Active Topics
-
The N900 is now 15 years old! (9)
to Nokia N900 by Arno_11 - 16 hrs, 17 mins ago -
Sailfish OS for the Motorola Moto G7 Power (XT1955-5) - (ocean) (4)
to SailfishOS by Maemish - 6 days, 4 hrs ago - more...
|
2011-02-16
, 02:15
|
|
Posts: 224 |
Thanked: 155 times |
Joined on Jan 2011
|
#482
|
Well, success finally for me, but the conclusion I've come to is:
deauth is as critical for wep as it is for wpa
why?
I ran faircrack with nothing connected to my router and the injection screen showed no arp packets.
I shut down faircrack, and connected my pc to wifi, then started faircrack - same problem, no arp packets, so no injection. did some surfing on my pc, still no arp packets.
left faircrack running, disconnected my pc and reconnected it, suddenly the injection screen lit up like a christmas tree.
Also, on a funny note, i collected 50,000 iv's and then clicked on decrypt and it seemed to crash, but in fact it had run properly in a few seconds and the key was available in the key tab. it took me a while to figure that out though, i though it was crashing and couldn't handle a large number of iv's.
But yeah... I hope a deauth option will be available in the next release, and may i be bold and say that this is really all this software needs to be perfect, at least for wep..
actually, can anyone provide the manual command line way of issuing a deauth for the time being?
edit: actually, found it:
Usage
aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:34:30:30 ath0
Where:
*
-0 means deauthentication
*
1 is the number of deauths to send (you can send multiple if you wish); 0 means send them continuously
*
-a 00:14:6C:7E:40:80 is the MAC address of the access point
*
-c 00:0F:B5:34:30:30 is the MAC address of the client to deauthenticate; if this is omitted then all clients are deauthenticated
*
ath0 is the interface name
omiting -c seems evil but also seems to guarantee generating an arp packet...
Last edited by leetnoob; 2011-02-16 at 02:19.
deauth is as critical for wep as it is for wpa
why?
I ran faircrack with nothing connected to my router and the injection screen showed no arp packets.
I shut down faircrack, and connected my pc to wifi, then started faircrack - same problem, no arp packets, so no injection. did some surfing on my pc, still no arp packets.
left faircrack running, disconnected my pc and reconnected it, suddenly the injection screen lit up like a christmas tree.
Also, on a funny note, i collected 50,000 iv's and then clicked on decrypt and it seemed to crash, but in fact it had run properly in a few seconds and the key was available in the key tab. it took me a while to figure that out though, i though it was crashing and couldn't handle a large number of iv's.
But yeah... I hope a deauth option will be available in the next release, and may i be bold and say that this is really all this software needs to be perfect, at least for wep..
actually, can anyone provide the manual command line way of issuing a deauth for the time being?
edit: actually, found it:
Usage
aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:34:30:30 ath0
Where:
*
-0 means deauthentication
*
1 is the number of deauths to send (you can send multiple if you wish); 0 means send them continuously
*
-a 00:14:6C:7E:40:80 is the MAC address of the access point
*
-c 00:0F:B5:34:30:30 is the MAC address of the client to deauthenticate; if this is omitted then all clients are deauthenticated
*
ath0 is the interface name
omiting -c seems evil but also seems to guarantee generating an arp packet...
Last edited by leetnoob; 2011-02-16 at 02:19.
| The Following User Says Thank You to leetnoob For This Useful Post: | ||
|
|
2011-02-16
, 05:34
|
|
Posts: 224 |
Thanked: 155 times |
Joined on Jan 2011
|
#483
|
Hi,
With regards to wpa , this might be useful:
http://www.renderlab.net/projects/WPA-tables/
33gb wordlist with over 1mil words and mutations of words. and a smaller 7gb wordlist
however someone says: "Just so you know, these are pre-computed rainbow [lookup] tables. They are not word lists lists that can be used directly as a "dictionary" input to aircrack-ng. They need to be first processed by airolib-ng and turned into a database which in turn can be read by aircrack-ng."
But these lookup tables allow you to process 30/40 thousand keys per second. I was getting 30 (not thousand) keys per second using john the ripper on my n900.
So I think without some kind of prehash file that can be read, the the show is over for wpa on the n900.
edit: cowpatty and/or aircrack integration
http://www.aircrack-ng.org/doku.php?id=airolib-ng
Last edited by leetnoob; 2011-02-16 at 06:34.
