Active Topics
-
Firefox with Leste (10)
to Maemo 7 / Leste by teroyk - 3 days, 3 hrs ago - more...
|
2012-01-15
, 01:14
|
|
Posts: 2,076 |
Thanked: 3,268 times |
Joined on Feb 2011
|
#1132
|
For me with wifite running at 300-400pps is better. With signal around 80 I get ~200 ivs/sec usually. With signal 60-70 even up to 280-300 ivs/sec. Also 40 seconds is quite long. Normally starts flooding at 10-15 seconds from start
|
|
2012-01-15
, 03:20
|
|
Posts: 105 |
Thanked: 87 times |
Joined on Jun 2011
@ Unknown
|
#1133
|
Originally Posted by Estel
I can confirm unable to crack WEP with interactive injection (I stoped using it long ago as never worked for me)
No, I was injecting @ 500 packets/s. IVs capture ration was ~86/s, varying.
Anyway, as I've said in edit to latest post, even with 500k IVs aircrack-ng was unable to crack network WEP.
It would be great, if someone could confirm/deny this, by cracking WEP network without any client connected (this is a *must* requirement, as we do not want some 'legit' packets getting injected by accidentresulting in ''legit' response, generating more 'legit' packets etc.) and via interactive injection.
/Estel
I personaly prefer the normal packet injection way as I never missed to crack a WEP key with 40k IVs in min. 8min to a max. of 20min.
| The Following User Says Thank You to g0r For This Useful Post: | ||
 |
|
2012-01-15
, 03:55
|
|
Posts: 5,028 |
Thanked: 8,613 times |
Joined on Mar 2011
|
#1134
|
Originally Posted by szopin
Sorry, but how is this wifite post related to faircrack? number of IVs gathered per second depends on many factors, and tool used is least important (if not of zero importance, as all of those tools are [less or more] user frontends for aircrack parts - even wifite is technically a frontend...). Having N900 close enough to AP you can capture 99% of packets transmitted by router, which would be probably around 400-500 pps.
For me with wifite running at 300-400pps is better. With signal around 80 I get ~200 ivs/sec usually. With signal 60-70 even up to 280-300 ivs/sec. Also 40 seconds is quite long. Normally starts flooding at 10-15 seconds from start
No offense, but I don't see the point in comparing capture ration in wifite, faircrack, cleven or whatever. They're all talking to the same tool, and depending on ambient circumstances.
/Estel
// edit
Unless we count it at "wifite interactive injection works well and it's FOSS, so lets check how they implemented it code-wise and re-use implementation method in faircrack"
__________________
N900's aluminum backcover / body replacement
-
N900's HDMI-Out
-
Camera cover MOD
-
Measure battery's real capacity on-device
-
TrueCrypt 7.1 | ereswap | bnf
-
Hardware's mods research is costly. To support my work, please consider donating. Thank You!
N900's aluminum backcover / body replacement
-
N900's HDMI-Out
-
Camera cover MOD
-
Measure battery's real capacity on-device
-
TrueCrypt 7.1 | ereswap | bnf
-
Hardware's mods research is costly. To support my work, please consider donating. Thank You!
Last edited by Estel; 2012-01-15 at 17:48.
| The Following User Says Thank You to Estel For This Useful Post: | ||
 |
|
2012-01-15
, 06:11
|
|
Posts: 298 |
Thanked: 341 times |
Joined on Aug 2010
@ This world :)
|
#1135
|
Originally Posted by Estel
K, can add to my list.
So, now feature requets:
1. Would it be possible to add management of replay-*.cap files, that are created while injecting (both normal, interactive, or just capturing arp)? After some time of usage, they're trashing a lotta hell of space (be it bytes or just names) in place where they're saved, require manual deletion.
Originally Posted by Estel
K, can add to my list.
2. If we're talking about replay-*.cap management, would it be possible to allow using already saved ones against network? Would require listing them, and, after selecting one, a button to inject with it (could, for example, inject the network that is currently captured via airodump-ng).
Originally Posted by Estel
Yep, fully agree with your assessment, can add to my list.
3. minor thing - it seems that default time for "scan" set to 5 seconds is a little to low - most of the times it's not enough to even properly scan whole 1-13 channel range. I think that 10 seconds is good thing for default (personally, I almost always use 15 sec, but it's for, ekhm, 'debugging' purposes).
Originally Posted by Estel
Already posted reply under the original post
4. You probably knew that I would aks about it - what about reaver/walsh support?
__________________
My phone evolution: Nokia 7610 (RIP), N82 (RIP), BB9000 (RIP), N900, BB9760 (RIP), N8, BB9900, N9 64GB
Working
: Python Gorillas (Maemo5) 
Faircrack0.50 Update (Maemo5) 
Not so much
: WPScrack (Maemo5)
My phone evolution: Nokia 7610 (RIP), N82 (RIP), BB9000 (RIP), N900, BB9760 (RIP), N8, BB9900, N9 64GB
Working
: Python Gorillas (Maemo5) Faircrack0.50 Update (Maemo5) Not so much
: WPScrack (Maemo5)
| The Following User Says Thank You to StefanL For This Useful Post: | ||
|
|
2012-01-15
, 06:39
|
|
Posts: 298 |
Thanked: 341 times |
Joined on Aug 2010
@ This world :)
|
#1136
|
Originally Posted by Estel
Aircrack-ng is not perfect, and still has a lot of limitations. Some of them include the type of packets captured when doing the PTW attack (default for fAircrack), length of WEP key (only handles 64bit and 128bit), etc.
No, I was injecting @ 500 packets/s. IVs capture ration was ~86/s, varying.
Anyway, as I've said in edit to latest post, even with 500k IVs aircrack-ng was unable to crack network WEP.
It would be great, if someone could confirm/deny this, by cracking WEP network without any client connected (this is a *must* requirement, as we do not want some 'legit' packets getting injected by accident
/Estel
__________________
My phone evolution: Nokia 7610 (RIP), N82 (RIP), BB9000 (RIP), N900, BB9760 (RIP), N8, BB9900, N9 64GB
Working: Python Gorillas (Maemo5) Faircrack0.50 Update (Maemo5)
Not so much: WPScrack (Maemo5)
My phone evolution: Nokia 7610 (RIP), N82 (RIP), BB9000 (RIP), N900, BB9760 (RIP), N8, BB9900, N9 64GB
Working
: Python Gorillas (Maemo5) Faircrack0.50 Update (Maemo5) Not so much
: WPScrack (Maemo5)
Last edited by StefanL; 2012-01-15 at 06:50.
| The Following User Says Thank You to StefanL For This Useful Post: | ||
|
|
2012-01-15
, 13:54
|
|
Posts: 2,076 |
Thanked: 3,268 times |
Joined on Feb 2011
|
#1137
|
Originally Posted by Estel
Confirmed. Though my router seems to send out spurious data (defense mechanism ???). Anyway, I tried sending packets of different lengths, gathering 50000 at one time and stopping. There was also 250K ivs from previous attempts to see if more data would come in handy. Results:
No, I was injecting @ 500 packets/s. IVs capture ration was ~86/s, varying.
Anyway, as I've said in edit to latest post, even with 500k IVs aircrack-ng was unable to crack network WEP.
It would be great, if someone could confirm/deny this, by cracking WEP network without any client connected (this is a *must* requirement, as we do not want some 'legit' packets getting injected by accident
/Estel
cap file 1 - 250k (length unknown, provided by 2 runs of wifite) - fail
cap file 2 - 50k, length 112 - fail
cap file 3 - 50k, length 86 FromDS: 1 - fail
cap file 4 - 50k, length 86 ToDS: 1 - fail
cap file 5 - 50k, length 352 (strangely enough bigger packets should result in lower ivs/sec, yet got 250ivs/s here vs 140-180 at previous) - fail
capture 6 - 50k, length 86, FromDS: 1 - success
Funny thing: getting all the 500k together results in the key NOT being found, so quantity < quality.
Combination of cap files - result
6 - OK
5,6 - OK
4,5,6 - OK
3,4,5,6 - OK
2,3,4,5,6 - Fail
1,2,3,4,5,6 - Fail
2,4,5,6 - OK
1,2,5,6 - Fail
(no combination without the 6th file worked)
Seems the ratio of spurious data to good data cannot be too big. (btw, wifite uses 'aireplay -2 -b xx:xx -h yy:yy -T 1 -F -p 0841 wlan0' which doesn't require input and probably starts injecting with first packet caught, so probably a hit-or-miss solution)
Also strange thing, Source MAC when the packet shows up for confirmation very often differs from BSSID by 1 (that is XX:YY...:F6 vs XX:YY...:F5), capture 6 that got it had different MAC here. Needs more testing as maybe some combination of packet length/ToDS/FromDS/Source/Dest will result in more frequent capture of valid IVS.
