Re: [ announce ] hackattack!
 

Re: [ announce ] hackattack!
 

Just published a simple guide for the very beginners: following it anyone will be able to properly set wifite (with the wepon/wepoff method brought to us by vi_, many thanks to him) and to crack a WEP key in minutes:

http://laboratorio.torpedo48.it/noki...ully-automated

@vi_: I'll be honoured if you insert a link to this guide in your article, so that everyone can follow the guide and install your awesome work ;)

Re: [ announce ] hackattack!
 

Seriously the last 10posts have nothing to do with this topic?..

EDIT:.
Lawl didn't notice post 2... But seriously the 2 scripts have nothing in common and makes the thread discussion ******ed.

Re: [ announce ] hackattack!
 

Why do you say that? We are discussing about the scripts provided in the original posts, so I think they're pretty on-topic:confused:

Re: [ announce ] hackattack!
 

In response to some PMs I am getting.

1. If you are having difficulty installing this, persevere. It is how ALL of us learned to do this stuff in the first place. My first linux computer was a hp jornada 680, it didn't even have a gui when I started. It took me over a week (see over 20 hours) of hitting my head off a concrete penguin just to connect the thing to my university's wifi. It was back when WPA supplicant had EVEN LESS DOCUMENTATION. Point is, just persevere, you will be a better person after it!

2. Rainbow tables for WPA. MUTS from backtrack had a hand in generating these rainbow tables. These beasts are around 2GB in size each and only the top 200 ssids are covered. I estimate an n900 might be able to crunch through these 49 MILLION(!) password dictionaries in around an hour.

Be warned, some of these tables are broken, for example the belkin54g table (I think) has a capital letter at the start (DOH!) rendering it completely worthless (unless someone changed their SSID to it)

Re: [ announce ] hackattack!
 

[QUOTE=stevomanu;1031301]
my metaspliots work good but it tells mee a error when i start it
the ruby1.8-openssl?????

Re: [ announce ] hackattack!
 

Omg WPA rainbow tables! I've been meaning to get off my *** and find some, but now I don't have to work for it. Thank you!

Re: [ announce ] hackattack!
 

well then, just for you mentalist here are the previous incarnation of said tables. These are 1 million word dictionary tables for the top 1000 SSIDS. These are a little more portable at on 40MB each.

Hey...WPA brute-forcing on the N900 may not be such a crazy idea after all!

I think this is a thompson speedtouch/bthomehub rainbow table too.

Re: [ announce ] hackattack!
 

Speedtouch keys even WPA can be derived from SSID: stkeys on n900 and speedtouched for windows?

How can these tables be specific for a manufacturer? If we change the password then they fail also, or am I wrong?

Re: [ announce ] hackattack!
 

Stkeys USED to work before they changed the algorithm. Now the hex characters at the end of the speedtouch SSID cannot be used to derive the key. However, the key IS still produced from the devices serial number (or something like that). This reduces the potential keyspace significantly. i.e. The length of the key is known, The character set is known and the format of the serial number is known.

I am not sure I understand what you mean. The rainbow table is for a network with that specific SSID. In 'short laymans not really true terms':

WPA key=SHA1SUM(SSID+PASSWORD)

Thus we need a specific table for any given SSID (unlike LANMAN windows table). It has nothing to do with manufacturer, it just so happens than belkin, netgear etc. use their own name as the default SSID and as such that SSID will become one of the most common. In addition to this humans are predictable in their choice of SSID. How many 'skynet's and 'myhome' wifi networks have you seen?

see

and

I love this one, it is like reading a geek thriller.

Re: [ announce ] hackattack!
 

