Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

Sorry Guest, you are banned from posting and sending personal messages on this forum.

This ban is not set to expire.

[manit123]

Here is the situation
I have access point hardly 3 feet away from my while my target computer (with windows 7) is 4 feet away
I am using backtrack5r3 with gnome
# lsb_release  -a
No LSB modules are available.
Distributor ID:    Ubuntu
Description:    Ubuntu 10.04.3 LTS
Release:    10.04
Codename:    lucid
# uname -a
Linux bt 3.2.6 #1 SMP Fri Feb 17 10:40:05 EST 2012 i686 GNU/Linux
The networks I catch are as follows

BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID
00:0D:F0:24:33:40  -60      118        0    0  11  54e  WPA  TKIP   PSK  vid140pppoeoaas21
BSSID              STATION            PWR   Rate    Lost    Frames  Probe
                                   
 (not associated)   30:46:9A:30:EB:60  -41    0 - 1      0        7  vid146pppoeradisys

Injection works because

Code: [Select]

# aireplay-ng  -9 mon0
09:06:47  Trying broadcast probe requests...
09:06:47  Injection is working!
09:06:48  Found 1 AP
09:06:58  00:0D:F0:24:32:58 - channel: 11 - 'vid146pppoeradisys'
09:06:59  Ping (min/avg/max): 2.837ms/21.287ms/42.110ms Power: -37.00
09:06:59  27/30:  90%
I ran
#airodump-ng mon0 --channel 11 --bssid 00:0D:F0:24:32:58 -w /tmp/wpa2 &
#aireplay-ng -0 1 -a 00:0D:F0:24:32:58  -c 30:46:9A:30:EB:60 -e vid146pppoeradisys mon0
09:04:43  Waiting for beacon frame (BSSID: 00:0D:F0:24:32:58) on channel 11
09:04:43  Sending 64 directed DeAuth. STMAC: [30:46:9A:30:EB:60] [ 0| 0 ACKs]

Please tell me , where I am going wrong ?

[DarkAudax]

The dump shows the client as unassociated.  So how exactly can expect to deauthenticate a client which is not associated?

d.

[manit123]

but , the client (my windows 7 computer) is able to surf which I have checked and its ethernet cable is unplugged.

FURTHER INFORMATION of my backtrack-computer

# lsusb
Bus 002 Device 003: ID 0846:9041 NetGear, Inc. WNA1000M 802.11bgn [Realtek RTL8188CUS]
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 004: ID 04ca:0062 Lite-On Technology Corp.
Bus 001 Device 003: ID 04f3:0103 Elan Microelectronics Corp.
Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
# airmon-ng 
Interface   Chipset      Driver
mon0      Unknown    rtl8192cu - [phy0]
wlan0      Unknown    rtl8192cu - [phy0]

[manit123]

I think the problem is relatively new wi-fi adaptor. I was using 'wna1000m' as told above.
Now , i tried with

Bus 002 Device 004: ID 0846:9030 NetGear, Inc. WNA1100 Wireless-N 150 [Atheros AR9271]

I got

Code: [Select]

CH 11 ][ Elapsed: 40 s ][ 2013-08-15 03:08 ][ WPA handshake: 00:0D:F0:24:32:58                                         
 BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID                                                                                   
 00:0D:F0:24:32:58  -58  96      392      482    0  11  54e  WPA  TKIP   PSK  vid146pppoeradisys                                                                     
 BSSID              STATION            PWR   Rate    Lost    Frames  Probe                                                                                           
 00:0D:F0:24:32:58  10:0D:7F:BD:2D:B5  -58   54e-54e     0      280     


[manit123]

I have been able to crack WEP by collecting lot of initialisation vector over period of more than 6 hours.
QUSETION 1)Is there a better alternative ?
Also
I was looking for way to crack wpa psk
The one I know is
WPS PIN attack using reaver
It makes 11000 guesses (worst case) to yield success.
But first you should see 'was -i mon0' output to see crackable networks.

On internet I find people using different method (be it wifi honey -> www.youtube.com/watch?v=z2aIdQDvBIU). Usually , it is obtaining handshake followed by dictionary attack.

QUESTION 2)Can somebody tell about back tew or MITM usage in this scenario ? Will that fasten cracking ?

[jaimechiquita111]

If you has a multi-processor try this

First calulate the resoures needed:
root@junior:~# pyrit -r your_file.cap -i PMK-Calculated attack_cowpatty
Last use the calculated file to crack the key:
root@junior:~#cowpatty -d PMK -Calculated -s “your_SSID” -r your_file.cap

[manit123]

I see that pyrit uses GPU parallel processing capability to make more pairwise master key per second . Still
i set up my wifi access point with 8 or more alphanumeric characters which are not related to dictionary .
It seems , it is near impossible to crack this using brute force .
I read http://code.google.com/p/pyrit/wiki/Tutorial
My question is
Suppose I am creating database for all 8 digit alphanumeric passwords(26small letters . 26 capital letters , 10 digits) with a specific essid.
I think there will be 62^8 bytes in word list that is 218340GB assuming one byte per character.
For getting result in current life time , I will limit database to 26 small letters & 10 digits with 8 character password thus 2821GB word list.
How can I calculate number of PMK that have to be tried ?

[Jano]

Hi manit123,

For getting result in current life time , I will limit database to 26 small letters & 10 digits with 8 character password thus 2821GB word list.
How can I calculate number of PMK that have to be tried ?

36⁸ = 2,821109907×10¹² = 2821109907456 PMKs :

Code: [Select]

jano:~$ crunch 8 8 -f charset.lst lalpha-numeric
Crunch will now generate the following amount of data: 25389989167104 bytes
24213780 MB
23646 GB
23 TB
0 PB
Crunch will now generate the following number of lines: 2821109907456See also: Password Possible Options Calculator and Password Calculator
 
Bye Jano

[manit123]

from http://www.renderlab.net/projects/WPA-tables/
I see that they made 33GB table with 1000SSID and 1million words from dictionary . So , if my SSID is not one of those 1000 then those tables will be of no use for me . Am I right ?

[DarkAudax]

You are correct.  It will be of no use to you.

d.