Active Topics

 



Notices


Reply
Thread Tools
Posts: 856 | Thanked: 1,681 times | Joined on Apr 2010 @ Aleppo ,Syria
#51
Oh i actually just noticed this thread is here

just a bottom line

N900 can hack WEP easily
N900 can hack WPA hardly using rainbow tables
N900 can't hack WPA with normal handshake (it will take for ever)


BUT N900 can hack WPA easily with easy-debian after installing dhcp3
apache2 apache2-mod-php5 and aircrack-ng suit also iptables and iproute

then simply create a fake ap with dhcp3 server and apache2 and in addition to a phisher web page wich has the same bssid and esside of the target (but not he same channel)
then i DOS the orginal AP so the target will automaticly connects to my fake ap ( windows problem)


in my case i use a fake web page
telling the owner that a new firmware has been installed to his router (i know the type of his router with kismet) to create the perfect phisher

and a reconfigure of wep/wpa key is required
so when he enters the key
i get it directly to my n900

That is my way to hack WPA with N900

PS: just linked this thread in my thread
soon with these beautiful threads we would have a super N900

Last edited by karam; 2011-06-18 at 13:53.
 

The Following 8 Users Say Thank You to karam For This Useful Post:
Posts: 2,225 | Thanked: 3,822 times | Joined on Jun 2010 @ Florida
#52
Lol at the social engineering approach. That's always fun.

In the meantime, I think if you have access to some 3G internet and have a server running at home you can SSH into, you should be more that able to launch more hardcore attacks against WPA networks that don't fall prey to your basic on-board rainbow tables.

One thing of possible concern: http://forum.aircrack-ng.org/index.php?topic=5965.0

Looks like the tables provided by Offensive Security have a bunch of invalid passwords. Well, that post is from 2009 so that may have changed by now, but figured I'd mention it and if anyone knows better, they can speak up.
 
Posts: 529 | Thanked: 194 times | Joined on Aug 2010 @ UK
#53
[QUOTE=zozeta2;1031386]
Originally Posted by stevomanu View Post
my metaspliots work good but it tells mee a error when i start it
the ruby1.8-openssl?????

you care to share your metaspliots with us then ??
__________________
METASPLOIT INSTALL N900
Keep the forums clean
Dont forget to say thanks
 
Posts: 856 | Thanked: 1,681 times | Joined on Apr 2010 @ Aleppo ,Syria
#54
there is an exploit (not public) with wpa/wpa2 system
i forgot what is it called wich allows to easily hack wpa just like wep
PS: IT IS NOT TKIPTUN-NG (another one)
but it is the reason that they will launch another security system
maybe 2013
 
AgogData's Avatar
Posts: 870 | Thanked: 133 times | Joined on Aug 2010
#55
Here is my output :

Code:
BusyBox v1.10.2 (Debian 3:1.10.2.legal-1osso30+0m5) built-in shell (ash)
Enter 'help' for a list of built-in commands.

~ $ root


BusyBox v1.10.2 (Debian 3:1.10.2.legal-1osso30+0m5) built-in shell (ash)
Enter 'help' for a list of built-in commands.

Nokia-N900:~# wepon
[!] unable to import pexpect
[!] if your chipset is intel4965; the fake-auth workaround will fail
[!] unable to import tkinter -- GUI disabled

  .;'                     `;,    
 .;'  ,;'             `;,  `;,   WiFite r78
.;'  ,;'  ,;'     `;,  `;,  `;,  
::   ::   :   ( )   :   ::   ::  mass WEP/WPA cracker
':.  ':.  ':. /_\ ,:'  ,:'  ,:'  
 ':.  ':.    /___\    ,:'  ,:'   designed for backtrack4
  ':.       /_____\      ,:'     
           /       \             

[+] WARNING: recommended packages/apps were not found pyrit, cowpatty
[+] targeting networks with signal power greater than 12dB
[+] set WEP replay pps: 500/sec
[+] anonymous mac address enabled

[+] searching for devices in monitor mode...
[+] using interface "wlan0"

