Hacking WEP

[dazzab]

Hi all i have 2 laptops

1 with netgear pcmcia and running win xp
1 with built in wireless running Vista

i can pick up other networks in my area which i wanna roam free....lol


can some of you nice hackers plz direct me to programs that will run on these OS so i can connect to secured networks...

cheers

 

[Sajuk101]

try h**p://www.profit42.com/index.php/2006/08/02/92/
and h**p://docs.lucidinteractive.ca/index.php/Cracking_WEP_and_WPA_Wireless_Networks

please be aware you will have to boot a linux live cd and also have a compatible linux chipset on your wireless card

 

[dazzab]

is there a list of wireless cards?

also i downloaded bt2final...is this all i need?

 

[Sajuk101]

thats all you need let me find the list of wireless cards


http://linux-wless.passys.nl/

click on complete listing and match your product number and manufacture and check the status

 

[pritesh]

would use aircrack-ptw, much fater then aircrack-ng. with ptw you have to use .cap files but it is still quicker the useing ivs

 

[Sajuk101]

check the edited post above m8 for the wireless card list

 

[Sajuk101]

h**p://www.tazforum.thetazzone.com/viewtopic.php?t=2069.

try that out a guide on how to hack wep in windows also it recommends NETGEAR WAG511 DUAL BAND which works with backtrack and other linux line cds out of the box

 

[pritesh]

wouldnt use iv method as its going to take ages to get ivs even with packet injecting. managed to crack my 128 wep in under 15 mins.

 

[dazzab]

cheers guys....is there a hacking for dummies tut .lol

 

[Blartiartfast]

Playing around with BT2 and an old Linksys wireless from Tesco I seem to be able to get the access codes to my linksys in around 5 mins with 64bit. This is with packet injection and aircrack-ng. Now using wpa. Tried several of the so called security editions of Linux, and BT2 seems to be the best equipped atm.

 

[dazzab]

Help plz..

Running BT2,
fired up kismet ,found the access point and ran airodump but no data only beacons,
beacons rising gradually but no data.

ran airplay and performed the deauth attack,got zero arp requests and zero sent packets..

 

[pritesh]

hi i dont even use kismet know, use airodump-ng to find networks and what channel there on. then use "-3" attack with airplay. attack -3 is arp. if there isnt that many arp requests captured you can deauth a client. if there are no clients you can do a fake auth then do a deauth. the amount of arp requests should be rising quite quickly, go back to airodump-ng and wait till you have have about 50000 packets. shouldnt take no more then about 10 mins. then use aircrack-ptw to get the wep key.

 

[dazzab]

Thanks for all the help i will try it out over weekend

 

[Blartiartfast]

Yep. De-auth works a treat. Data literally goes mad and usually within a few minutes you will have enough data to crack the key.

 

[dazzab]

I run airodump and view access point i want to hack,but im getting no data sent,so unable to find MAC addy of target machine...therefor unable to perform De-Auth attack..

any ideas how to get mac addy of target machine

 

[pritesh]

if there are no clients do a fake auth then deauth the fake auth if that makes sense. in airodump you should be doing simething like the following. "airodump-ng -- channel 11 -- write out abcxyz INTERFACE". obviously channel may be different and you can call it what ever you want.

 

[MH]

if anyone has got any sense they will be mac addy filtering also, so that makes it a little trickier.....as you will have to deauth a genuine pc and dupe the mac address also.....all good fun....and use ethereal for the sniffing.....but also remember its HIGHLY ILLEGAL to attempt to connect to someones wireless network

 

[pritesh]

once you have a mac addy of a connected client you can change your mac address to the address of the client to get arount the filtering. regarding ethereal can you read the data in plain text? and good places to read as well?

 

[MH]

yes it will decode the HEX

 

[pritesh]

is it just as effective in windows as it is in linux?