-=Xploitz=- VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"

**StriderZ** · 08-29-2007, 06:30 PM

Great tutorial! Almost everything worked nicely for me, a complete newbie! There are a couple of things I would like to ask you help on though.

1) When I start up the -3 attack, the airodump display stops updating the screen(so it seems) and eventually the BSSID listing for the AP blanks out, showing only the column titles. Is this normal? I usually have to restart the airodump after I initiate the -3 attack to get it to actively display the data coming in.

2) After running -3 attack for 3+ hours, I only got about 1000 iv's (about 20 ARP requests)... Is this a card specific issue? I'm running on an rt73 usb stick for now until my wg511t comes in, so hopefully that'll solve it. *EDIT* Well now i just ran it for about 15 minutes and I already have 500 IV's, which def. isn't a lot but much better, I guess it depends on luck? *EDIT*

Thanks for the great vid again xploitz!

kaaslander · 08-30-2007, 10:14 PM

I think maybe it because your signal is too low.... try to get closer to the ap.
btw...I use rt73 too

....

if this not working try to install the laste cvs driver http://rt2x00.serialmonkey.com/wiki/index.php/Downloads

succes

**shamanvirtuel** · 08-31-2007, 08:53 AM

NO
install ASPJ 1.1.0 driver (not 1.0.0 and not 2.0.0)

this one is the one i use because give the bests results on arp amplification (my max is around 1300 pps), capture handshake well, and have forceprism disabled by default, and injection enabled by default, no iwpriv commands....

**StriderZ** · 08-31-2007, 11:57 AM

Originally Posted by kaaslander

I think maybe it because your signal is too low.... try to get closer to the ap.
btw...I use rt73 too

....

if this not working try to install the laste cvs driver hxxp://rt2x00.serialmonkey.com/wiki/index.php/Downloads

succes

Hmm, I just poked around the forum and wiki about rt73 USB adapters and I just noticed (yes i'm still noobing out)that we're supposed to install special rt73 drivers for it in order to use aireplay and aircrack-ng... Is it weird that mine ran fine (at least with WEP cracking w/ clients) with no changes to the drivers that come with the LiveCD? I didn't even have to perform a deauth to get iv's (though it took me 1 hour to collect enough packets)

O and I was noobing out so much that I used the rt2500 as the source type for kismet :-P It worked fine too...

**SLK001** · 08-31-2007, 11:35 PM

Can you put in your videos the versions of the software that you are using? Also, the driver versions? I have an Atheros chip set in my system and I am using the latest stable release of Aircrack-ng. I also have the latest MADWIFI .9.3.2 driver. However, I have to always enter a BSSID in aireplay-ng, and I don't get any ARPs back. But maybe I'm just not waiting long enough. I feel that if nothing has happened within 5 minutes, nothing is going to. Maybe patience IS a virtue!

**StriderZ** · 09-01-2007, 01:21 AM

Originally Posted by SLK001

Can you put in your videos the versions of the software that you are using? Also, the driver versions? I have an Atheros chip set in my system and I am using the latest stable release of Aircrack-ng. I also have the latest MADWIFI .9.3.2 driver. However, I have to always enter a BSSID in aireplay-ng, and I don't get any ARPs back. But maybe I'm just not waiting long enough. I feel that if nothing has happened within 5 minutes, nothing is going to. Maybe patience IS a virtue!

5 minutes didn't do it for me (took me about 10), try leaving it on for 30 minutes and see if anything happens, or pinging if you can like xploitz suggested.

**-=Xploitz=-** · 09-03-2007, 12:18 AM

I'm fairly sure I was using the latest Developmental version of aircrack-ng suite.....

svn co http://trac.aircrack-ng.org/svn/branch/1.0-dev aircrack-ng
cd aircrack-ng
make
make install

Been a few days since I've been on here at the forums...was everyone questions answered or have you all figured them out yet?

Pinging a non existent IP works the fastest...

ping 111.111.111.111

or just wait...Patience is the essence of growth.

Then again,...so is your luck and timing with the -3 (ARP Request) Attack

**tom73** · 09-03-2007, 06:11 AM

Originally Posted by -=Xploitz=-

Been a few days since I've been on here at the forums...was everyone questions answered or have you all figured them out yet?

I still haven't figured it out. See post: http://forums.remote-exploit.org/sho...&postcount=120 , which is in response to http://forums.remote-exploit.org/sho...&postcount=116

thanks

**-=Xploitz=-** · 09-04-2007, 02:20 AM

Originally Posted by tom73

I still haven't figured it out. See post: http://forums.remote-exploit.org/sho...&postcount=120 , which is in response to http://forums.remote-exploit.org/sho...&postcount=116

thanks

sorry tom73..I've ran out of possibilities for you to try. Unless someone else can help you....you might try the other attacks instead. Not every router responds well to the -3 ARP Request Attack. Have you tried the -4 or -5 attack to see if that helped? I have another video in here on the Korek chopchop -4 attack. You might try to see if you can get them to help ya. Again, I'm sorry, but I seem to have ran out of suggestions for you to try.

**guardianx** · 09-04-2007, 09:27 AM

how do u use airreplay when the essid is turn off on the router end.. because the aireplay in the backtrack final 2 wont work without entering in the -e part.

BackTrack Linux - Penetration Testing Distribution

Thread: -=Xploitz=- VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"

Thread Tools

Search Thread

Display

Posting Permissions