I know we have already talked a little bit about this tool (only available in the development version), but wow...
bt ~ # wesside-ng -i ath1 -a XX:XX:XX:XX:XX:XX -v XX:XX:XX:XX:XX:XX
...
KEY=(XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX)
Owned in 2.68 minutes
One command line: interface, own map, ap mac, and go. 128 bit wep done in 2.68 minutes from hitting the enter key.

Interestingly enough, the .cap file had 40,000 packets and aircrack-ptw was unable to find the key using this file, even though wesside-ng does in fact use the ptw attack.

Doesn't seem to be working with my ralink card. Gets hung-up on the authenticating process. I'm using Aircrack-ng 1.0.dev.svn.493, is that what you have?

Doesn't seem to be working with my ralink card. Gets hung-up on the authenticating process. I'm using Aircrack-ng 1.0.dev.svn.493, is that what you have?
I have 512, which was the latest at least as of yesterday.

it works well with my rt73
owned in 6 minutes

really great but they said your card MUST support fragmentation attack because it use it for getting prga if i understand well

BUT my rt73 doesn't suport -5 attack....im sure of that....and wesside had worked with this card.....

so maybe retry

ps im with 521 wich is the latest.....

I tried with my other ralink, WUSB54GC (rt73), and it still doesn't work, going to try the latest version.

shamanvirtuel,

Try the latest driver from ASPj's, it supports fragmentation with rt73.

My atheros card gets stuck like this with

wesside-ng -i ath0

15:00:00 Got 8 bytes of prga IV=....
15:02:00 Got ARP request from (some mac I do not know, I do not live near anyone)
15:02:12 Guessing PRGA ec (IP byte=220)
and keeps counting up the minutes and never gets past that.
If I ping a non existent ip on my lan it gets further but finds a wrong IP and sends arp requests to the same wrong IP :confused:

* I am able to inject and can do fragmentation attack with this card and my AP.

My atheros card gets stuck like this with

wesside-ng -i ath0

15:00:00 Got 8 bytes of prga IV=....
15:02:00 Got ARP request from (some mac I do not know, I do not live near anyone)
15:02:12 Guessing PRGA ec (IP byte=220)
and keeps counting up the minutes and never gets past that.
If I ping a non existent ip on my lan it gets further but finds a wrong IP and sends arp requests to the same wrong IP :confused:

* I am able to inject and can do fragmentation attack with this card and my AP.
I had the same result with my internal Broadcom card (which I confirmed as injection-capable).

Some progress with Atheros in r536

Authenticated
Associated
Datalen 46 Known clear 8
Got 8 bytes of prga IV=.....
# Then the confusion begins "ERROR max retransmits..."

no difference with Prism2
ipw3945 gets hung at: Got 8 bytes of prga IV=....
Used Aireplay-ng -3 and it will continue, guess wrong IP and end with "Segmentation fault"

after the confusing error thing begin
i let it for work and it finds me the key within 10 min to 1hour depending on the traffic there is on the network.....

for test you can locked wesside on network bssid and artificially create traffic with streaming some milworm vids in loop....

go in /root you will see your wep.cap grows.......

launch an aircrack-ng session when some megs are captured you will see number of IVS....

Confirmed, working with Atheros, Prism2, IPW3945

I was using to monitor size
airodump-ng rtap0

Do you notice it is super fast at each step but might be why it has problems with some?

Hey Guys...
I wonder Where you got wesside-ng already ? I only found the source code, tried to compile it with gcc, but all it spit out were errors.

Any hint ?

Hey Guys...
I wonder Where you got wesside-ng already ? I only found the source code, tried to compile it with gcc, but all it spit out were errors.

Any hint ?

Look here (http://forums.remote-exploit.org/showthread.php?t=7460) to see the problem and fix

Thank you !...I´m just unsure now, how to actually do the update after I install your module -

I think of 3 ways:

- running the update-ng shell script
- download the source and compile it (no experience)
- follow the instrucions of the site:

svn co http://trac.aircrack-ng.org/svn/trunk aircrack-ng
cd aircrack-ng
make
make install
-------------------------

- the coolest would be that GUI updater shown in your post...

What shouldda doooo ?

Wesside-ng is in the 1.0 dev branch, so you want to:

svn co http://trac.aircrack-ng.org/svn/branch/1.0-dev aircrack-ng

..just tried it...all I get is:
"svn: 'aircrack-ng' already exists and is not a directory"..

..just tried it...all I get is:
"svn: 'aircrack-ng' already exists and is not a directory"..