Oh i actually just noticed this thread is here

just a bottom line

N900 can hack WEP easily
N900 can hack WPA hardly using rainbow tables
N900 can't hack WPA with normal handshake (it will take for ever)


BUT N900 can hack WPA easily with easy-debian after installing dhcp3
apache2 apache2-mod-php5 and aircrack-ng suit also iptables and iproute

then simply create a fake ap with dhcp3 server and apache2 and in addition to a phisher web page wich has the same bssid and esside of the target (but not he same channel)
then i DOS the orginal AP so the target will automaticly connects to my fake ap ( windows problem)


in my case i use a fake web page
telling the owner that a new firmware has been installed to his router (i know the type of his router with kismet) to create the perfect phisher

and a reconfigure of wep/wpa key is required
so when he enters the key
i get it directly to my n900

That is my way to hack WPA with N900

PS: just linked this thread in my thread
soon with these beautiful threads we would have a super N900

Re: [ announce ] hackattack!
 

Lol at the social engineering approach. That's always fun.

In the meantime, I think if you have access to some 3G internet and have a server running at home you can SSH into, you should be more that able to launch more hardcore attacks against WPA networks that don't fall prey to your basic on-board rainbow tables.

One thing of possible concern: http://forum.aircrack-ng.org/index.php?topic=5965.0

Looks like the tables provided by Offensive Security have a bunch of invalid passwords. Well, that post is from 2009 so that may have changed by now, but figured I'd mention it and if anyone knows better, they can speak up.

Re: [ announce ] hackattack!
 

[QUOTE=zozeta2;1031386]
you care to share your metaspliots with us then ??

Re: [ announce ] hackattack!
 

there is an exploit (not public) with wpa/wpa2 system
i forgot what is it called wich allows to easily hack wpa just like wep
PS: IT IS NOT TKIPTUN-NG (another one)
but it is the reason that they will launch another security system
maybe 2013

Re: [ announce ] hackattack!
 

Here is my output :

There is many networks in range including my ad-hoc network (home3), the script attacks it first and when i press ctrl & c to change it i get whats written above.
and i have to close xterm and open it again to be able to type 'wepoff'
N.B: Thats of course for scientifical and geological purposes only

Re: [ announce ] hackattack!
 

It seems that the only errors you get are the pexpect one and the python-tk one, althought they are not needed for the attack... Try an apt-get install pexpect, but I don't think it will do much. Is your python up-to-date?

Sorry but I can't really think about any cause for your problem, if you have carefully followed the guide and you're using the modified kernel-power or kernel-power v47 wifite should work properly, you are the first encountering problems. :confused:

Re: [ announce ] hackattack!
 

Yes, my pythin version is the latest. And i think what happened is because home3 (my network) is an ad-hoc [shared LAN connection through wireless laptop]
Is there a way that i can choose which network i can crack ? so it doesn't auto. choose home3 ?

Re: [ announce ] hackattack!
 

Yes. edit the 'wepon' script. comment out the line that puts the device into monitor mode. This will force wifite to put your card into monitor mode (didnt work right for me, apparently worked for mr_pingu).

This will cause wifite to enter a different scan mode and allow network selection.

Re: [ announce ] hackattack!
 

hi
after 10 h of playing with my n900 ( flash and install all ...) i manage to instal the script but ...

Re: [ announce ] hackattack!
 

I'm now stuck with arp replay attack on XXXX captured # ivs
then chop-chop attack
what is wrong here ?

Re: [ announce ] hackattack!
 

I really don't know what's going on here, there's obviously something wrong with your wifites but... What? I've tried searching for wifite's dependences but they all seem to be satisfied here.

Have you used particular tweaks and/or procedures that may have f*****d up your wifi's or network's settings?

Re: [ announce ] hackattack!
 

new pic better quality
i flash my n900 and install all from 0 no tweaks
also injection rate is slow. any tips ...

Re: [ announce ] hackattack!
 

Nope, nothing at all
did this work with some1 else here ?
should i edit wepon like vi_ and mr_pingu said to be like that :

i.e. : airmon-ng start wlan0 insted of ifconfig wlan0

Re: [ announce ] hackattack!
 

No, content of wepon should be:

And yes, it works for me and many others.

Re: [ announce ] hackattack!
 

