Notices


Reply
Thread Tools
Mr Wolf's Avatar
Posts: 84 | Thanked: 22 times | Joined on Nov 2011 @ Italy
#1141
Originally Posted by StefanL View Post
Your link is not working for me (fixed it - seems rather old, I guess, things have changed since 2008); and on a personal note, all APs etc are uniquely identifyable by their BSSID, but not their ESSID, hence I am guessing the BSSID method should be more reliable in identifying a particular unit (why use the two identifiers for the same thing?). Anyway, the command seems to work as is, I switched to using BSSIDs rather than ESSIDs to avoid the headache with APs with spaces and other special characters (ie. I spent a lot of time on this, just read back a few hundred posts or so ). I am happy for any testing and feed-back though, so thanks for your time. I have not yet tested for hidden ESSIDs discovery, still on my list. Edit:ESSID is only required for cracking, where the ESSID is part of the salt for the hashes, so that is another explanation, why the ESSID is not required for this case.
I don't know, my knowledge is not so great to say something with absolute reliability!
But... if we look at Fake Authentication page:
http://www.aircrack-ng.org/doku.php?...authentication
the ESSID is always specified.
And then it says:

Airodump-ng does not show the ESSID

Airodump-ng does not show the ESSID! How do I do fake authentication since this is a required parameter?

Answer: You need to patient. When a client associates with the AP, then airodump-ng will obtain and display the ESSID. If you are impatient then deauthenticate a client to get the ESSID immediately.

Of course, the ESSID doesn't identify the network univocally as the BSSID; however, as they answered me in Aircrack forum, it seems to be required all the thing to work.
If I well remember (4 years are past!), I found the precise document which says why ESSID is necessary. I'll try and look for it.

Then, I'll also try fAircrack 0.46.
Many thanks for your work!
__________________
I'm Winston Wolf, I solve problems
 

The Following User Says Thank You to Mr Wolf For This Useful Post:
StefanL's Avatar
Posts: 298 | Thanked: 341 times | Joined on Aug 2010 @ This world :)
#1142
Originally Posted by stevomanu View Post
EDIT2 WPA decrypt is not working when i try an use dictionary it just opens and closes , also libDb stuff doesnt seem to be working still !!"
WPA decrypt not working could be due to not having any valid data in the cap file, ie. you did not capture any handshakes (xterm window opens and closes quickly).

Most of the libDb stuff will also work too fast to give you a chance to see what is happening on the xterm window, try importing some longish dictionary file (60k lines), or running batch option. Also check if the file pwddb is created under the dictionary list. Try running the following from the diction subdirectory under the FAS directory
Code:
sudo airolib-ng pwddb --stats
.
__________________
My phone evolution: Nokia 7610 (RIP), N82 (RIP), BB9000 (RIP), N900, BB9760 (RIP), N8, BB9900, N9 64GB
Working : Python Gorillas (Maemo5) Faircrack0.50 Update (Maemo5)
Not so much : WPScrack (Maemo5)
 

The Following User Says Thank You to StefanL For This Useful Post:
StefanL's Avatar
Posts: 298 | Thanked: 341 times | Joined on Aug 2010 @ This world :)
#1143
Originally Posted by Mr Wolf View Post
I don't know, my knowledge is not so great to say something with absolute reliability!
But... if we look at Fake Authentication page:
http://www.aircrack-ng.org/doku.php?...authentication
the ESSID is always specified.
And then it says:

Airodump-ng does not show the ESSID

Airodump-ng does not show the ESSID! How do I do fake authentication since this is a required parameter?

Answer: You need to patient. When a client associates with the AP, then airodump-ng will obtain and display the ESSID. If you are impatient then deauthenticate a client to get the ESSID immediately.

Of course, the ESSID doesn't identify the network univocally as the BSSID; however, as they answered me in Aircrack forum, it seems to be required all the thing to work.
If I well remember (4 years are past!), I found the precise document which says why ESSID is necessary. I'll try and look for it.

Then, I'll also try fAircrack 0.46.
Many thanks for your work!
fAircrack is using the "any" ESSID option of aireplay-ng mentioned in the link , which I am guessing is an update to the program post your investigations in 2008.
__________________
My phone evolution: Nokia 7610 (RIP), N82 (RIP), BB9000 (RIP), N900, BB9760 (RIP), N8, BB9900, N9 64GB
Working : Python Gorillas (Maemo5) Faircrack0.50 Update (Maemo5)
Not so much : WPScrack (Maemo5)
 

The Following 2 Users Say Thank You to StefanL For This Useful Post:
Posts: 529 | Thanked: 194 times | Joined on Aug 2010 @ UK
#1144
the cap files i have got do have valid handshakes , it doesnty even try an crack them opens an closes with out even reading whats in the cap files ....
double checked cap files on my pc and there good ....

will give the dictionary thing a go now , not sure how many lines mine has to be honest ....

also are you planning on pushing this into the repos its the top must have app thats not there ....

thanks for your reply ..

Originally Posted by StefanL View Post
WPA decrypt not working could be due to not having any valid data in the cap file, ie. you did not capture any handshakes (xterm window opens and closes quickly).

Most of the libDb stuff will also work too fast to give you a chance to see what is happening on the xterm window, try importing some longish dictionary file (60k lines), or running batch option. Also check if the file pwddb is created under the dictionary list. Try running the following from the diction subdirectory under the FAS directory
Code:
sudo airolib-ng pwddb --stats
.
__________________
METASPLOIT INSTALL N900
Keep the forums clean
Dont forget to say thanks
 

The Following User Says Thank You to stevomanu For This Useful Post:
Estel's Avatar
Posts: 5,028 | Thanked: 8,613 times | Joined on Mar 2011
#1145
Originally Posted by StefanL View Post
Aircrack-ng is not perfect, and still has a lot of limitations. Some of them include the type of packets captured when doing the PTW attack (default for fAircrack), length of WEP key (only handles 64bit and 128bit), etc.
judging by the document You've provided, the problem is that aircrack-ng uses '-z' by default, which is only valid for proper ARP messages and responses. AFAIUI, to use statistical methods (on IVs that we gathered using our spurious data), we should apply '-K', which result in fallback to FMS/KoreK/Bruteforce method. It require *much* more IVs - at least ~500k for 64 bit key, and ~2,5M-5M for 128 bit key, but it have chance to work actually.

It may seems harsh, but for APs without clients connected, it's still much faster (most of the times) than waiting for someone to connect.

/Estel
__________________
N900's aluminum backcover / body replacement
-
N900's HDMI-Out
-
Camera cover MOD
-
Measure battery's real capacity on-device
-
TrueCrypt 7.1 | ereswap | bnf
-
Hardware's mods research is costly. To support my work, please consider donating. Thank You!
 

The Following User Says Thank You to Estel For This Useful Post:
Posts: 2,076 | Thanked: 3,268 times | Joined on Feb 2011
#1146
Korek might work assuming it is not an AP defense mechanism that replies with packets that fudge statistical analysis. Also speeds with 500k ivs get too low (memory is a limiting factor, maybe .ivs instead of .cap would help, not sure if cap isn't required for korek though) limiting real-world scenarios. Try my approach (50k in few tries) with 68 or 86 byte length of packets, I had few WEP resistant routers so far vs 50+ that fell eventually (also one that was very weird had MAC on WEP and MAC+1 described previously on WPA, I really think this is some kind of firmware defense making injection harder)
 

The Following 2 Users Say Thank You to szopin For This Useful Post:
StefanL's Avatar
Posts: 298 | Thanked: 341 times | Joined on Aug 2010 @ This world :)
#1147
Originally Posted by stevomanu View Post
the cap files i have got do have valid handshakes , it doesnty even try an crack them opens an closes with out even reading whats in the cap files ....
double checked cap files on my pc and there good ....

will give the dictionary thing a go now , not sure how many lines mine has to be honest ....

also are you planning on pushing this into the repos its the top must have app thats not there ....

thanks for your reply ..
Any updates on this? If you still have problems, send me the output from the listing of the FAS directory
Code:
ls -al > output.txt
.
__________________
My phone evolution: Nokia 7610 (RIP), N82 (RIP), BB9000 (RIP), N900, BB9760 (RIP), N8, BB9900, N9 64GB
Working : Python Gorillas (Maemo5) Faircrack0.50 Update (Maemo5)
Not so much : WPScrack (Maemo5)
 

The Following User Says Thank You to StefanL For This Useful Post:
Posts: 529 | Thanked: 194 times | Joined on Aug 2010 @ UK
#1148
sorry been every so busy , yes still have some issues it wont even try an crack WEP/WPA at all also having issues picking up access points , were cleven did so not sure whats wrong ......

heres the out put .....

