TheKingUnderTheHill Posted May 2, 2012 Share Posted May 2, 2012 (edited) Hey guys, been playing about in BT5 with WEP/WPA cracking and I've managed to get a few keys, but my success rate is only about 40% Im sure it should be more if I'm following all the steps correctly. I'll start the card in monitor mode, then airodump the packets, I can see all this fine, but when I attempt to deauth the client they just refuse to deauth, or when the test machine does, it doesnt pick up the handshake when they re-connect. I was also wondering about the Gerix GUI cracker that comes with BT, is it any good? Cheers in advance! Edited May 2, 2012 by TheKingUnderTheHill Quote Link to comment Share on other sites More sharing options...
digip Posted May 3, 2012 Share Posted May 3, 2012 Two things. #1 When you deauth, you need to make sure the AP has a client connected to it and #2 you will only capture the handshake, if the client reconnects after you deauth them. Not everyone will reconnect automatically, although it is default behavior in most systems, it is possible to disable it from doing so. You could also be too far from the target to see the handshake or successfully deauth the target. Other factors come into play such as interference, distance, etc, so its not always going to be 100% all of the time. Quote Link to comment Share on other sites More sharing options...
redhook Posted May 3, 2012 Share Posted May 3, 2012 I was also wondering about the Gerix GUI cracker that comes with BT, is it any good? Cheers in advance! Gerix is just a frontend to aircrack-ng and the wpa cracking tools. Quote Link to comment Share on other sites More sharing options...
TheKingUnderTheHill Posted May 3, 2012 Author Share Posted May 3, 2012 Ah, not sure its any of those things, trying it on my own box and I see it lose the connection, then re-establish it, im literally ten feet from the router and machine. @Redhook Thought so, thanks! Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted May 3, 2012 Share Posted May 3, 2012 Your success rate for cracking WEP with a strong signal should be high, like well over 80%. Be sure to use all the different attacks (chop chop, fragment, -p0841). One should work. Also remember that if a router sends you deauth packets that doesn't necessarily mean the attack won't succeed, WEP is very insecure. Your success rates for capturing handshakes on AP's with a strong signal should be 100%. For me, more often than not airodump-ng doesn't tell me I captured the WPA handshake which can be misleading. You can open up the capture file in wireshark and run the following command and you should see 4 packets, then you know you have it. Don't be shy with the deauth packets either. eapol || wlan.fc.type_subtype == 0x04 || wlan.fc.type_subtype == 0x08 Quote Link to comment Share on other sites More sharing options...
digip Posted May 3, 2012 Share Posted May 3, 2012 (edited) Ah, not sure its any of those things, trying it on my own box and I see it lose the connection, then re-establish it, im literally ten feet from the router and machine. @Redhook Thought so, thanks! Attacking WEP or WPA? There is no handshake with WEP, only with WPA. Also, if it doesn't say it captured the handshake, you can leave it run and in another terminal run aircrack against the pcap file. In there, it will tell you the AP's it found and how many IV's for WAP AP's as well as if it has a handshake for any of the WPA ones. Edited May 3, 2012 by digip Quote Link to comment Share on other sites More sharing options...
TheKingUnderTheHill Posted May 3, 2012 Author Share Posted May 3, 2012 Attacking WPA, and ahh that makes sense! So i'd just get a large .pcap file, then use Aircrack-ng on it, and it might still work? Awesome. Also, in Gerix it says about all these different attacks, would it be possible to explain or point me somewhere that explains the 'fragmentation' and 'packet injection' attacks? Cheers man! Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted May 3, 2012 Share Posted May 3, 2012 If you google the terms you just mentioned + aircrack-ng + tutorial it will provide a wealth of information on the topic. Quote Link to comment Share on other sites More sharing options...
TheKingUnderTheHill Posted May 4, 2012 Author Share Posted May 4, 2012 Aha, yeah, Im viewing some of the ones google threw up now, was just wondering if anyone on here had any specific tutorials that they know concentrate on the key points and dont faff about with stuff, thanks though Quote Link to comment Share on other sites More sharing options...
digip Posted May 4, 2012 Share Posted May 4, 2012 Aha, yeah, Im viewing some of the ones google threw up now, was just wondering if anyone on here had any specific tutorials that they know concentrate on the key points and dont faff about with stuff, thanks though There are also many tuts on here for a lot of the same stuff, just use that search box in the top right corner of the forums ;) Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 4, 2012 Share Posted May 4, 2012 Aha, yeah, Im viewing some of the ones google threw up now, was just wondering if anyone on here had any specific tutorials that they know concentrate on the key points and dont faff about with stuff, thanks though I don't know what makes you hate Google! But it only took me a second to find these articles. WEP Cracking Tutorial http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrack WPA Cracking Tutorial http://www.aircrack-ng.org/doku.php?id=cracking_wpa http://www.smallnetbuilder.com/wireless/wireless-howto/30278-how-to-crack-wpa--wpa2 Quote Link to comment Share on other sites More sharing options...
Vodmya Posted May 4, 2012 Share Posted May 4, 2012 If you have a little time this would be the best place to begin. Couldn't be explained any better than this http://www.securitytube.net/groups?operation=view&groupId=9 Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 5, 2012 Share Posted May 5, 2012 If you have a little time this would be the best place to begin. Couldn't be explained any better than this http://www.securitytube.net/groups?operation=view&groupId=9 I can't believe I forgot to mention those videos, I even bought the book he wrote. Highly recommended videos. Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted May 6, 2012 Share Posted May 6, 2012 I should probably also mention digininja's GAWN paper as I haven't seen it or anything like it mentioned here before (http://www.digininja.org/gawn_gold/). By the time you finish this paper, your knowledge of wifi will be comparable to that of the creators of the aircrack-ng suite. You need to have a working knowledge of python and/or ruby before you start it, and it's a lot of in depth stuff you'll need to actually study and not just read once over and copy paste commands, but it basically teaches you to do manually do the functions that aireplay-ng or airodump-ng would do using python and ruby. It also teaches you how to manually manipulate frames or "speak" to a router in "router talk" and you can take that a step further and develop your own concepts from there (which is how I assume he created Jasager). Quote Link to comment Share on other sites More sharing options...
TheKingUnderTheHill Posted May 6, 2012 Author Share Posted May 6, 2012 Awesome, really loving the responses guys, thanks! Also, how similar would you say Ruby and Python are to Java or Basic? Would it be easy to pick up the other languages, or will I just carry across bad habits? Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted May 6, 2012 Share Posted May 6, 2012 Couldn't tell you bud. I can say that Ruby and Python are very similar to each other. I know some python and I can read ruby pretty well, I'll even edit some meterpreter scripts when need be. I'd imagine that many of the concepts that exist in python and ruby are present in Java also as they're in the family of OOP. Don't not learn a language because you're worried about bad habits. I don't think you'll pick up any bad habits in python or ruby anyways, I believe it's javascript and some of the languages primarily used in web design that are associated with bad programming habbits, but that's just what I've heard through the grapevine, don't know if its true or not. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.