Last spoonfeeding I am doing this week


svn co http://trac.aircrack-ng.org/svn/branch/1.0-dev aircrack-ng
cd aircrack-ng
make
make install



Type that

If it doesn't work your doing something wrong.

svn co http://trac.aircrack-ng.org/svn/branch/1.0-dev
cd 1.0-dev

*"svn: 'aircrack-ng' already exists and is not a directory"..
delete the aircrack-ng folder that is in root that you FORGOT to remove or follow what I posted and do the same next time.

WORKS!!! Thanks guys !

theprez98,
I finnaly got time to figure out my problems when trying it. I used :
wesside-ng -i ath0 -n 192.168.1.1 -v APMAC -a MYMAC

I never realized my current network setup caused it all sorts of problems where it would guess the wrong IP.

I use a BEFSR41 V3 behind my Cable Modem which splits off to 4 other connections. My wireless Access point sits behind another befsr41 acting as a switch but my AP uses dhcp forwarding to the main router. Oops :)

*128bit wep
Owned in 1.27 minutes

Got a Q. Trying to attack my Linksys router, but it's not working. Already checked the aircrack forum, nothin.

airmon-ng stop ath0
airmon-ng start wifi0

bt ~ # wesside-ng -i ath0 -a 00:20:a6:58:a3:29 -v 00:14:BF:1E:B1:72

Can't set mac
[14:56:56] Using mac 00:20:A6:58:A3:29
[14:56:56] WARNING: Appending in wep.cap
[14:56:56] Looking for a victim...
[14:56:56] Found SSID(linksys) BSS=(00:14:BF:1E:B1:72) chan=6
[14:56:56] Authenticated
[14:56:56] Associated (ID=11)
[14:56:56] Key index=58!!
bt ~ #

And that's it. Key Index 58? Not sure what this means.

Proxim Atheros card. Anyone have any suggestions??

This functionality will be available in a future release. It is NOT available currently.
Read over the example listed on the site and figure out where it's going wrong.

So, that's a no. Lol

So, that's a no. Lol

What part of its not yet fully funtional dont you get. If your not into modifying scripts your self then you should probably wait for a stable release

Sounds good. Thanks

Tried wesside-ng r609 on an ipw3945 (ipwraw) ... gets all the way to the Found SSID part, but then I get a continuous ERROR Max retransmits for (30 bytes)

Tried wesside-ng r609 on an ipw3945 (ipwraw) ... gets all the way to the Found SSID part, but then I get a continuous ERROR Max retransmits for (30 bytes)

Leave it running, this often happens, but it gets there in the end mostly.
Remember that they say it can take an hour.

Tried wesside-ng r609 on an ipw3945 (ipwraw) ... gets all the way to the Found SSID part, but then I get a continuous ERROR Max retransmits for (30 bytes)

Failure to setup wifi0 and rtap0 correctly would be one reason you receive this. Works fine for me.

what kind of card are you using?

Failure to setup wifi0 and rtap0 correctly would be one reason you receive this. Works fine for me.

So I'm officially a f***ing tard: I did not set the channel upon loading the ipwraw drivers :(

nice work thanks

the max of 30 bytes error can be solved by lower your rate or get closer to the ap usualy..........

the max of 30 bytes error can be solved by lower your rate or get closer to the ap usualy..........

Niiice... I just tested and confirmed this with my wusb54gc dongle by setting the rate to 11M after walking outside back and forth outside of my house... :cool:

don't forget it's based on a poc which is becoming a software....it's a beta...and dev is slow....

have you ever try airserv-ng it's my new toy of the moment....i really want to manage to make it work well...not so easy...

Hello Shaman,

I see your reply, is the lowest speed 1M ? or can I also make the rate lower.
And with what speed does your card work?

Becourse it gives the same error with 1 M, in my rt73 alfa card.

