Active Topics
-
Is there a section to talk about Java ME? Apps, etc. (3)
to General by Kalatti - 1 day, 10 hrs ago - more...
 |
|
2011-01-02
, 11:01
|
|
Posts: 63 |
Thanked: 12 times |
Joined on Feb 2010
@ Thessaloniki Greece
|
#42
|
Correct me if I'm wrong but most wifi networks nowadays are WPA. Not WEP. Is there a tutorial on how to use aircrack in WPA networks?
 |
|
2011-01-02
, 11:07
|
|
Posts: 820 |
Thanked: 436 times |
Joined on May 2010
@ Portsmouth, UK.
|
#43
|
Originally Posted by crabsody
Yes, there are many. Use the wiki over at www.aircrack.org.
Correct me if I'm wrong but most wifi networks nowadays are WPA. Not WEP. Is there a tutorial on how to use aircrack in WPA networks?
| The Following User Says Thank You to James_Littler For This Useful Post: | ||
 |
|
2011-01-02
, 11:28
|
|
Posts: 330 |
Thanked: 483 times |
Joined on Dec 2010
@ Norwich, UK
|
#44
|
Originally Posted by crabsody
Yes it is possible but not feasable. Particularly on a device like the N900. WEP can be cracked from data packet because each IV (initilasation vector) carries a small piece of the password. The algorythms can then work out from enough IVs what the complete password is.
Correct me if I'm wrong but most wifi networks nowadays are WPA. Not WEP. Is there a tutorial on how to use aircrack in WPA networks?
With WPA, you must force a host to deauthenticate a client, forcing them to reconnect. You can then capture what's called a wpa handshake which can be used to find the password. However, you cannot crack wpa, you must bruteforce it. This means that you must compare it against wordlists and if the key isnt in the wordlist, you're not getting the password.
For instance, an 8-digit alphanumeric case-ensitive wpa key would have up to 62771017353866807638357894232076664161023554444640 34512896 different combinations. And this is WITHOUT symbols.
On the same basis, a 64-digit wpa key would have up to 39402006196394479212279040100143613805079739270465 44666794829340424572177149721061141426625488491564 0806627990306816 different combinations.
In short, it's possible but not feasible. Bearing in mind that a device like the N900 could probably only check a couple hundred keys per second. The best you could do is capture the handshake with the N900 then use a desktop to attempt to crack the password.
__________________
OMNOM: Pacman-like game now in extras-devel
fAircrack (Aircrack GUI): Point-and-click pwnage for your N900
Now with John the Ripper integration
OMNOM: Pacman-like game now in extras-devel
fAircrack (Aircrack GUI): Point-and-click pwnage for your N900
Now with John the Ripper integration
|
|
2011-01-02
, 11:43
|
|
Banned |
Posts: 358 |
Thanked: 160 times |
Joined on Dec 2010
|
#45
|
I think most likely you have to change your macaddress first when playing with aircrack 
.
EDIT: Do you want to say that the combinations is calculated like this:
10! + 26! + 26! for numbers and letters?
Please help!
Last edited by epitaph; 2011-01-02 at 14:36.
.EDIT: Do you want to say that the combinations is calculated like this:
10! + 26! + 26! for numbers and letters?
Please help!
Last edited by epitaph; 2011-01-02 at 14:36.
|
|
2011-01-03
, 19:06
|
|
Posts: 48 |
Thanked: 8 times |
Joined on Apr 2010
|
#46
|
Well WEP is a joke, taking approximately 5 minutes to crack any key!
As mentioned WPA is just not possible to crack unless the passphrase is a dictionary word.
This is when you turn to more imaginative methods, such as using airbase-ng in conjunction with a web server, to fake an AP and request the user's passphrase for "authentication" aka phishing. Not easily implemented on a mobile device let alone a desktop terminal.
The inherent weakness of WPA/WPA2 is that people set passwords that are "easy to remember" or that are relatively short in length. Each time you extend your passphrase by one character you theoretically multiply the previous number of possible combinations by 94!
As mentioned WPA is just not possible to crack unless the passphrase is a dictionary word.
