trevelyn
04-04-2007, 03:57 AM
heyas, my name is trevelyn, i have been a memebr of the forums a good while but havent posted yet. I have been using BT since the very first version :) i remember WHAX and Whoppix and auditor, all were great but BT is the best! (okay had to get that out of the way!)
theres some wierd things i have witnessed while testing my networks..
1. sometimes my Airodump screen dies, and i have to restart it, but this hapens early in so i just make sure to check it, no big problem. Works fine, now i guess.
2. I have seen routers that made arp requests no matter what?? like if i Auth and Ass it, and run aireplay-ng -3, i could put anything as the -h option!! even 00:11:22:33:44:55! and i get fast tons of ARP's and Initialization vectors.
3. has Aircrack-ng changed? i used to be able to break my routers 64(40) Bit, with only 125k IV's, and if i changed it to 128(104), i could get it around 350k IV's, back with BT1beta, i am not sure what the Aircrack suite version was back then but, damn it was good. Now theres more options and i need @ least 325k Initialization vectors to break 64(40) bit WEP! I havent gotten 128(104) bit to break yet AT ALL. and i have an ivs, file that contains 1.3M!
4. whats the true difference between --ivs and --cap?
5. Also, "a fake positive" would this be a fake positive ARP that creates a whole boat load of garbage ARPs, that don't contain the right key? Also why would the ARP be hidden behind packets that have a Dest of FF:FF:FF:FF:FF:FF? is this possibly a security measure?
6. What about the routers that produce 3 or 4 IVs then stop replying?? I sometimes see this when i start up my attack with just aireplay-ng -3, then in another xterm aireplay -0 and deauth a client. my card sends and sends, but i get no return? also i can open another window and run aireplay-ng -1, to Auth-Ass and i get 3 or 5 more IV's then it stops again. Is this an example of a router that is not vulnerable to this ARP attack?
7. in my attempt to create handshakes, before i start Deauthing clients do i have to Auth-Ass the router? or could i just make the packets and send them? I see in Airodump that they recieve the packets and stop sending info for a short period of time, but when they start sending again, I check my -ivs file for handshakes and find - none :(
sorry for so many questions, i have googled, and wiki'ed and whatever and you FAQ is gone, from what i can tell. I miss all the good links to the videos. And have hosted them from my site zombie[dot]el[dot]cx[/videos/] indexed under hack, they are old, but fun to watch, my favorite is the one that plays Dsinghis Khan.
Thank you guys in advance - a forever fan of this sexy Pentest OS. - trevelyn.
post script, BT2 Final does not work properly on the MacBook rev2. the keys echo after an extremely long boot. But the beta version r0x. :)
theres some wierd things i have witnessed while testing my networks..
1. sometimes my Airodump screen dies, and i have to restart it, but this hapens early in so i just make sure to check it, no big problem. Works fine, now i guess.
2. I have seen routers that made arp requests no matter what?? like if i Auth and Ass it, and run aireplay-ng -3, i could put anything as the -h option!! even 00:11:22:33:44:55! and i get fast tons of ARP's and Initialization vectors.
3. has Aircrack-ng changed? i used to be able to break my routers 64(40) Bit, with only 125k IV's, and if i changed it to 128(104), i could get it around 350k IV's, back with BT1beta, i am not sure what the Aircrack suite version was back then but, damn it was good. Now theres more options and i need @ least 325k Initialization vectors to break 64(40) bit WEP! I havent gotten 128(104) bit to break yet AT ALL. and i have an ivs, file that contains 1.3M!
4. whats the true difference between --ivs and --cap?
5. Also, "a fake positive" would this be a fake positive ARP that creates a whole boat load of garbage ARPs, that don't contain the right key? Also why would the ARP be hidden behind packets that have a Dest of FF:FF:FF:FF:FF:FF? is this possibly a security measure?
6. What about the routers that produce 3 or 4 IVs then stop replying?? I sometimes see this when i start up my attack with just aireplay-ng -3, then in another xterm aireplay -0 and deauth a client. my card sends and sends, but i get no return? also i can open another window and run aireplay-ng -1, to Auth-Ass and i get 3 or 5 more IV's then it stops again. Is this an example of a router that is not vulnerable to this ARP attack?
7. in my attempt to create handshakes, before i start Deauthing clients do i have to Auth-Ass the router? or could i just make the packets and send them? I see in Airodump that they recieve the packets and stop sending info for a short period of time, but when they start sending again, I check my -ivs file for handshakes and find - none :(
sorry for so many questions, i have googled, and wiki'ed and whatever and you FAQ is gone, from what i can tell. I miss all the good links to the videos. And have hosted them from my site zombie[dot]el[dot]cx[/videos/] indexed under hack, they are old, but fun to watch, my favorite is the one that plays Dsinghis Khan.
Thank you guys in advance - a forever fan of this sexy Pentest OS. - trevelyn.
post script, BT2 Final does not work properly on the MacBook rev2. the keys echo after an extremely long boot. But the beta version r0x. :)