(Aircrack)Yet another WEP cracking tool for Linux - Page 9

sylvain · 08-26-2004

Quote:

Originally Posted by KoreK

From Abaddon's FAQ:

I did not look at the cisco driver. Maybe later.

what does "I am under NDA" mean ?

KoreK · 08-26-2004

NDA = Non disclosure agreement

sylvain · 08-26-2004

Quote:

Originally Posted by KoreK

NDA = Non disclosure agreement

ok ... so that I would be glad if you can look at the cisco drivers Korek without being under NDA ;-)

sylvain · 08-26-2004

Moreover I found an interesting article about packet reinjection..it is quite old but interesting (based on Prism2 cards)..it deals with libradiate.
http://www.packetfactory.net/project...oolkit-2.0.pdf

in the same style there is File2Air which uses AirJack Drivers...

more informations about these tools : http://downloads.wireless-kit.com/ especially the wireless-specific encryption cracking part...

devine · 08-26-2004

Quote:

Originally Posted by KoreK

Based on Abaddon's driver (and rma0251.pdf, google for it), it wasn't very difficult to patch wlan-ng to send raw 802.11 frame in monitor mode. I had a quick look at the hostap driver and the following patch (against 0.2.0) should put the chipset in a more receptive mood.

Just tried it, doesn't work too well

The damn chipset still trashed the 802.11 header. I tried googling for rma0251, but got no results.

KoreK · 08-26-2004

It's rm0251.pdf, sorry. I guess I'll have to install hostap and tinker a bit.

sylvain · 08-26-2004

Quote:

Originally Posted by topolb

Not answered by windows machine? are you sure? Windows always answer icmp echo-request if it is directly sent to it and there is not any firewall blocking.

What windows are not used to answer is icmp echo-requests directed to broadcast.

As far as I know sylvain suggestion of spoofing icmp requests should work

and I think this tool implement already this kind of attacks .. http://sourceforge.net/projects/wepwedgie/

could be great to add this to weplab or aircrack ... :-)

stbstb · 08-28-2004

hello
what is "usable packets" in you realization?
in other words how i must filter 'em in capture not making a huge pointless capture files? what are the rules?
thanks

devine · 08-29-2004

Quote:

Originally Posted by stbstb

what is "usable packets" in you realization? in other words how i must filter 'em in capture not making a huge pointless capture files? what are the rules?
thanks

Usable packets are encrypted data packets that match your BSSID/KeyID, and thus can be used by the cryptanalysis process. Indeed, when re-writing airodump I forgot the -e option (only log encrypted data packets), this will be fixed in the next release.

topolb · 08-29-2004

Quote:

Originally Posted by stbstb

hello
what is "usable packets" in you realization?
in other words how i must filter 'em in capture not making a huge pointless capture files? what are the rules?
thanks

As a "tip", if you do not want an huge logfile you can just log the first bytes of each encrypted data packet (let's say 80 bytes). This way you will save space and statistical attacks will still work as they only use 802.11 header and few bytes of the payload.

Anyway... harddrive space is cheap... who care!

stbstb · 08-30-2004

and maybe add -i key (information) to display all the bssids in capture file with the number of usable packets for each bssid and keyid

bigbadbaugh · 09-04-2004

Hi there

Can anyone give me any tips on using Aircrack.

I am currently capturing packets using Kismet trying to break my own 64BIT WEP.

Using the kismet dump file, i just used #aircrack /kismet.dump

and it stated there were 189 Unique ID's. This came from about 20,000 total packets in kismet.

Aircrack began cracking but my laptop battery ran out after about 20minutes.

I havnt tried since cause im capturing more packets again.

My questions are:

How many total packets, and then unique ID's are ruffly needed to break WEP ?

Is Air crack best used with Kismet or this Airodump im hearing people talking about ?

Is there any options I should specifiy when I run Aircrack to make it more efficent/reliable/better ?

Finally, what were the chances of breaking WEP with my original 189 Unique ID's if my Laptop battery hadnt run out ?

I hope you can answer these as it would definatly put me on the right tracks.

