still learning Posted March 6, 2009 Posted March 6, 2009 Hello.. I am new to Ubuntu and recently got a Alfa AP so I can practice on my own wifi networks security, so for my first attempt I set my wifi router to WEP, since that seems to be the easiest. I installed "Wifi-Radar" for Ubuntu but it seems kind of plain, and has no options to try and practice threw a proxy.. I know it will work but how do I try and crack my own WEP key? What programs are good for Ubuntu? Im not good with Bash shell yet.. I guess I would like a tutorial or something so I can learn how to do it.. im sure the Hak5 crew must have a video tutorial laying around somewhere to teach me how to do this. (since i hate reading, videos are much better) something I can go step by step with while im trying on my own network, until I get it. Yes I know im a noob allready so please keep the flames down.. :-) Thanks Quote
Seshan Posted March 6, 2009 Posted March 6, 2009 Use/download aircrack-ng Here a tut. http://www.aircrack-ng.org/doku.php?id=simple_wep_crack Oh, and you can't really go through a proxy, since you are not "connected" to the internet, you can change you mac address. Quote
still learning Posted March 6, 2009 Author Posted March 6, 2009 ahh I see.. any good programs or tutorials to spoof your MAC for Ubuntu? and is aircrack-ng only command line? (so i could do aircrack-ng MAN and get directions?) I am in school for computer programming and this kind of stuff interests me.. thanks Quote
Seshan Posted March 6, 2009 Posted March 6, 2009 Yeah it is command line. For help you would type aircrack-ng --help There site has LOT'S of info. So read through that if you want. For example some of the stuff you would type in would be: airmon-ng stop wlan0 ifconfig wlan0 down macchanger --mac 00:11:22:33:44:55 wlan0 airmon-ng start wlan0 *Channel* airodump-ng -c 11 -w <somefilname> --bssid <BSSID of your AP> mon0 airodump-ng wlan0 airodump-ng -c *channel* -w *write file name* --bssid *bssid of AP* wlan0 aireplay-ng -1 0 -a *bssid of ap* -h 00:11:22:33:44:55 -e *ESSID* wlan0 aireplay-ng -3 -b *bssid of ap* -h 00:11:22:33:44:55 wlan0 aircrack-ng -n 64 -b *bssid of ap* *filename -01.cap* P.S don't follow that, it's no working, and I'm trying to get a working directions for my card. Witch is also a Alfa. Quote
still learning Posted March 6, 2009 Author Posted March 6, 2009 Thanks I found macchanger helpful , so I should replace Wlan0 with the SSID? Im not sure what a "E"SSID is, so im guessing since now i have installed aircrack-ng, all the other commands will work "airmon, aireplay, ect.." with ubuntu bash term? They didnt seem to work just now.. I prob did something wrong.. i tried the --help command on everything related to it.. btw what is the difference between a BSSID and a ESSID? thanks again! Quote
Seshan Posted March 6, 2009 Posted March 6, 2009 Thanks I found macchanger helpful , so I should replace Wlan0 with the SSID? Im not sure what a "E"SSID is, so im guessing since now i have installed aircrack-ng, all the other commands will work "airmon, aireplay, ect.." with ubuntu bash term? They didnt seem to work just now.. I prob did something wrong.. i tried the --help command on everything related to it.. btw what is the difference between a BSSID and a ESSID? thanks again! ESSID is the Name like "Linksys" When you type out the ESSID for a command, it is cap sensitive.(I believe). The BSSID would be the number that would look something like 00:11:22:33:44:55. Wlan0 is the card interface, you would replace it with what ever interface is in monitoring mode, it might change too mon0. airmon-ng, aireplay-ng ect. are part of the aircrack-ng download. What card do you have? P.S I'm not a expert at this yet. Quote
still learning Posted March 7, 2009 Author Posted March 7, 2009 ESSID is the Name like "Linksys" When you type out the ESSID for a command, it is cap sensitive.(I believe). The BSSID would be the number that would look something like 00:11:22:33:44:55. Wlan0 is the card interface, you would replace it with what ever interface is in monitoring mode, it might change too mon0. airmon-ng, aireplay-ng ect. are part of the aircrack-ng download. What card do you have? P.S I'm not a expert at this yet. Which card do you mean? I have the alfa AP hooked up threw USB. Thanks for the break down of the difference between the two, so basically the ESSID is the name of the router or the name given to the router the "SSID" signal sent showing the name of the wifi routers signal, and BSSID is like the key for the WEP or WPA, which would need to be cracked from there unless it is easy to guess?, is there an easy way to just guess a passphrase for the WPA, instead of decrypting everything? I just seen on the home page Hak5 has a video entitled checking out your neighbors or something like that, so I may just go along with the video and practice on my own wifi router. Quote
Seshan Posted March 7, 2009 Posted March 7, 2009 BSSID is the MAC of the target. (Should of just said that the first time. :P ) I haven't really played with WPA yet, so I can't help you there. What's the model number of you Alfa? Quote