[+] waiting 30 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 29 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 28 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 27 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 26 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 25 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 24 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 23 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 22 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 21 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 20 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 19 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 18 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 17 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 16 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 15 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 14 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 13 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 12 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 11 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 10 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 9 seconds for targets to appear. press Ctrl+C to skip the wait     [+] waiting 8 seconds for targets to appear. press Ctrl+C to skip the wait     [+] waiting 7 seconds for targets to appear. press Ctrl+C to skip the wait     [+] waiting 6 seconds for targets to appear. press Ctrl+C to skip the wait     [+] waiting 5 seconds for targets to appear. press Ctrl+C to skip the wait     [+] waiting 4 seconds for targets to appear. press Ctrl+C to skip the wait     [+] waiting 3 seconds for targets to appear. press Ctrl+C to skip the wait     [+] waiting 2 seconds for targets to appear. press Ctrl+C to skip the wait     [+] waiting 1 seconds for targets to appear. press Ctrl+C to skip the wait                            

[0:00:31] 2 targets and 1 clients found 

[+] added to attack list: "home3" (99dB)
[+] 1 access points targeted for attack

[+] estimated maximum wait time is 40 minutes
[+] changing mac address to 00:19:5D:4D:25:C3...  changed!

[+] attacking "home3"...
[0:09:58] changing mac to 18:86:ac:e1:5a:96...
[0:09:58] changed mac; continuing attack
[0:09:59] started arp replay attack on "home3"; Ctrl+C for options
[0:09:59] arp replay attack on "home3" captured 0 ivs (0/sec)                 Nokia-N900:/root#  
[0:09:59] stopping attack on "home3"...

[+] please select a menu option below:
   [c]ontinue attacking; 3 methods left
   [e]xit the program completely
[+] enter option (c, or e): Traceback (most recent call last):
  File "/opt/wifi_mon/wifite.py", line 3542, in <module>
    main() # launch the main method
  File "/opt/wifi_mon/wifite.py", line 920, in main
    attack(x - 1) # subtract one because arrays start at 0
  File "/opt/wifi_mon/wifite.py", line 2009, in attack
    attack_wep_all(index)
  File "/opt/wifi_mon/wifite.py", line 2472, in attack_wep_all
    typed=raw_input()
EOFError
There is many networks in range including my ad-hoc network (home3), the script attacks it first and when i press ctrl & c to change it i get whats written above.
and i have to close xterm and open it again to be able to type 'wepoff'
N.B: Thats of course for scientifical and geological purposes only
 
Posts: 489 | Thanked: 404 times | Joined on Dec 2009
#56
Originally Posted by AgogData View Post
Here is my output :

Code:
BusyBox v1.10.2 (Debian 3:1.10.2.legal-1osso30+0m5) built-in shell (ash)
Enter 'help' for a list of built-in commands.

~ $ root


BusyBox v1.10.2 (Debian 3:1.10.2.legal-1osso30+0m5) built-in shell (ash)
Enter 'help' for a list of built-in commands.

Nokia-N900:~# wepon
[!] unable to import pexpect
[!] if your chipset is intel4965; the fake-auth workaround will fail
[!] unable to import tkinter -- GUI disabled

  .;'                     `;,    
 .;'  ,;'             `;,  `;,   WiFite r78
.;'  ,;'  ,;'     `;,  `;,  `;,  
::   ::   :   ( )   :   ::   ::  mass WEP/WPA cracker
':.  ':.  ':. /_\ ,:'  ,:'  ,:'  
 ':.  ':.    /___\    ,:'  ,:'   designed for backtrack4
  ':.       /_____\      ,:'     
           /       \             

[+] WARNING: recommended packages/apps were not found pyrit, cowpatty
[+] targeting networks with signal power greater than 12dB
[+] set WEP replay pps: 500/sec
[+] anonymous mac address enabled

[+] searching for devices in monitor mode...
[+] using interface "wlan0"

