airpcap and cain wep/wpa crack

[slayer]

ok here goes....

if you really cant get the hang of wep/wpa cracking with linux then there is an alternative........BUT it will cost you!!!

£200 quid infact... but we ask today.. is it worth it??

we shall be using the airpcap tx adapter from
www.crownhill.co.uk

this is a monitor mode enabled wifi dongle for the windows interface
this is at present the only way to achieve monitor mode in windows

we shall be using this in conjunction with another program called
cain and able...............download it here

http://www.oxid.it/cain.html

then go pay £200 quid for an adapter and when it arrives you must follow the install instructions to a tee
once that is done we shall continue....

[slayer]

right you have your adapter installed and you have cain and able installed
we hope.......... if you aint then the rest wont work

open up cain .....(with your adapter plugged in)

and navigate to the wireless tab
where it says "adapter for dialup and vpn capture" you must choose the airpcap00

then simply click "passive scan"

when its found all the networks you can click "stop"

ok now note the channel number of the network you wish to target

where it says channel hopping..... change this to the channel of your target

and check the box that says "wep injection" arp requests

the tx rate should be 2

now click "passive scan" and wait for the rest of the night to collect enough "unique WEP iv's"

you will need around 500.000 of these and then you can click "stop"

now click the "analyze" button and choose your file

choose korek's attack and then hit start.......

thats it..... wep cracked

[Admin]

I'll email them and see if I can get my hands on one mate.. I certainly would like a look at one of them

[slayer]

ok so you want to crack wpa with the airpcap and cain solution

read on and i shall show you how

its pretty much the same as cracking wep but there are a few rules to adhere to with wpa

your target network MUST have a WIRELESS client connected to it
this is because we need to kick this person off the network and then capture the info it creates when they rejoin 5 seconds later.... its called a 4way handshake

and you must also have a massive dictionary file containing as many words as possible... the complete brittanica is NOT enough...
you will need a file of millions of words and phrases..english and foriegn..every language known to man..including cling-on and swahili
round about the 40gig level......SERIOUSLY

ok select your airpcap adapter as the wireless capture adapter..
check the box marked "WPA-PSK auths..send to cracker
then click "passive scan"
then click your target network
when you click the network the wireless client will show up in the box beneath

you need to then right click the client and choose "deauth"
do this 2 or 3 times....
this action kicks the client pc for a few seconds and then captures its handshake as it rejoins the network...you have your 4 way hand shake

ok now click the cracker tab
and browse down the left hand side till you reach WPA-PSK auths..(click it)
now choose the relative file and right click it
then choose dictionary attack
navigate to your massive dictionary file and click add
then click start

the way wpa is cracked is that the password for the network MUST be in your dictionary file... hence the need to have such a large extensive file..
brute force is an option but you will need to live till your about 15 million and i dont think that is gonna happen do you

[Admin]

Im trying to remember where the best place for dictionary libraries are.. the only ones I can think of that are safe enough for the normal home user to navigate to and find are

http://astalavista.box.sk

Or maybe torrent downloads/emule

I know some of the sites offering them need a higher level of security because of unauthorised downloads in the background and I dont want anyone to blame us here..

The important thing to realise with dictionary attacks is the variety a simple word like 'spam' makes massive variables

spam
SPAM
Spam
sPam
spAm
spaM
SPam
sPAm
spAM
SpAm
sPaM

this goes on until we reach 64 variables. For four characters! These are all different variables, a password is case sensitive This is simplified as well, words of 5 characters only using the basic lowercase alphabet can generate thousands of options, then 8 characters can product millions, billions if you throw in any glyphs..

When slayer says you need masses of words and different spellings.. hes not joking.. this really is something that people sell on the internet, dictionary files amongst crackers sell for big bucks..

stealing many of them and combining them into one compound volume on a set drive with a secure backup is NOT uncommon in this type of work...

[slayer]

you may wish to download "gibberish" word files too

by this i mean dictionary files containing special characters and nonsense words

it will also help if you have 2 copies of all your files..1 with no spaces in it between words and the other with spaces....

not as easy as ya thought is it....

you have to put the effort in to get rewards out

[Admin]

I didnt cover that for a reason, it makes it complicated



But its correct, add all the characters on the keyboard, all of them, the weird ones too (glyphs) ^|`¬ all of them

They need to be added to the fastest HDD you can get solely for the dictionary libray.. ideally raid it, stripe it so it can read faster. This is how you make it better. Some brute force systems can hit at a rate of 300-500 words a second. The likes of zip file crackers, rar file crackers 500-1000 per second... the normal dictionary up to the letter E using only the words below 4 characters, standard words only will take the best part of an hour and a half....

More reason for us to say use the best security, and to pick something weird!!

average keyboard has 103 or 108 key options.. it may take time to find it...

108 key keyboard offers 10,077,696 options basically

[slayer]

complicated ........yes........

the process may seem easy
but cracking a mainstream encryption algorithm is not something to be sniffed at

AES is one of the most complex encryptions out there at the mo
even the government use it to encrypt TOP SECRET info

now you see why the penalties are so high for smashin it

but it does feel bloody good when you do it

[Admin]

The government in the US and UK has a key to unlock all major public release encryption protocols.. it prevents terrorism or so they claim.. the likes of software a few years back called Kremlin gave home users that top rated encryption systems on the market and beyond..

Odd how the company does no public trading anymore..

coincidence??

[Admin]

Quote:

Originally Posted by slayer

even the government use it to encrypt TOP SECRET info

Yes but they still leave the bloody laptops on the ferkin train systems!! and one in a cafe with details of all major under cover military personel...

tw@ts...