With regards to wpa , this might be useful:
http://www.renderlab.net/projects/WPA-tables/
33gb wordlist with over 1mil words and mutations of words. and a smaller 7gb wordlist
however someone says: "Just so you know, these are pre-computed rainbow [lookup] tables. They are not word lists lists that can be used directly as a "dictionary" input to aircrack-ng. They need to be first processed by airolib-ng and turned into a database which in turn can be read by aircrack-ng."
But these lookup tables allow you to process 30/40 thousand keys per second. I was getting 30 (not thousand) keys per second using john the ripper on my n900.
So I think without some kind of prehash file that can be read, the the show is over for wpa on the n900.
edit: cowpatty and/or aircrack integration
http://www.aircrack-ng.org/doku.php?id=airolib-ng
Last edited by leetnoob; 2011-02-16 at 06:34.
|
|
2011-02-16
, 05:44
|
|
Posts: 110 |
Thanked: 14 times |
Joined on Sep 2010
|
#484
|
Originally Posted by kingoddball
yup i did... after authenticating with the ap i fired up nmap to see any clients on that ip range then i did the usual... got my netbook to connect then from there i simply did \\sharename\C$
Anyone here gone beyond the wifi password, yet? Anyone gained access?
|
|
2011-02-16
, 08:41
|
|
Posts: 156 |
Thanked: 29 times |
Joined on Jul 2010
@ Pakistan
|
#485
|
I am waiting for v0.4 with deauthentication, because right now cracking WPA feels like chasing a ghost.
|
|
2011-02-16
, 08:54
|
|
Posts: 529 |
Thanked: 194 times |
Joined on Aug 2010
@ UK
|
#486
|
Originally Posted by SalmanAbbas
I am waiting for v0.4 with deauthentication, because right now cracking WPA feels like chasing a ghost.
why cant you do it manually in xterm while using the prgram , its not hard !!
__________________
|
|
2011-02-16
, 08:58
|
|
Posts: 156 |
Thanked: 29 times |
Joined on Jul 2010
@ Pakistan
|
#487
|
How do v put up and load a dictionary?
Last edited by SalmanAbbas; 2011-02-16 at 09:01.
Last edited by SalmanAbbas; 2011-02-16 at 09:01.
|
|
2011-02-16
, 09:00
|
|
Posts: 156 |
Thanked: 29 times |
Joined on Jul 2010
@ Pakistan
|
#488
|
Originally Posted by stevomanu
Any ideas on how to do that?
why cant you do it manually in xterm while using the prgram , its not hard !!
|
|
2011-02-16
, 09:51
|
|
Posts: 309 |
Thanked: 115 times |
Joined on May 2010
@ Malaysia
|
#489
|
hello..sorry if this question has been asked before..but i can't seem to use the injections anymore before installing CSSU, it worked like a charm..but i dunno if CSSU leads to the prob..
anyone with installed CSSU managed to get injection working?
...it says
insmod: error inserting "compat.ko": -1 invalid module format
same with other .ko files..
anyone with installed CSSU managed to get injection working?
...it says
insmod: error inserting "compat.ko": -1 invalid module format
same with other .ko files..
|
|
2011-02-16
, 10:09
|
|
Posts: 182 |
Thanked: 84 times |
Joined on Jul 2010
@ Jordan
|
#490
|
Originally Posted by one1002
i'v just fix it
hello..sorry if this question has been asked before..but i can't seem to use the injections anymore before installing CSSU, it worked like a charm..but i dunno if CSSU leads to the prob..
anyone with installed CSSU managed to get injection working?
...it says
insmod: error inserting "compat.ko": -1 invalid module format
same with other .ko files..
1-try to remove the ssu
2- install it again
3- re-install the bleeding-edge
4-now u can use faircrack
i hope that will help u,update me
 |
| Tags |
| aircrack, aircrack-ng, epicfacepalm, pen testing, rtfm dude! |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
|
All times are GMT. The time now is 09:58.
There is no limit to the amount of digits you can use if you just load a dictionary instead.
You are correct though that it is not likely to work (in a reasonable amount of time) on a device like the N900. The only chance you have really is if it is just numbers and if you know the exact length of the key. From personal experience, most default passwords are either 8 or 10 digits long, although I have seen routers with passkeys of 32 and even 64 digits by default, although these tend to be only on industrial/business models. Most routers are made to be as simple to set up as possible, and Average Joe is not going to be happy having to type in a 64 digit key just to set up their connection for the first time.
Incidentally, I created a dictionary containing every number from 00000000 to 99999999 and it comes to 854.3MB, which is not too bad.
OMNOM: Pacman-like game now in extras-devel
fAircrack (Aircrack GUI): Point-and-click pwnage for your N900
Now with John the Ripper integration
Last edited by FRuMMaGe; 2011-02-16 at 01:47.