durana

[09:56:09] Using mac 00:0E:2E:CE:66:39
[09:56:09] Looking for a victim...
[09:56:10] Found SSID() BSS=(00:1B:54:8E:80:D0) chan=5
[09:56:10] Authenticated
[09:56:10] Authenticated
[09:56:10] Authenticated
[09:56:11] Authenticated
[09:56:11] Authenticated
[09:56:11] Authenticated
[09:56:11] Authenticated
[09:56:11] Authenticated
[09:56:11] Authenticated
[09:56:11] Authenticated
[09:56:11] Authenticated
[09:56:11] ERROR Max retransmists for (30 bytes):
B0 00 FF 7F 00 1B 54 8E 80 D0 00 0E 2E CE 66 39 00 1B 54 8E 80 D0 00 00 00 00 01 00 00 00
[09:56:11] Authenticated
[09:56:12] ERROR Max retransmists for (30 bytes):
B0 00 FF 7F 00 1B 54 8E 80 D0 00 0E 2E CE 66 39 00 1B 54 8E 80 D0 00 00 00 00 01 00 00 00
[09:56:12] Authenticated
[09:56:12] ERROR Max retransmists for (30 bytes):
B0 00 FF 7F 00 1B 54 8E 80 D0 00 0E 2E CE 66 39 00 1B 54 8E 80 D0 00 00 00 00 01 00 00 00
[09:56:12] Authenticated
[09:56:12] ERROR Max retransmists for (30 bytes):
B0 00 FF 7F 00 1B 54 8E 80 D0 00 0E 2E CE 66 39 00 1B 54 8E 80 D0 00 00 00 00 01 00 00 00
[09:56:12] Authenticated
[09:56:12] ERROR Max retransmists for (30 bytes):
B0 00 FF 7F 00 1B 54 8E 80 D0 00 0E 2E CE 66 39 00 1B 54 8E 80 D0 00 00 00 00 01 00 00 00
and keep going with Authenticated and ERROR

do you have any idea?
thanks

http://www.aircrack-ng.org/doku.php?id=wesside-ng


"ERROR Max retransmists" message

You get an error similar to the following while running the program:

[18:23:49] ERROR Max retransmists for (30 bytes): B0 00 FF 7F 00 1A 70 51 B0 70 00 0E 2E C5 81 D3 00 1A 70 51 B0 70 00 00 00 00 01 00 00 00

This can be caused if the AP does not acknowledge the the packets you are sending. Try getting closer to the AP.

Another reason is that the internal state machine of wesside-ng is confused. This typically happens when there is other wireless packets picked up and the state machine does not properly interpret them. Remember, this is still proof-of-concept code and not completely stable. Just try rerunning wesside-ng.

right, thanks

I know we have already talked a little bit about this tool (only available in the development version), but wow...
bt ~ # wesside-ng -i ath1 -a XX:XX:XX:XX:XX:XX -v XX:XX:XX:XX:XX:XX
...
KEY=(XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX)
Owned in 2.68 minutes
One command line: interface, own map, ap mac, and go. 128 bit wep done in 2.68 minutes from hitting the enter key.

Interestingly enough, the .cap file had 40,000 packets and aircrack-ptw was unable to find the key using this file, even though wesside-ng does in fact use the ptw attack.


i could not get it to run using your command line, however it i wish to target a specific AP or command line usng this

wesside-ng -i wlan0 -v XX:XX:XX:XX:XX:XX

where XX:XX:XX:XX:XX:XX is the access point mac address you wish to attack............................great tool

Yes the error can be due to the distance from the AP or the type of card you are using. Have a look at the aircrack website for supported cards.

[09:56:11] ERROR Max retransmists for (30 bytes):
B0 00 FF 7F 00 1B 54 8E 80 D0 00 0E 2E CE 66 39 00 1B 54 8E 80 D0 00 00 00 00 01 00 00 00

I have tested wesside-ng with the rt2500, rt2573 and Alfa r8180's and it works perfectly
Also, update aircrack with Fast-track.

hei,

I still haven't managed to hack into my own wlan :( wep 128
tried it with wesside-ng -i ath0 -v 00:xx:xx:xx:xx

and I am running in this ERROR Max retransmists for (30 bytes): B0 00 FF 7F ,

so I added the -k 1 option

and it just got 3 times bytes of prga (12bytes, 36 bytes and 144 bytes) in 20min! - so I break up and check the wep.cap with aircrack-ng -n 128 --bssid xx:xx:.. wep.cap (only 42 IVs!) but it cant work with this handfull IVs

also method with aireplay-ng -2 -b .. was lacking of received data

AP is Buffalo 4m away (still to close?)

btw I did the aireplay-ng injection test, just to be sure but One thing is very strange: if I do it the xploitz, manual way - when starting in monitored mode airmon-ng start wifi0 under both interfaces it outputs /usr/local/sbin/airmon-ng: line 35: lsmod: command not found - so I run lsmod , not kown! try to locate lsmod in /usr/ und /sbin/ but if I want to cat both looking if evrth. is allright it cant and sys to many levels of smbolic links - like there are just symlinks missing the original - google wasnt helpfull

maybe somebody has a clue

BT3 PCMCIA AR5413 abg IBM thinkpad