Jump to content

Wep/wpa Cracking In Bt5r2


TheKingUnderTheHill

Recommended Posts

Hey guys, been playing about in BT5 with WEP/WPA cracking and I've managed to get a few

keys, but my success rate is only about 40% Im sure it should be more if I'm following

all the steps correctly.

I'll start the card in monitor mode, then airodump the packets, I can see all this fine,

but when I attempt to deauth the client they just refuse to deauth, or when the test machine

does, it doesnt pick up the handshake when they re-connect.

I was also wondering about the Gerix GUI cracker that comes with BT, is it any good?

Cheers in advance!

Edited by TheKingUnderTheHill
Link to comment
Share on other sites

Two things. #1 When you deauth, you need to make sure the AP has a client connected to it and #2 you will only capture the handshake, if the client reconnects after you deauth them.

Not everyone will reconnect automatically, although it is default behavior in most systems, it is possible to disable it from doing so. You could also be too far from the target to see the handshake or successfully deauth the target. Other factors come into play such as interference, distance, etc, so its not always going to be 100% all of the time.

Link to comment
Share on other sites

Your success rate for cracking WEP with a strong signal should be high, like well over 80%. Be sure to use all the different attacks (chop chop, fragment, -p0841). One should work. Also remember that if a router sends you deauth packets that doesn't necessarily mean the attack won't succeed, WEP is very insecure.

Your success rates for capturing handshakes on AP's with a strong signal should be 100%. For me, more often than not airodump-ng doesn't tell me I captured the WPA handshake which can be misleading. You can open up the capture file in wireshark and run the following command and you should see 4 packets, then you know you have it. Don't be shy with the deauth packets either.

eapol || wlan.fc.type_subtype == 0x04 || wlan.fc.type_subtype == 0x08

Link to comment
Share on other sites

Ah, not sure its any of those things, trying it on my own box and I see it

lose the connection, then re-establish it, im literally ten feet from the

router and machine.

@Redhook Thought so, thanks!

Attacking WEP or WPA? There is no handshake with WEP, only with WPA. Also, if it doesn't say it captured the handshake, you can leave it run and in another terminal run aircrack against the pcap file. In there, it will tell you the AP's it found and how many IV's for WAP AP's as well as if it has a handshake for any of the WPA ones.

Edited by digip
Link to comment
Share on other sites

Attacking WPA, and ahh that makes sense!

So i'd just get a large .pcap file, then use Aircrack-ng on it, and it might

still work? Awesome.

Also, in Gerix it says about all these different attacks, would it be possible to explain

or point me somewhere that explains the 'fragmentation' and 'packet injection' attacks?

Cheers man!

Link to comment
Share on other sites

Aha, yeah, Im viewing some of the ones google threw up now,

was just wondering if anyone on here had any specific tutorials that

they know concentrate on the key points and dont faff about with stuff, thanks though

There are also many tuts on here for a lot of the same stuff, just use that search box in the top right corner of the forums ;)

Link to comment
Share on other sites

Aha, yeah, Im viewing some of the ones google threw up now,

was just wondering if anyone on here had any specific tutorials that

they know concentrate on the key points and dont faff about with stuff, thanks though

I don't know what makes you hate Google!

But it only took me a second to find these articles.

WEP Cracking Tutorial

http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrack

WPA Cracking Tutorial

http://www.aircrack-ng.org/doku.php?id=cracking_wpa

http://www.smallnetbuilder.com/wireless/wireless-howto/30278-how-to-crack-wpa--wpa2

Link to comment
Share on other sites

If you have a little time this would be the best place to begin. Couldn't be explained any better than this

http://www.securitytube.net/groups?operation=view&groupId=9

I can't believe I forgot to mention those videos, I even bought the book he wrote.

Highly recommended videos.

Link to comment
Share on other sites

I should probably also mention digininja's GAWN paper as I haven't seen it or anything like it mentioned here before (http://www.digininja.org/gawn_gold/). By the time you finish this paper, your knowledge of wifi will be comparable to that of the creators of the aircrack-ng suite.

You need to have a working knowledge of python and/or ruby before you start it, and it's a lot of in depth stuff you'll need to actually study and not just read once over and copy paste commands, but it basically teaches you to do manually do the functions that aireplay-ng or airodump-ng would do using python and ruby. It also teaches you how to manually manipulate frames or "speak" to a router in "router talk" and you can take that a step further and develop your own concepts from there (which is how I assume he created Jasager).

Link to comment
Share on other sites

Couldn't tell you bud. I can say that Ruby and Python are very similar to each other. I know some python and I can read ruby pretty well, I'll even edit some meterpreter scripts when need be.

I'd imagine that many of the concepts that exist in python and ruby are present in Java also as they're in the family of OOP.

Don't not learn a language because you're worried about bad habits. I don't think you'll pick up any bad habits in python or ruby anyways, I believe it's javascript and some of the languages primarily used in web design that are associated with bad programming habbits, but that's just what I've heard through the grapevine, don't know if its true or not.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...