shonen Posted March 7, 2009 Posted March 7, 2009 In all honesty don't bother with ubuntu, you are only going to have to update your repo's and apt-get all the required programs. I would just get myself a copy of Backtrack which will cover your WEP cracking needs and then some. Bash can be a bit of a sod at first but I learnt alot of nix cli through learning how to use Back track (I am still a n00b though). In anycase use the tutorial I posted some time ago on WEP cracking. It was written from a beginner learning/explaining it point of view and should give you everything you need to know. Linkage to my Tut Quote
Seshan Posted March 7, 2009 Posted March 7, 2009 In all honesty don't bother with ubuntu, you are only going to have to update your repo's and apt-get all the required programs. I would just get myself a copy of Backtrack which will cover your WEP cracking needs and then some. Bash can be a bit of a sod at first but I learnt alot of nix cli through learning how to use Back track (I am still a n00b though). In anycase use the tutorial I posted some time ago on WEP cracking. It was written from a beginner learning/explaining it point of view and should give you everything you need to know. Linkage to my Tut Nice tut I like it. I also like that antenna and the fact everyone around you uses WEP. There's only 2 out of the 5 or 6 near me that I can see that use WEP, but 2 are also Open. I ordered some N connectors, going to make me some antennas :D Quote
still learning Posted March 8, 2009 Author Posted March 8, 2009 Yeah, props on the tutorial very nicely explained. I followed all directions, except one step which i had to do not listed on the tutorial is set up my AP manually.. BT3 did not recognize the Alfa AP so i had to do a "ifconfig wifi0 up" and pressing the "?" mark in kismet is a life saver lol I still have a question though.. I got to the part airodump-ng ath0 -w NAME YOUR SAVE FILE HERE -c CHAN NUMBER and it should have been cracking my WEP wifi router which i set up with a simple 8 char num/letter combo PW.. it was on like 2 and a half hours so i exited out.. i seen where it was done in like 5 minutes, for a simple PW that i put on it it should not take that long, I have a pretty fresh laptop.. or does it take that long? It found something that said BSSID not associated - probes hpsetup - and a station which looks like a MAC address. my wifi router is not a hewlett packard though.. abd why under the ESSID does it have two, one being my routers SSID and another saying "bcc" which reminds me of when you forward an email.. is this normal? what does the bcc man which has a diffrent BSSID? also how do you track the progress of how much longer it will take? There is no signals being sent across my wifi network right now, except for me trying to hack it, so is that why its not working? thanks Quote
5ive Posted March 8, 2009 Posted March 8, 2009 Check out Airoscript - http://airoscript.aircrack-ng.org - it combines all of the aircrack-ng utilities into one very easy to use script. I'm pretty sure it comes with backtrack 3.x + Quote
5ive Posted March 8, 2009 Posted March 8, 2009 Yeah, props on the tutorial very nicely explained. I followed all directions, except one step which i had to do not listed on the tutorial is set up my AP manually.. BT3 did not recognize the Alfa AP so i had to do a "ifconfig wifi0 up" and pressing the "?" mark in kismet is a life saver lol I still have a question though.. I got to the part airodump-ng ath0 -w NAME YOUR SAVE FILE HERE -c CHAN NUMBER and it should have been cracking my WEP wifi router which i set up with a simple 8 char num/letter combo PW.. it was on like 2 and a half hours so i exited out.. i seen where it was done in like 5 minutes, for a simple PW that i put on it it should not take that long, I have a pretty fresh laptop.. or does it take that long? It found something that said BSSID not associated - probes hpsetup - and a station which looks like a MAC address. my wifi router is not a hewlett packard though.. abd why under the ESSID does it have two, one being my routers SSID and another saying "bcc" which reminds me of when you forward an email.. is this normal? what does the bcc man which has a diffrent BSSID? also how do you track the progress of how much longer it will take? There is no signals being sent across my wifi network right now, except for me trying to hack it, so is that why its not working? thanks Airodump-ng does not do the cracking, it captures packets and creates a file that you then have to use aircrack-ng to actually crack and get the key with. airodump-ng will run forever, collecting packets until you tell it to stop. You should have a *.cap file that was created by airodump during those 2.5 hours. Run it threw aircrack and see if it comes up with a key. If you had 5K+ IV's you should be good. Chances are though that if you didn't successfully do the fake association and injection that your cap file won't have enough good IV's, even after 2.5 hours. A non-active router can be the hardest to crack since you don't have any real traffic to capture IV's from. This is where the attacks come into play. Quote
still learning Posted March 28, 2009 Author Posted March 28, 2009 Check out Airoscript - http://airoscript.aircrack-ng.org - it combines all of the aircrack-ng utilities into one very easy to use script. I'm pretty sure it comes with backtrack 3.x + Ok, yeah this seems like alot easier method. The only thing is when i try to run a command in airoscript is opens another window and that window closes instantly.. any ideas? Im guessing that is the window that is suppose to be doing the scan.. thanks Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.