Oh yeah, no wireless clients were involved as I just changed to WEP and no other device would have the password, so this is confirmed.
EDIT: As to speed comparisons: try running some programs in the background while injecting. Having brogue (SDL game) in the background got the speeds to 80-100. Without it 160-200. Each of the frontends uses up memory/CPU. Most economic will win. (and no, placing N900 next to the router doesn't work that way
Last edited by szopin; 2012-01-15 at 14:05.
|
|
2012-01-15
, 15:53
|
|
Posts: 529 |
Thanked: 194 times |
Joined on Aug 2010
@ UK
|
#1138
|
thanks for the update but im having some issues , every option under the decrypt tab does work , matter what i select it just opens an the closes straight away !!
i was on 0.45 before and they all worked fine any ideas whats wrong and how to solve this !!!
i was on 0.45 before and they all worked fine any ideas whats wrong and how to solve this !!!
__________________
|
|
2012-01-15
, 16:00
|
|
Posts: 298 |
Thanked: 341 times |
Joined on Aug 2010
@ This world :)
|
#1139
|
Originally Posted by stevomanu
Which options are you referring to (WEP/WPA/..)? Please give me a bit more info to troubleshoot.
thanks for the update but im having some issues , every option under the decrypt tab does work , matter what i select it just opens an the closes straight away !!
i was on 0.45 before and they all worked fine any ideas whats wrong and how to solve this !!!
__________________
My phone evolution: Nokia 7610 (RIP), N82 (RIP), BB9000 (RIP), N900, BB9760 (RIP), N8, BB9900, N9 64GB
Working: Python Gorillas (Maemo5) Faircrack0.50 Update (Maemo5)
Not so much: WPScrack (Maemo5)
My phone evolution: Nokia 7610 (RIP), N82 (RIP), BB9000 (RIP), N900, BB9760 (RIP), N8, BB9900, N9 64GB
Working
: Python Gorillas (Maemo5) Faircrack0.50 Update (Maemo5) Not so much
: WPScrack (Maemo5)
|
|
2012-01-15
, 16:04
|
|
Posts: 529 |
Thanked: 194 times |
Joined on Aug 2010
@ UK
|
#1140
|
every option dude
only option in wep tab that works is clear , rest nothing
all options under WPA dont work
all option under libDb dont work either ....
EDIT
im gunna redownload files and do a clean install see if that helps will report back in min ...
EDIT2 WPA decrypt is not working when i try an use dictionary it just opens and closes , also libDb stuff doesnt seem to be working still !!"
Last edited by stevomanu; 2012-01-15 at 16:20.
only option in wep tab that works is clear , rest nothing
all options under WPA dont work
all option under libDb dont work either ....
EDIT
im gunna redownload files and do a clean install see if that helps will report back in min ...
EDIT2 WPA decrypt is not working when i try an use dictionary it just opens and closes , also libDb stuff doesnt seem to be working still !!"
Originally Posted by StefanL
Which options are you referring to (WEP/WPA/..)? Please give me a bit more info to troubleshoot.
__________________
Last edited by stevomanu; 2012-01-15 at 16:20.
 |
| Tags |
| aircrack, aircrack-ng, epicfacepalm, pen testing, rtfm dude! |
«
Previous Thread
|
Next Thread
»
|
All times are GMT. The time now is 16:15.
Anyway, as I've said in edit to latest post, even with 500k IVs aircrack-ng was unable to crack network WEP.
It would be great, if someone could confirm/deny this, by cracking WEP network without any client connected (this is a *must* requirement, as we do not want some 'legit' packets getting injected by accident
/Estel
N900's aluminum backcover / body replacement
-
N900's HDMI-Out
-
Camera cover MOD
-
Measure battery's real capacity on-device
-
TrueCrypt 7.1 | ereswap | bnf
-
Hardware's mods research is costly. To support my work, please consider donating. Thank You!
Last edited by Estel; 2012-01-15 at 01:01.