| Author |
Help With Wifi Hacking |
gamecheater
Member
Posts: 16
Location: Check your mother's room.
Joined: 18.09.07
Rank: Newbie |
|
|
I recently discovered wireless internet at my home, and whaddaya know. It is WEP protected. After some google searching I found a tutorial using the Aircrack suite and Backtrack 2. Everything seemed to be going well as for the tutorial, except I couldn't get a MAC address for one of the users of my target AP. Is there any other way other than using the aircrack suite (maybe kismet?) to get a MAC address of a user of my target AP? I have all the info needed other than that, I could probably still crack it but it would take weeks considering I dont have that MAC address for replaying the packets. |
|
| Author |
RE: Help With Wifi Hacking |
Infam0us
Member
Posts: 153
Location: 0x080484c6
Joined: 06.09.07
Rank: HBH Guru |
|
|
gamecheater wrote:
I recently discovered wireless internet at my home, and whaddaya know. It is WEP protected. After some google searching I found a tutorial using the Aircrack suite and Backtrack 2. Everything seemed to be going well as for the tutorial, except I couldn't get a MAC address for one of the users of my target AP. Is there any other way other than using the aircrack suite (maybe kismet?) to get a MAC address of a user of my target AP? I have all the info needed other than that, I could probably still crack it but it would take weeks considering I dont have that MAC address for replaying the packets.
You dont need a mac address for access point clients when cracking wep. You only need the SSID and the mac address of the access point. You only need the client mac addresses when cracking WPA and thats to disassociate them from the access point so you can sniff the key they are entering when re-authenticating with the AP (access point).
If your saying you can't get the mac address of the AP that doesn't make any sense, the mac addres is broadcast with every packet sent from the AP. Ive only seen people not broadcasting the SSID, and even that is really easy to get past..
"Never memorize what you can look up in books." -Albert Einstein
[img]javasc ript:alert(document.cookie);[/img] |
|
|
| Author |
RE: Help With Wifi Hacking |
jjbutler88
Colemak User
Posts: 590
Location:
Joined: 22.04.07
Rank: Guru |
|
Ok, for a start, what wireless card are you using? And if you know it, what chipset is it? There is a new version of backtrack out that ships with drivers patched for wireless injection, id recommend getting yourself a copy. So you want to know the mac address? Arn't you using airodump? it lists the mac addresses by default, as well as the ssids and channel. from theyre you just use aireplay to inject packets and get your delicious IV's.
If you have BT3 and are really stuck you could just try:
wesside-ng -i <interface>
|
|
| Author |
RE: Help With Wifi Hacking |
jjbutler88
Colemak User
Posts: 590
Location:
Joined: 22.04.07
Rank: Guru |
|
No, your right with injecting to get IV's. You have an atheros card, so you should be using madwifi-ng drivers, and will be good to go for cracking wep. Here are the basic steps you need to follow:
1) Putting your card in monitor mode. Do this with:
airmon-ng start wifi0
This should create a new VAP called ath1, next to it in brackets should be (Parent:wifi0)(Monitor mode enabled)
2) Start airodump-ng. This will display the MAC addresses of all AP's in range at the top, and clients for all the networks below, with what network (if any) they are connected to.
3) Use aireplay-ng to do a mass deauth, forcing everyone to reconnect and send IV's. Have a look at airodump while aireplay is running. If all is well, the number of IV's next to the targeted network should be rising steadily, hopefully quite fast.
Edited by jjbutler88 on 04-07-08 11:17 |
|
|
| Author |
RE: Help With Wifi Hacking |
gamecheater
Member
Posts: 16
Location: Check your mother's room.
Joined: 18.09.07
Rank: Newbie |
|
|
Thanks for all the help, within one hour I had the recommended 1.5 million IV's for a 128 bit WEP Key. I started aircrack, and it found the key within two minutes. |
|
|
Main:
