Вы находитесь на странице: 1из 31

Kismac: The Ultimate WiFi Stumbler

http://easymactips.blogspot.in/2009/03/kismac-ultimate-wifi-stumbler.html
How to Crack WEP / WPA Step by Step
KisMAC for Dummies & Step by Step KisMAC Tutorial
KisMAC Tutorials for dummies, beginners & advanced users
Update of update : a Brand New Improved Video in HD, con la musica muy entertain
ing is available at the end of this post. it should cover KisMAC 101 and walk y
ou trough WEP and WPA cracking
For the curious, advanced users and KisMAC geniuses , we have the following arti
cles available:
Best Wifi Card for KisMac about 20 X more powerful than Airport or Hawking
Troubleshooting KisMAC
KisMAC Q&A
Cracking WPA with KisMAC
KisMAC Resources
KisMAC Deep Digging , Advanced Features
How To Install Aircrack On Mac
Best Wifi Card for KisMac about 20 X more powerful than Airport or Hawking
Before you post a question, PLEASE be sure to Read the 3 following post:
KisMAC + KisMAC troubleshooting + KisMAC Q & A
Once you are sure that the answer to your question can not be found, Please, Pos
t your question in the Q&A Article: CLICK HERE.
ALL QUESTIONS WITHOUT KisMAC Version and OS Full Version will be ignored. Please
Include Model and FCC number of the Network Adapter (the USB thingy) if applic
able. And YES the FCC number is on it! and NO, it's not the MAC address.
Cracking WEP with Injection
Cracking WEP without Injection (Airport, Airport Extreme)
Cracking WPA
KisMAC Troubleshooting Guide
KisMAC Resources Dictionary file, Password list, etc
KisMAC is a free WIFI Network discovery tool and has a large array of powerful f
eatures: Detection, Authentication, Injection, GPS, and the ability to crack WPA
& WEP keys.
KisMac is really powerful and leave Windows based NetStumbler in the dust. By a
large margin.
Kismac is not for absolute beginners and the first step with KisMAC is to read t
he FAQ. The second step is to read the FAQ again.
Just a little legal warning:
- It is illegal to download, possess, and/or use Kismac in Germany, Austria, Swi
tzerland and Lichtenstein (StGB 202c)*
- It is illegal, in most countries, including the USA, to crack or attempt to cr
ack, penetrate, listen to, intercept, or Inject any WI-FI network others than your
s, or Networks where the unequivocal permission was not given to you by the righ
tful owner.
- Kismac is a tool that should be used on the sole purpose to check and/or verif
y, audit your own network
Now that I warned you :-) you can enjoy it!
Cracking WEP with Re-Injection
Whatever you do, if you have an injection device (WIFI card or USB Adapter) DO N
OT install the drivers of the card / USB adapter.
DO NOT INSTALL DRIVERS FROM THE CD PROVIDED WITH THE DEVICE unless you have rea
d this post
How to Crack WEP Step by Step
This tutorial is solely for you to audit your own network. I take no responsibil
ity whatsoever, implied or not.
If you NEED an access, just ask politely your neighbor and either share the cost
or discuss with him. A six-pack can be used as lubricant.
Cracking with Injection device
(Hawking HWUG1 shown here, RT73 Chipset. DO NOT BUY THAT ONE
Read review and comparison before: best card is here
Best Wifi Card for KisMac about 20 X more powerful than Airport or Hawking
The most successful method by far, with one little issue: you will NEED a Re-inj
ection device: Either a USB WIFI Adapter or a WIFI card.
But, here comes the trick:
-You cannot use any WIFI card: You must use specific ones.
The list of approved hardware is here: http://trac.kismac-ng.org/wiki/HardwareList
As of today, you can NOT inject packet with your Airport / Airport Extreme Apple
card alone.
Step 1
Download KisMAC from a trusted source such as: http://trac.kismac-ng.org/wiki/Do
wnloads
Install KisMAC
Plug your Injection device, Whatever you do, DO NOT install the drivers of the c
ard / USB adapter, or you may dearly regret it.
Start KisMAC
Step 2
On the Tab KisMAC >>> Preferences >>>Drivers
Select your Injection device i.e. : USB RT73 device
If you have a doubt on what to choose, check the "approved" hardware list.
Click on Add
Check box Use as primary device
Select All Channels Correction: Select only 1-11 If you are in USA, 1-13 If you
are in Europe, 1-14 if You are in Japan.
In some Cases, Ch 12-14 can pick up interferences from other home devices: Stay
within 1-11 !
Check box keep everything
Close Dialog Box

Step 3
On the main screen, select Start Scan
KisMAC is now listening to the accessible networks
Look for a network with a WEP key (column ENC), a good signal as well as traffic (
see Packets and Data)
OR
Enter WEP on the search box (top right) and select encryption to filter the results
If the Column ENC is NO, the network is OPEN: No need of cracking anything
Once you have selected a network, look for the CHANNEL of the network, i.e 1, 2
etc
Go back to Preferences >>>> Drivers
Select only the Network selected i.e 1
Step 4
Let KisMac work for 5 minutes collecting data
On the NETWORK Tab, select Reinject Packets
KisMAC will now try to reinject packets to speed up the process
Keep an eye on the Unique IV's number, once it has reach at least 130,000 (200,000 i
s recommended) you may start considering cracking.

