Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Contact Methods

  • Website URL
  • ICQ

Profile Information

  • Gender
  • Location
    Nova Scotia

Recent Profile Visitors

3,119 profile views

Vodmya's Achievements


Newbie (1/14)

  1. You can on the cheap (<$12) Antenna 12dBi omni w/ RP-SMA connector: Fits Alfa & many other USB WiFi adapters
  2. If you have a little time this would be the best place to begin. Couldn't be explained any better than this http://www.securitytube.net/groups?operation=view&groupId=9
  3. http://sourceforge.net/projects/wpscrackgui/ it's coming from Argentinia. If anyone has been using reaver or wpscrack this is quite interesting. Could save tons of time by entering the mac addy and if there are any known manuf default pins they can be displayed allowing the user to try those before running their tool of choice. Support: - AirUbuntu. - Ubuntu. - Debian. Improvements: * Added network scanning through Wash, WPScan, WPSpy. * Added Attack PIN specification. * Open log file folder. * Translation into Spanish and English. * Option to Provide PIN for the database (Full or Partial). * Fixed bugs in general.
  4. Been testing with 1.4 and am having a much better go with it. Timeouts/locks (varies by vendor) still occur but the resume feature makes up for potential lost time. Once it finds the 1st four digits its generally pretty quick after that. Some of the older routers are still using default pins and they take about 5 secs to crack. Even though I knew it was only a matter of time I was still kinda dumbstruck when the app spit my password out at me since I never expected to see it done so easily (even with various mutations this was a password that was not supposed to be presented in this manner ;-). This has been a valuable "hands on" week with Wireshark as well. Looking for a filter for WPS? try wlan_mgt.wfa.ie.type == 0x04
  5. Finally tried 1.3 over the weekend and didn't have much success. Too many receiving timeouts etc and patience wasn't my virtue. This ver did support resume. Couldn't get Wash to run properly (can get the WPS info out of the packets anyway using wireshark). Just installed 1.4. (110) of Reaver. Wash is running perfect and am just tweaking the timing and delays to find the sweet spot with my AP. Looks very promising. Impressed I am :-)
  6. Just found my answer. Running 2 monitor modes at the same time. One set to channel 1 and the other to channel 11. Output is the same for unassociated clients. Just found a script that looks promising as well. https://github.com/xme/hoover Big thanks to this forum and the Hak5 show for all your advice it is appreciated!
  7. Tks for the tip on ngrep (haven't used it either). Be interesting to see if the specific data could be filtered and piped and then viewed in real time. My next question would be about the unassociated probe requests. Even though I've set my card to ch1 (1-3 overlaps)(my exercises have resulted in "Joe Average" broadcasting on ch 6 or 11 mostly). As well as having an encryption filter to open auth (lowest amount of broadcasters) to cut down on the viewable output using strictly airodump-ng would be: Are the unassociated clients searching on set channels or are they searching on all the bands looking for wifi and prev associated APs? If they are not band specific I should still be viewing the same amount of traffic the same as if I was channel hopping?
  8. Wireshark is definitely an option but I'm really looking for something quick and dirty without diving into the individual packets. My googling fingers are tired. I believe I'm looking for an app or script that hasn't been written yet. A temp solution would be to set the wireless card to another country (i.e BO) and place it on an "ill-advisable" channel depending on where you live and in theory there would be minor overlapping/no traffic and all of the output would be mostly unassociated probe requests. It would be a nifty tool to have running to be able to see whose wifi enabled mobile devices give them away before entering your vicinity. Safer/legal alternative: airodump-ng -c 1 --encrypt=OPN mon0 (unless you live in stupidville)
  9. Might be an easy question but I'll ask anyway. Does anyone know of a way of using an app like airodump to display only probe requests of unassociated clients? airodump-ng -a mon0 doesn't seem to do a heck of alot. I'm not looking for a filter rule for wireshark. What I am attempting to do is run a utility that will monitor the air and display only probe requests with their bssid and previously connected AP essid's. (i.e only the lower half of airodump-ng) No malicious intent just curious about what is happening around me in real time with a nice simple gui. (I get a kick out of some of the AP's essid's, esp those who use apple products. Even after a master reset prev connected machines are still displayed with a 'ginormous' listing.
  10. This is a step in the right direction but will most likely fail against cheap/older routers that will just crap themselves and lock up requiring a hard reset. Also remember not everyone will enable or press their wps button on their routers. If I get time this weekend I will try it on a mid-range Netgear 3500 this weekend.
  11. @Telot forgot to ask make/model and fw ver of your router
  12. roughly, how long did it take you to get to 21% ?
  13. try www data-alliance net
  14. In Canada you can find tons of CSIS surveillance van#*** with hidden essid's
  15. Python Programming for the Absolute Beginner (Michael Dawson) 3rd ed.
  • Create New...