Cheers again

sylvain · 09-04-2004

you need 500,000 unique IV's that means 500 000 encrypted data packets...so you have to generate packets (see the other thread..)
aircrack works the same with files from kismet or airodump.
no option really needed at the beginning..
with 189 unique IV's , O chance to break it ..you need 500, 000

bigbadbaugh · 09-04-2004

Thanks for that.

If I need 500,000 Unique IV's, how many total packets does that ruffly work out as ?

Im guessing its got to be a few million to say the least ?

Just trying to caclulate how long its gonna take to crack my WEP with 1 single client connected. Any ideas ?

Thanks

sylvain · 09-04-2004

Quote:

Originally Posted by bigbadbaugh

Thanks for that.

If I need 500,000 Unique IV's, how many total packets does that ruffly work out as ?

Im guessing its got to be a few million to say the least ?

Just trying to caclulate how long its gonna take to crack my WEP with 1 single client connected. Any ideas ?

Thanks

if you make ping -f -s 0 IP adress of the AP from the client it should take 10 minutes

08-26-2004	#124 (permalink)
sylvain Wireless Auditor Join Date: Jun 2004 Location: Paris, France Posts: 175	Moreover I found an interesting article about packet reinjection..it is quite old but interesting (based on Prism2 cards)..it deals with libradiate. http://www.packetfactory.net/project...oolkit-2.0.pdf in the same style there is File2Air which uses AirJack Drivers... more informations about these tools : http://downloads.wireless-kit.com/ especially the wireless-specific encryption cracking part... Last edited by sylvain : 08-26-2004 at 09:17 AM.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

08-26-2004	#122 (permalink)
KoreK Banned in DC Join Date: Jul 2004 Posts: 102	NDA = Non disclosure agreement

08-26-2004	#126 (permalink)
KoreK Banned in DC Join Date: Jul 2004 Posts: 102	It's rm0251.pdf, sorry. I guess I'll have to install hostap and tinker a bit.

08-28-2004	#128 (permalink)
stbstb Registered Member Join Date: Aug 2004 Posts: 7	hello what is "usable packets" in you realization? in other words how i must filter 'em in capture not making a huge pointless capture files? what are the rules? thanks

08-30-2004	#131 (permalink)
stbstb Registered Member Join Date: Aug 2004 Posts: 7	and maybe add -i key (information) to display all the bssids in capture file with the number of usable packets for each bssid and keyid

09-04-2004	#132 (permalink)
bigbadbaugh Registered Member Join Date: Aug 2004 Posts: 25	Hi there Can anyone give me any tips on using Aircrack. I am currently capturing packets using Kismet trying to break my own 64BIT WEP. Using the kismet dump file, i just used #aircrack /kismet.dump and it stated there were 189 Unique ID's. This came from about 20,000 total packets in kismet. Aircrack began cracking but my laptop battery ran out after about 20minutes. I havnt tried since cause im capturing more packets again. My questions are: How many total packets, and then unique ID's are ruffly needed to break WEP ? Is Air crack best used with Kismet or this Airodump im hearing people talking about ? Is there any options I should specifiy when I run Aircrack to make it more efficent/reliable/better ? Finally, what were the chances of breaking WEP with my original 189 Unique ID's if my Laptop battery hadnt run out ? I hope you can answer these as it would definatly put me on the right tracks. Cheers again

09-04-2004	#133 (permalink)
sylvain Wireless Auditor Join Date: Jun 2004 Location: Paris, France Posts: 175	you need 500,000 unique IV's that means 500 000 encrypted data packets...so you have to generate packets (see the other thread..) aircrack works the same with files from kismet or airodump. no option really needed at the beginning.. with 189 unique IV's , O chance to break it ..you need 500, 000

09-04-2004	#134 (permalink)
bigbadbaugh Registered Member Join Date: Aug 2004 Posts: 25	Thanks for that. If I need 500,000 Unique IV's, how many total packets does that ruffly work out as ? Im guessing its got to be a few million to say the least ? Just trying to caclulate how long its gonna take to crack my WEP with 1 single client connected. Any ideas ? Thanks