This is when you turn to more imaginative methods, such as using airbase-ng in conjunction with a web server, to fake an AP and request the user's passphrase for "authentication" aka phishing. Not easily implemented on a mobile device let alone a desktop terminal.
The inherent weakness of WPA/WPA2 is that people set passwords that are "easy to remember" or that are relatively short in length. Each time you extend your passphrase by one character you theoretically multiply the previous number of possible combinations by 94!
| The Following User Says Thank You to bro3886 For This Useful Post: | ||
|
|
2011-01-03
, 19:15
|
|
Posts: 330 |
Thanked: 483 times |
Joined on Dec 2010
@ Norwich, UK
|
#47
|
Originally Posted by epitaph
It was a while ago I worked it out but I think the maths was along the lines of:
I think most likely you have to change your macaddress first when playing with aircrack
EDIT: Do you want to say that the combinations is calculated like this:
10! + 26! + 26! for numbers and letters?
Please help!
Letters = 52 (small and caps)
Numbers = 10 (0-9)
8 to the power of 62
(I think. Whatever it is, a word list that is guaranteed to crack ANY wpa key (including special characters, and up to 64 digit keys) would be thousands of terabytes.)
__________________
OMNOM: Pacman-like game now in extras-devel
fAircrack (Aircrack GUI): Point-and-click pwnage for your N900
Now with John the Ripper integration
OMNOM: Pacman-like game now in extras-devel
fAircrack (Aircrack GUI): Point-and-click pwnage for your N900
Now with John the Ripper integration
| The Following User Says Thank You to FRuMMaGe For This Useful Post: | ||
 |
|
2011-01-05
, 15:54
|
|
Posts: 1,103 |
Thanked: 368 times |
Joined on Oct 2010
@ india, indore
|
#48
|
Originally Posted by menthor
i am trying to findout my own WEP key which of ten digit but stuck here can anyone help me???
hallo i just like to share my experience...
N900 how to crack a WEP key with it... Today i have success of crackin my own WEP key ... exact commands
Ifconfig wlan0 down
iwconfig wlan0 mode monitor
if config wlan0 up
aireplay wlan0 -9 (note the MAC adress)
airodump-ng -w (what ever you want filename) -c (channel)
--bssid (noted mac adress) wlan0
after 1hour and 12 minutes i had 50 000 packages
ctrl+c (ctrl on the screen) aircrack-ng (name of the file you typed .cap) 1 minute after that =) i haved the correct key
Note: all that is with root access
if you do it with notebook dont use wlan0 in my ubuntu is mon0 after makin a monitor mode ... oh and there is a aireplay -0 1 -a mac adress wlan0 for deauth but if you dont know what that is you can simply w8 share your experience after tryin this ... and btw i saw that some guys in the forum says that they need some drivers for injection or something ... LIE ... maybe you ned it for WPA but no for WEP ...
also tell is this method correct to crack a WEP key
i have installed rootsh aircrack-ng and macchanger also
Last edited by nicholes; 2011-01-05 at 16:02.
|
|
2011-01-05
, 16:14
|
|
Banned |
Posts: 358 |
Thanked: 160 times |
Joined on Dec 2010
|
#49
|
Originally Posted by nicholes
Do you know Linux? Do you know the bash? Do you know x-terminal?
i am trying to findout my own WEP key which of ten digit but stuck here can anyone help me???
also tell is this method correct to crack a WEP key
i have installed rootsh aircrack-ng and macchanger also
I suggest you type air in to your rootshell and tap "TAB" then you will all available programs starting with air*.
Unfortunatley it doesn't work the other way and listing all programs ending with air. I supposed you don't know either how to code a trie neither do the shell-coder knows it?
But I have installed aircrack-ng too and I have airreplay-ng.
|
|
2011-01-05
, 16:25
|
|
Posts: 1,103 |
Thanked: 368 times |
Joined on Oct 2010
@ india, indore
|
#50
|
ok he did not tell me to type -ng after aireplay well now there is new problem here is see image and plz help me
blag.com
Last edited by stevomanu; 2010-09-07 at 21:01. Reason: added info