Code:
drwxrwxrwx    5 user     root         65536 Jan 19 22:43 .
drwxrwxrwx   15 user     root         65536 Jan 19 20:56 ..
-rw-r--r--    1 user     root          5899 Jan 14 13:57 Changelog.txt
-rw-r--r--    1 user     root         29123 Nov 30 21:31 FAS.py
-rw-r--r--    1 user     root         16477 Jan 17 12:50 FAS.pyo
-rw-r--r--    1 user     root         36892 Jan 14 13:55 Main.py
drwxrwxrwx    4 user     root         65536 Jan 26  2011 cap
-rw-r--r--    1 user     root            58 Jan 17 12:51 currentAP.txt
drwxrwxrwx    2 user     root         65536 Jan 26  2011 diction
-rw-r--r--    1 user     root             0 Jan 17 14:05 dictionlist.txt
-rw-r--r--    1 user     root           138 Dec 12 07:33 getinfo.sh
-rw-r--r--    1 user     root           155 Jan 27  2011 getinterfacestate.sh
-rw-r--r--    1 user     root           120 Jun  8  2011 getmacmanaged.sh
-rw-r--r--    1 user     root           191 May 26  2011 getmacmonitor.sh
-rw-r--r--    1 user     root             3 Jan 19 13:36 interface.txt
-rw-r--r--    1 user     root         38181 Jan 31  2011 john.conf
-rw-r--r--    1 user     root           261 Dec  7 09:14 john.sh
-rw-r--r--    1 user     root           141 Feb  1  2011 johnconf.sh
-rw-r--r--    1 user     root            78 Jul 15  2011 keylist.sh
-rw-r--r--    1 user     root             0 Jan 17 14:05 keylist.txt
drwxrwxrwx    2 user     root         65536 Jan 26  2011 keys
-rw-r--r--    1 user     root            40 Jan 23  2011 launch.sh
-rw-r--r--    1 user     root           163 Jan 27  2011 load.sh
-rw-r--r--    1 user     root            18 Jan 19 13:36 mymac.txt
-rw-r--r--    1 user     root             0 Jan 19 22:43 output.txt
-rw-r--r--    1 user     root           113 May 29  2011 readAP.sh
-rw-r--r--    1 user     root           159 May 30  2011 scan.sh
-rw-r--r--    1 user     root             0 Jan 19 11:04 scanresults.txt
-rw-r--r--    1 user     root           685 Jan 19 11:04 temp-01.cap
-rw-r--r--    1 user     root           668 Jan 19 11:04 temp-01.csv
-rw-r--r--    1 user     root          1093 Jan 19 11:04 temp-01.kismet.csv
-rw-r--r--    1 user     root          4291 Jan 19 11:04 temp-01.kismet.netxml
-rw-r--r--    1 user     root           146 Jan 27  2011 unload.sh
-rw-r--r--    1 user     root            84 Jul 15  2011 wepcaplist.sh
-rw-r--r--    1 user     root             0 Jan 17 14:05 wepcaplist.txt
-rw-r--r--    1 user     root            84 Jul 15  2011 wpacaplist.sh
-rw-r--r--    1 user     root             0 Jan 17 14:05 wpacaplist.txt
Originally Posted by StefanL View Post
Any updates on this? If you still have problems, send me the output from the listing of the FAS directory
Code:
ls -al > output.txt
.
__________________
METASPLOIT INSTALL N900
Keep the forums clean
Dont forget to say thanks
 

The Following User Says Thank You to stevomanu For This Useful Post:
StefanL's Avatar
Posts: 298 | Thanked: 341 times | Joined on Aug 2010 @ This world :)
#1149
Originally Posted by stevomanu View Post
sorry been every so busy , yes still have some issues it wont even try an crack WEP/WPA at all also having issues picking up access points , were cleven did so not sure whats wrong ......

heres the out put .....

Code:
drwxrwxrwx    5 user     root         65536 Jan 19 22:43 .
drwxrwxrwx   15 user     root         65536 Jan 19 20:56 ..
-rw-r--r--    1 user     root          5899 Jan 14 13:57 Changelog.txt
-rw-r--r--    1 user     root         29123 Nov 30 21:31 FAS.py
-rw-r--r--    1 user     root         16477 Jan 17 12:50 FAS.pyo
-rw-r--r--    1 user     root         36892 Jan 14 13:55 Main.py
drwxrwxrwx    4 user     root         65536 Jan 26  2011 cap
-rw-r--r--    1 user     root            58 Jan 17 12:51 currentAP.txt
drwxrwxrwx    2 user     root         65536 Jan 26  2011 diction
-rw-r--r--    1 user     root             0 Jan 17 14:05 dictionlist.txt
-rw-r--r--    1 user     root           138 Dec 12 07:33 getinfo.sh
-rw-r--r--    1 user     root           155 Jan 27  2011 getinterfacestate.sh
-rw-r--r--    1 user     root           120 Jun  8  2011 getmacmanaged.sh
-rw-r--r--    1 user     root           191 May 26  2011 getmacmonitor.sh
-rw-r--r--    1 user     root             3 Jan 19 13:36 interface.txt
-rw-r--r--    1 user     root         38181 Jan 31  2011 john.conf
-rw-r--r--    1 user     root           261 Dec  7 09:14 john.sh
-rw-r--r--    1 user     root           141 Feb  1  2011 johnconf.sh
-rw-r--r--    1 user     root            78 Jul 15  2011 keylist.sh
-rw-r--r--    1 user     root             0 Jan 17 14:05 keylist.txt
drwxrwxrwx    2 user     root         65536 Jan 26  2011 keys
-rw-r--r--    1 user     root            40 Jan 23  2011 launch.sh
-rw-r--r--    1 user     root           163 Jan 27  2011 load.sh
-rw-r--r--    1 user     root            18 Jan 19 13:36 mymac.txt
-rw-r--r--    1 user     root             0 Jan 19 22:43 output.txt
-rw-r--r--    1 user     root           113 May 29  2011 readAP.sh
-rw-r--r--    1 user     root           159 May 30  2011 scan.sh
-rw-r--r--    1 user     root             0 Jan 19 11:04 scanresults.txt
-rw-r--r--    1 user     root           685 Jan 19 11:04 temp-01.cap
-rw-r--r--    1 user     root           668 Jan 19 11:04 temp-01.csv
-rw-r--r--    1 user     root          1093 Jan 19 11:04 temp-01.kismet.csv
-rw-r--r--    1 user     root          4291 Jan 19 11:04 temp-01.kismet.netxml
-rw-r--r--    1 user     root           146 Jan 27  2011 unload.sh
-rw-r--r--    1 user     root            84 Jul 15  2011 wepcaplist.sh
-rw-r--r--    1 user     root             0 Jan 17 14:05 wepcaplist.txt
-rw-r--r--    1 user     root            84 Jul 15  2011 wpacaplist.sh
-rw-r--r--    1 user     root             0 Jan 17 14:05 wpacaplist.txt
Ok, I think I know what the problem is. These are script activated functions, but the deletion of the script happens before the command can finish reading the script. Weird, I guess the file locking is not properly implemented in this version of python for a command reading a file followed by a command to delete the file. Will fix and post v0.47 in the next few days. If you feel adventureous, comment out the lines in Main.py that look similar to the following
Code:
os.system('rm scriptfile.sh')
.
__________________
My phone evolution: Nokia 7610 (RIP), N82 (RIP), BB9000 (RIP), N900, BB9760 (RIP), N8, BB9900, N9 64GB
Working : Python Gorillas (Maemo5) Faircrack0.50 Update (Maemo5)
Not so much : WPScrack (Maemo5)
 

The Following 2 Users Say Thank You to StefanL For This Useful Post:
StefanL's Avatar
Posts: 298 | Thanked: 341 times | Joined on Aug 2010 @ This world :)
#1150
Latest update V 0.47 is attached below. In summary; this update fixes AP names with single quotes issues (spaces already working), changed default scan duration to 10secs, adds WEP crack Korek method option (aircrack-ng -K) as an alternative to the PTW WEP crack option, fixed stevomanu bug. Details as follows:

Install version 0.3 from post no 1. in this thread (or any other working version), then apply my update. As per usual, make a back-up copy of the files to be replaced (Main.py, FAS.py, getinfo.sh, scan.sh, getmacmanaged.sh, getmacmonitor.sh, wepcaplist.sh, wpacaplist.sh, keylist.sh, john.sh, Changelog.txt), copy the archive to the FAS directory on your N900 and extract within xterm in the FAS directory.
Code:
tar -xzvf faircrack0.47.tar.gz
Enjoy

Note: Reaver and Wash will be added in a future release, at the moment I am waiting for these tools to mature on my setup and I still need to test the official 1.4 versions.

Note 2: Current plans are for version 0.5 to appear in the repos, no time line fixed yet.
Attached Files
File Type: gz faircrack0.47.tar.gz (12.3 KB, 134 views)
__________________
My phone evolution: Nokia 7610 (RIP), N82 (RIP), BB9000 (RIP), N900, BB9760 (RIP), N8, BB9900, N9 64GB
Working : Python Gorillas (Maemo5) Faircrack0.50 Update (Maemo5)
Not so much : WPScrack (Maemo5)
 

The Following 3 Users Say Thank You to StefanL For This Useful Post:
Reply

Tags
aircrack, aircrack-ng, epicfacepalm, pen testing, rtfm dude!


 
Forum Jump


All times are GMT. The time now is 03:33.