Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: merging mac adresses from Capture file

  1. #11
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    18

    Default

    Quote Originally Posted by .lonewolf View Post
    As a matter of interest, how long did it take to get the 5,000 IV's?
    5 to 10 hours I think.

  2. #12
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    18

    Default

    Quote Originally Posted by samsung View Post
    You could try this

    Using this command (taken from aircrack-ng website) I've never done it but it should work
    -m maddr (WEP cracking) MAC address to filter WEP data packets. Alternatively, specify -m ff:ff:ff:ff:ff:ff to use all and every IVs, regardless of the network.
    Somehow this doesn't work either, when I type:

    aircrack-ng -m ff:ff:ff:ff:ff:ff capture.cap

    it still asks for the "index number of target network"

  3. #13
    Senior Member
    Join Date
    Feb 2008
    Posts
    681

    Default

    Quote Originally Posted by jesse33 View Post
    Somehow this doesn't work either, when I type:

    aircrack-ng -m ff:ff:ff:ff:ff:ff capture.cap

    it still asks for the "index number of target network"
    There's not much info on this subject as far as I know, I've searched before. The reason I responded is because I've also been playing with my ad-hoc network, but not clientless. I noticed that it would have taken several hours if not days to get enough IV's to crack the wep password. Unlike you I just don't have the patience to wait 5-10 hours to get sufficient IV's

    Anyway I've been planning to try the dictionary attack method, it should be a lot faster and more satisfying.

    Have you tried doing this with a client connected first? Why isn't there a client? Are you short of a pc or wireless card?
    [FONT=Courier New][SIZE=2][FONT=Courier New]hehe...
    [/FONT][/SIZE][/FONT]

  4. #14
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    18

    Default

    Quote Originally Posted by .lonewolf View Post
    There's not much info on this subject as far as I know, I've searched before. The reason I responded is because I've also been playing with my ad-hoc network, but not clientless. I noticed that it would have taken several hours if not days to get enough IV's to crack the wep password. Unlike you I just don't have the patience to wait 5-10 hours to get sufficient IV's

    Anyway I've been planning to try the dictionary attack method, it should be a lot faster and more satisfying.

    Have you tried doing this with a client connected first? Why isn't there a client? Are you short of a pc or wireless card?
    I already tried it with a client connected and got 100.000 IV's, but they all came from one mac-adress which is pretty easy to crack.

    So this is the second run to see if it can be cracked with IV's spreaded over multiple mac-adresses.

  5. #15
    Senior Member
    Join Date
    Feb 2008
    Posts
    681

    Default

    Quote Originally Posted by jesse33 View Post
    I already tried it with a client connected and got 100.000 IV's, but they all came from one mac-adress which is pretty easy to crack.

    So this is the second run to see if it can be cracked with IV's spreaded over multiple mac-adresses.
    So would I be correct in saying that you successfully cracked the wep password of an ad-hoc network with a client connected with 100.000 IV's?

    Now you want to do crack an ad-hoc network without a client.
    [FONT=Courier New][SIZE=2][FONT=Courier New]hehe...
    [/FONT][/SIZE][/FONT]

  6. #16
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    18

    Default

    Quote Originally Posted by .lonewolf View Post
    So would I be correct in saying that you successfully cracked the wep password of an ad-hoc network with a client connected with 100.000 IV's?

    Now you want to do crack an ad-hoc network without a client.

    well, I asumed it would be easy, but I accidentally added the "--ivs" option, so I couldn't do a ptw attack.
    And I didn't feel like trying it again.

    The importent thing for me is to learn how to combine mac-adresses.

  7. #17
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    If the MAC address of the router is changing more than likely its not in an ad-hoc configuration. What it *sounds* like to me is either an ESS "Extended Service Set"

    .....or a program running called Fake AP that acts as a security blanket countermeasure meant to confuse potential hackers into "guessing" which AP is the real one. >>>
    If one access point is good, 53,000 must be better.
    But thats just my opinion.





    To answer your question though about how to combine the MAC addresses,....are you talking about combining the mac addresses of the clients..or of the different APs BSSID's ????


    If they are different MAC addresses of the AP's (BSSID), but they have the same name (ESSID) then the

    Code:
    -e APnameHERE
    example:

    Code:
     aircrack-ng -e "Xploitz Network" *.cap
    will combine all clients data captured regardless of the clients MAC as long as the ESSID was Xploitz Network.




    If your wanting to filter a single CLIENT MAC address out..then the

    Code:
    -m clientsMACaddressHERE
    That command will do the trick no matter what network their on.


    Example:

    Code:
     aircrack-ng -m 1E:09:A7:33:87:M5 *.cap
    But if I were you..I'd just use -e and -m together like this>>>


    Code:
     aircrack-ng -m 1E:09:A7:33:87:M5 -e "Xploitz Network" *.cap
    That way you get all macs data from Xploitz Network..and all data from a specific connected client your hunting..like the client I put in my -m command above.

    Hope this helps ya.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  8. #18
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    18

    Default

    I've already tried these methods, for instance when I use:

    aircrack-ng -e "essid" capture.cap it automaticly picks the last entry and not the entire list of macs.

    when i use:

    aircrack-ng -e "essid" -m 11:22:33:44:55:66 capture.cap

    it only uses the IV's specified by -m
    when I use ff:ff:ff:ff:ff:ff, it just uses the last entry... again.

    I have tried this on multiple capture files.
    Has anyone ever done this succesfully?

  9. #19
    Just burned his ISO
    Join Date
    Sep 2007
    Posts
    18

    Default

    I've got it!

    I "downgraded" my dev-version from aircrack to the latest stable version and now use this command:

    aircrack-ng -e "essid" capture.cap

    and it combines all the IV's.

    everybody, thanks for the help.

  10. #20
    Senior Member
    Join Date
    Feb 2008
    Posts
    681

    Default

    Quote Originally Posted by jesse33 View Post
    I've got it!

    I "downgraded" my dev-version from aircrack to the latest stable version and now use this command:

    aircrack-ng -e "essid" capture.cap

    and it combines all the IV's.

    everybody, thanks for the help.

    Cool, I'm sorry i couldn't help but I'm glad that -=Xploitz=- did

    I am aware that some of the commands are different in the different aircrack versions and this can cause some confusion.

    I have an interest in pentesting but I don't have a router so the best I can do is try testing my ad hoc setup.

    Quote Originally Posted by -=Xploitz=- View Post
    If the MAC address of the router is changing more than likely its not in an ad-hoc configuration. What it *sounds* like to me is either an ESS "Extended Service Set"

    .....or a program running called Fake AP that acts as a security blanket countermeasure meant to confuse potential hackers into "guessing" which AP is the real one. >>>But thats just my opinion.
    Thanks -=Xploitz=-

    Is it possible to differentiate between a clientless ad-hoc network and a Fake AP or ESS or do they look the same?

    I also assume that ad-hoc networks are always wep encrypted. Am I wrong?
    [FONT=Courier New][SIZE=2][FONT=Courier New]hehe...
    [/FONT][/SIZE][/FONT]

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •