <essid> in your aireplay command line. What is your card / chipset? If it the one that came with your laptop...chances are its a broadcom..and their sketchy at best. Your better off buying a widely supported card or USB. See the aircrack-ng main site for a good compatibility list. Also..are you using..

    airmon-ng stop eth1
    airmon-ng start eth1 6

    Where 6 is the channel your ap is on??? And using the -c 6 and the --bssid <xx:xx:xx:xx:xx:xx> option in airodump-ng command line? The -c 6 means channel 6, and the --bssid will be --bssid <AP MAC address> This will help keep you from channel hopping and focusing on your AP.

    BTW...your running the full
    airodump -c 6 -w capture --bssid xx:xx:xx:xx:xx:xx eth1

    BEFORE you run
    aireplay-ng -1 0 -e Networksname -a apsMAC -h YOUR CARDSMAC eth1
    right???
    Hi,

    ok thanks for your quick reply.

    It took some time for myself.
    I need to check the advices you gave me some time.

    Thanks,

    Brisch

  6. #106
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    tom73...

    just for shits and kicks..and maybe a little help..go ahead and add the -e <essid> option on your attacks..never know, it might just do the trick. Channel hopping is solved via..

    airmon-ng stop <device>
    airmon-ng start 6

    where 6 is the channel of the AP is on

    also airodump-ng -c 6 -w capture --bssid <APMAC> <device>

    Hope this get you started.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  7. #107
    Junior Member
    Join Date
    Aug 2007
    Posts
    27

    Exclamation

    Quote Originally Posted by -=Xploitz=- View Post
    just for shits and kicks..and maybe a little help..go ahead and add the -e <essid> option on your attacks..
    I was always required to use that. But I still don't get the ARP requests.

    In addition, I've also tried the following:
    • installed 0.9.1 release (latest stable), to eliminate the chance of messing up on the SQL module (it's not required in that release)
    • Always added the -e switch
    • uncloaked my router's SSID
    • skipped the fake mac address step and used my real one instead
    • re-authenticated my mac address several times (was always successful and was then listed as a client connected to my router)

    Are you guys sure that my NetGear WPN511 is fully compatible?

    Also, the funny thing is that I cannot connect to my WEP network from BT2.
    I've tried all possible settings. It works fine in Windows though.

    Is there a limitation on how many characters a SSID can have?
    Underscores are supported, right?

    I don't know what else to try. I just don't get the ARP requests to work.

    Any help would be highly appreciated.
    thank you

  8. #108

    Default

    What's your router's SSID? I might be able to help you. (I had a probelm 'cause it was 2 words)

  9. #109
    Junior Member
    Join Date
    Aug 2007
    Posts
    27

    Default

    Quote Originally Posted by Munkey106 View Post
    What's your router's SSID? I might be able to help you. (I had a probelm 'cause it was 2 words)
    it's called my_router

  10. #110

    Default

    when you do the -e, put it in quotes:

    -e "my_router"

    see if that works

Page 11 of 66 FirstFirst ... 9101112132161 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •