WEP crack using wesside-ng

mcgirt

Inactive User
Joined
Sep 27, 2006
Messages
453
Reaction score
10
Evening,

I've been trying to crack my WEP using wesside-ng.

Everything goes ok until the part where it should be 'guessing PRGA'. At this point is just sits and doesn't progress?

I've confirmed my w/less card is compatable and set it to monitor mode.

Does anyone have any knowledge on this?

Is there a better way of doing this and if so do you have any tutorials?
 

techquest

DW Member ++
Joined
Oct 29, 2007
Messages
1,679
Reaction score
43
You could try using aircrack

h**p://forum.aircrack-ng.org/index.php?topic=3734.0
 

TheCheekyMonkey

DW Regular
Joined
Jul 15, 2007
Messages
1,349
Reaction score
85
Location
on my way to brum brum
i`m sure its all aircrack based, wesside-ng is an automated cracker.
the problem your having is that you just need to `flush` the temp cap files created by the process, once done, restart the process and you should be laughing.
 

mcgirt

Inactive User
Joined
Sep 27, 2006
Messages
453
Reaction score
10
I'm running backtrack from a USB storage device. All the files that are created are on the desktop and I've been sure to delete any existing files before starting. I've still not had any luck.

As I was having no luck with WEP I decide to try and crack my WPA key using a video tutorial on youtube. This used aircrack (i think) and cow patty, sorry I can't confirm the names as I'm at work.

I followed the instructions and everything goes ok until I have to use a tool located in a directory, something like root/tools/dictionaries/, but I can't find this? As I say I'm using a USB storage device with backtrack 4 installed on it. Do you have any idea how I can find this directory? I'm not to familiar with linux so it could be I'm the problem not the fact I'm running backtrack from a USB device. I tried the cmd 'cd <directory address/name>'

Assistance with either of the problems I'm having would be greatly appreciated.

Ta.
 

TheCheekyMonkey

DW Regular
Joined
Jul 15, 2007
Messages
1,349
Reaction score
85
Location
on my way to brum brum
yeah you could be right actually about the location, i was think about backtrack 2 / 3 that created them in the home directory where as the other day it created them on the desktop hmmmmmmmmmmmmmm cant really do much at the moment , my new 1 watt card is on its way as soon as its done i`ll knock up a quick guide with some piccys as to how i use backtrack / wesside-ng.

you are definately getting the card into monitor mode?

airmon-ng start wlan0 ??

it will create a child interface, your not using this are you?

on these cards i always use wlan0

airodump-ng -i wlan0

this lists the AP`s, mark down the mac address of the intended wep victim

then

wesside-ng -i wlan0 -v mac address

those commands are from memory, i`ll have to have a looksee when i get my new card.

as for dictionaries you`ll need to download some dictionary files and either place them in the directory or create the directorys and th en place them in there, google it, as far as i know backtrack didnt come with the dictionarys, although in the new version this may not be the case.

hope this helps.

edit :

what card do you have? it could be "ath0"
 
Last edited:

mcgirt

Inactive User
Joined
Sep 27, 2006
Messages
453
Reaction score
10
I originally tried using 'wlan0' as the interface but could only get so far. I checked on the backtrack forums to make sure the w/less card was compatible. I found that it was compatible but the poster had mentioned referring to the interface as 'mon0'.

When I run 'airmon-ng stop/start wlan0' it starts 'wlan0' and state it's in monitor mode as 'mon0'. I tried using 'mon0' and I get the same problems.

I'm using a Asus eeepc 1005h ( I think, at work so can't check).

I'm going to try it again using both interface and see if I can spot any difference.


I'm going to try it again using both interface and see if I can spot any difference.
 
Last edited:

TheCheekyMonkey

DW Regular
Joined
Jul 15, 2007
Messages
1,349
Reaction score
85
Location
on my way to brum brum
I originally tried using 'wlan0' as the interface but could only get so far. I checked on the backtrack forums to make sure the w/less card was compatible. I found that it was compatible but the poster had mentioned referring to the interface as 'mon0'.

When I run 'airmon-ng stop/start wlan0' it starts 'wlan0' and state it's in monitor mode as 'mon0'. I tried using 'mon0' and I get the same problems.

I'm using a Asus eeepc 1005h ( I think, at work so can't check).

I'm going to try it again using both interface and see if I can spot any difference.


I'm going to try it again using both interface and see if I can spot any difference.

yeah, thats sounds right, but what card is it your using? , also how many routers have you tried to crack? is this your router? or someone elses, do you knwo what router it is, at the end of the day, just because a router a WEP enabled doesnt mean to say that its guaranteed that it can be cracked, some routers have capabilitties to guard agains wep attacks (weak IV`s) etc etc, it may be that this router is one of them.


Incidently, it should be `wlan0` that you use to crack, not `mon0`


hope this helps.
 

mcgirt

Inactive User
Joined
Sep 27, 2006
Messages
453
Reaction score
10
Hello again,

I've not had a chance to try again but I was speaking to friend who has some experience using backtrack but not wesside.

He asked about my router and how much traffic was going through it. I explained I've set up old router with WEP enable but it's not got any clients attached, just me trying to get in. He thought I could be having trouble cracking it because the 'deauth' process wouldn't work? No I might get this wrong, but from the way Ii understood him, part of the crack process involved pretending to be a client who wants to re-authenticate it's self with the router and as I have no clients attached or traffic flowing this may cause a problem.

So next up I'm going to try my 'live' router with clients attached and traffic flowing using the 'wlan0' as my interface.

I can't remember the wlan card of the top of my head but I'll check once I'm home.

Thanks for your help so far.
 

TheCheekyMonkey

DW Regular
Joined
Jul 15, 2007
Messages
1,349
Reaction score
85
Location
on my way to brum brum
i mean, yeah i understand what he`s saying, now forgive i`m am no expert on backtrack, ive used it many times to crack wep, one of the ways to do it is to de-authenticate and then authenticate with the router, you actually had to do this, whilst also sniffing it in a different terminal, this is the methods used a while back, but as far as i know wesside-ng employs a different method as no clients need to be on the router, i know this as i have used an old router myself with no clients on it, and cracked it succesfully.

ive just received my new card, so i may knock a quicky guide up as to what i do to crack em if i get chance monday night.

like i say though your test router could be protected to a certain extent against wep attacks, long shot, but some router did have it implemented in firmware updates, although WEP as a wireless security has sadly failed, hence why wpa is standard now on all new routers.
 

mcgirt

Inactive User
Joined
Sep 27, 2006
Messages
453
Reaction score
10
Ok, I've tried again and I'm still only getting to the stage just before it should start 'guessing'.

I'm still using the same router as before so like you say it could be the router. I'll nip a long to my mates over the weekend and try a few routers round there. I can't help feel that I'm the problem, but it's not like you can go wrong entering a simple cmd :(

It's getting on my tits now!
 
TEST
Top