[+] waiting 30 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 29 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 28 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 27 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 26 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 25 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 24 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 23 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 22 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 21 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 20 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 19 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 18 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 17 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 16 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 15 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 14 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 13 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 12 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 11 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 10 seconds for targets to appear. press Ctrl+C to skip the wait    [+] waiting 9 seconds for targets to appear. press Ctrl+C to skip the wait     [+] waiting 8 seconds for targets to appear. press Ctrl+C to skip the wait     [+] waiting 7 seconds for targets to appear. press Ctrl+C to skip the wait     [+] waiting 6 seconds for targets to appear. press Ctrl+C to skip the wait     [+] waiting 5 seconds for targets to appear. press Ctrl+C to skip the wait     [+] waiting 4 seconds for targets to appear. press Ctrl+C to skip the wait     [+] waiting 3 seconds for targets to appear. press Ctrl+C to skip the wait     [+] waiting 2 seconds for targets to appear. press Ctrl+C to skip the wait     [+] waiting 1 seconds for targets to appear. press Ctrl+C to skip the wait                            

[0:00:31] 2 targets and 1 clients found 

[+] added to attack list: "home3" (99dB)
[+] 1 access points targeted for attack

[+] estimated maximum wait time is 40 minutes
[+] changing mac address to 00:19:5D:4D:25:C3...  changed!

[+] attacking "home3"...
[0:09:58] changing mac to 18:86:ac:e1:5a:96...
[0:09:58] changed mac; continuing attack
[0:09:59] started arp replay attack on "home3"; Ctrl+C for options
[0:09:59] arp replay attack on "home3" captured 0 ivs (0/sec)                 Nokia-N900:/root#  
[0:09:59] stopping attack on "home3"...

[+] please select a menu option below:
   [c]ontinue attacking; 3 methods left
   [e]xit the program completely
[+] enter option (c, or e): Traceback (most recent call last):
  File "/opt/wifi_mon/wifite.py", line 3542, in <module>
    main() # launch the main method
  File "/opt/wifi_mon/wifite.py", line 920, in main
    attack(x - 1) # subtract one because arrays start at 0
  File "/opt/wifi_mon/wifite.py", line 2009, in attack
    attack_wep_all(index)
  File "/opt/wifi_mon/wifite.py", line 2472, in attack_wep_all
    typed=raw_input()
EOFError
There is many networks in range including my ad-hoc network (home3), the script attacks it first and when i press ctrl & c to change it i get whats written above.
and i have to close xterm and open it again to be able to type 'wepoff'
N.B: Thats of course for scientifical and geological purposes only
It seems that the only errors you get are the pexpect one and the python-tk one, althought they are not needed for the attack... Try an apt-get install pexpect, but I don't think it will do much. Is your python up-to-date?

Sorry but I can't really think about any cause for your problem, if you have carefully followed the guide and you're using the modified kernel-power or kernel-power v47 wifite should work properly, you are the first encountering problems.
 
AgogData's Avatar
Posts: 870 | Thanked: 133 times | Joined on Aug 2010
#57
Originally Posted by torpedo48 View Post
It seems that the only errors you get are the pexpect one and the python-tk one, althought they are not needed for the attack... Try an apt-get install pexpect, but I don't think it will do much. Is your python up-to-date?

Sorry but I can't really think about any cause for your problem, if you have carefully followed the guide and you're using the modified kernel-power or kernel-power v47 wifite should work properly, you are the first encountering problems.
Yes, my pythin version is the latest. And i think what happened is because home3 (my network) is an ad-hoc [shared LAN connection through wireless laptop]
Is there a way that i can choose which network i can crack ? so it doesn't auto. choose home3 ?
 
Posts: 1,680 | Thanked: 3,685 times | Joined on Jan 2011
#58
Yes. edit the 'wepon' script. comment out the line that puts the device into monitor mode. This will force wifite to put your card into monitor mode (didnt work right for me, apparently worked for mr_pingu).

This will cause wifite to enter a different scan mode and allow network selection.
__________________
N900: One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die.
 
Posts: 146 | Thanked: 39 times | Joined on May 2010
#59
hi
after 10 h of playing with my n900 ( flash and install all ...) i manage to instal the script but ...
Attached Images
 
 
AgogData's Avatar
Posts: 870 | Thanked: 133 times | Joined on Aug 2010
#60
I'm now stuck with arp replay attack on XXXX captured # ivs
then chop-chop attack
what is wrong here ?
 
Reply

Tags
free internetz, hack the gibson, hack the planet


 
Forum Jump


All times are GMT. The time now is 09:05.