Success,
i didn't waste a day trying to this working :o.
http://laboratorio.torpedo48.it/noki...ully-automated

but make sure you put the codes

#!/bin/sh
#wifite starter
/opt/wifi_mon/load.sh
sleep 2
ifconfig wlan0 down
sleep 1
iwconfig wlan0 mode monitor
sleep 1
ifconfig wlan0 up
sleep 1
python /opt/wifi_mon/wifite.py --power 12 --pps 500 --anon



#!/bin/sh
/opt/wifi_mon/unload.sh


http://talk.maemo.org/showthread.php?t=74081

Re: [ announce ] hackattack!
 

If something is not right you should load the drivers manually by cd into the drivers folder and sh load.sh ;)

Then do python /opt/wifi_mon/wifite.py
Or better download wifite.py from wifite homepage and do python /home/user/MyDocs/wifite.py

This way you filter out any error in vi_'s script, but I am almost sure there is nothing wrong with vi_'s script!!!

Re: [ announce ] hackattack!
 

Sorry, I can't understand where the error was. Is that something wrong in my guide? What have you done in order to succeed?

Re: [ announce ] hackattack!
 

i instal step buy step from your website but is not working. i didnt seen the codes on your website

#!/bin/sh
#wifite starter
/opt/wifi_mon/load.sh
sleep 2
ifconfig wlan0 down
sleep 1
iwconfig wlan0 mode monitor
sleep 1
ifconfig wlan0 up
sleep 1
python /opt/wifi_mon/wifite.py --power 12 --pps 500 --anon



#!/bin/sh
/opt/wifi_mon/unload.sh


the program worked after i put the codes manual. i dont know why.

Re: [ announce ] hackattack!
 

That's because they are included in Step 3's package, try downloading it, extracting wepon and wepoff and read them, ta-daaaaaa codes inside ;)

Re: [ announce ] hackattack!
 

dooohhh
man sorry i am a noob

Re: [ announce ] hackattack!
 

No problem, we all started somewhere ;)

Could you please tell me where your error was, so that I can make the guide even easier? You didn't properly follow step 3, did you? :)

Re: [ announce ] hackattack!
 

please look on post 62
theni i put the codes in xterm ( as root) and the program worked

Re: [ announce ] hackattack!
 

Only load the bleeding edge drivers and let wifite do the rest ;)
Prove attached :P :D

I runned it without the --power --pps and --anon, just normal


You may like this piece of code which has the anonymous mode, power above 12 and 500 packets per second still enabled as vi_ proposed ;)

Re: [ announce ] hackattack!
 

In the begining of the attack it says that packages pyritt and cowpatty are missing, should i install them ?

Re: [ announce ] hackattack!
 

nope, it will run fine without them, macchanger should you install tho ;)

Re: [ announce ] hackattack!
 

You can run the non-patched wifite.py, just give your /tmp more space as it dumps .ivs there (standard 1MB allows for only ~70000, so 32MB should be enough for anybody):

sudo mount -o remount,size=32M /tmp

and you're good to go

Re: [ announce ] hackattack!
 

i'm new on this so called wepon...i have install everything & able to run the program with just one question???
after we start attacking any connection does the password will be reveal at the end or do we have you decrypt it like faircrack????
i'm asking cause i couldnt run the program to the end due to dry out battery...

Re: [ announce ] hackattack!
 

yes it shows the exact password as saved by the user ;)


http://laboratorio.torpedo48.it/noki...ully-automated

look at the end part of the video it will answer you :P

Re: [ announce ] hackattack!
 

Thanks

Since I don't like being /tmp taking up rootspace, can't we mount it on opt? Dang here you see I am only a 3 months old linux user and lacks experience :(
Generally I want to have /tmp/ taking up /opt/ space instead of root space since I don't like the idea of root becoming full after using this. Maybe symlinking?

Re: [ announce ] hackattack!
 

Fret not my son.

All we have to do is change where wifite dumps it's temporary files.

run in xterm:

This edits wifite to use /opt/tmp as the tmp folder, then checks to see if /opt/tmp exists and creates it if not.

Viola, no more /tmp/ restrictions!