Step 5
Once you have collected enough, On the NETWORK Tab, Select Crack >>> Weak Schedulin
g Attack >>> Against Both
KisMAC will now try to crack the key
Reminder: the more Unique IV's you have collected, the greater are the chances to
crack the key.
I have experienced crack as fast as 10 sec with 200,000 Unique IV's (on a 64 bit k
ey) and sometimes 30 minutes with only 110,000
If you know for sure that the key is either 40 bit or 104 bit, then select the a
ppropriate one. If you are not sure, select "both"
40 bit is a 64 bit (40+24)
104 bit is a 128 bit (104+24)
If you have followed the steps, you should see something like that appears :-)))
remove the semicolon, and there you have it, or take a look at the main screen u
nder Key or ASCII Key

How to crack WEP / WPA with Airport Extreme, Passive mode
WITHOUT Injection Device (Airport, Airport Extreme Alone)
WEP attack
Step 1
Read the FAQ http://trac.kismac-ng.org/wiki/FAQ
Step 2
Read the Newbie Guide http://trac.kismac-ng.org/wiki/NewbieGuide
Step 3
Download KisMAC from a trusted source such as: http://trac.kismac-ng.org/wiki/Do
wnloads
Last build is 0.3.3
Install KisMAC
Start KisMAC
Step 4 (without an Injection Device)
On the Tab KisMac >>> Preferences >>>Drivers
Select your card. (Capture devices) i.e : Airport Extreme Card, Passive Mode
Click on Add
Select Channels 1-11
Close Dialog Box, and select Start Scan on the main window
A dialog box opens and load the card. Your Admin password may be required.
Step 5
KisMAC is now listening to the networks accessible
Look for a network with a WEP key (column ENC), a good signal as well as traffic (
see Packets and Data)
If the Column ENC is NO, the network is OPEN: No need of cracking anything
Once you have selected a network, look for the CHANNEL of the network, i.e 1, 2
etc
Go back to Preferences >>>> Drivers
Select only one Network selected i.e Channel 1
Step 6
Be patient: open a beer, pour yourself a nice glass of wine or have a nice cup o
f coffee.
Without an injection device, you will need to collect a minimum of 130,000 uniqu
e IV's before you can start cracking a 40/64-bit WEP
Recommended:
200,000 Unique IV's for weak scheduling attack on a 40/64-bit WEP
1,000,000 Unique IV's for weak scheduling attack on a 104/128-bit WEP
It may take a long time (based on: Network traffic, re-injection or not)
Those are recommendations. Weak Scheduling is basically a statistical attack: Th
e greater the number of IV's collected , the greater the chances.
Are you in a hurry? : Capture with KisMAC, Crack with Aircrack-ng
You can have a successful recovery with as low as 21,000 IV's
Step 7
Once the packets are collected, Go to the tab Network >>> Crack and select the met
hod,
For a start, I would suggest: Crack >>>Weak Scheduling Attack >>> Against Both
Once started, you'll have to wait between 5 and 20 minutes depending on your machi
ne for KisMAC to try all the keys.
The more packets you have collected, the better are your chances to be able to c
rack the key: The WEP Attack is Statistical, hence ....
WPA crack / Attack
>>>>> Packets RE-Injection DOES NOT WORK on WPA attack <<<<<<
>>> I said RE-Injection and not "Injection"
In order to crack a WPA key, you'll need the handshakes, a serious dictionary fi
le or fileS and a LOT of CPU time. Hours and probably days of it. (read the "I a
m bored part" at the end)
You first need to capture 4-way EAPOL handshakes (connection between the compute
r and the network) -When captured, you'll see the Ch/Re red dot turns green. You
are ready to try...
To speed up the process of capturing the 4-way EAPOL handshakes, you can try a d
eauthenticate attack: it will force the network to shutdown and restart, hence s
peeding up the process.
Go to Network >>> Deauthenticate
Some network may recognize the attack and change channel.
Once the Ch/Re is ready, Go to the tab "Network" >>Crack >>WPA
It will then ask you for the dictionary file, select the file you want to use, a
nd start...
Nota Bene:
KisMAC will try every word (from the list provided) to attempt to crack the key,
hence it may take a lot of time....if you have a slow machine, be really patien
t.
I have a not so bad machine, and I run about 170 words per second. You can leave
a comment with your config and speed for me to compare.
Mine: MacBook Pro 2.5GHz Intel Core 2 Duo + 4GB DDR2 SDRAM : about 170 Word/sec
As for the Dictionary files, you can find links on the KisMAC website or take a
look at the "RESSOURCES" post.
Note on dictionary files:
Wordlist = dictionary file
- The words are tested "as is" and not in combination.
Example: the password is "I love Kismac"
If your dictionary contains the words "I" + "love" + "Kismac" it will NOT work,
your wordlist must contain the exact (verbatim) "I love Kismac" as a word to suc
cessfully attempt to crack.
The files must be a text format .txt and contain a empty line at the end.
KisMAC Troubleshooting Guide , KisMAC Issues, KisMAC Ressources are on the NEXT
post....
KisMAC for Windows, ditto...next post
WPA: Wordlist links and files Download are here
Labels: Crack WEP, Crack WPA, KIsMAC, Network Audit, WIFI Crack, WIFI Stumbler
125 comments:
AnonymousJuly 3, 2009 at 12:10 AM
Nice tutorial!
What does the color of the circle under Ch/Re mean?
Does green mean it's ready to crack?
Reply
MeJuly 3, 2009 at 8:41 AM
It depends on type of encryption:
None or Open: Green by default
WEP
red: undefined key (not cracked)
Green: Defined key (cracked)
WPA
red: Handshakes not captured, no need to try to crack
green: Handshakes captured, you can try to crack
Reply
AnonymousJuly 13, 2009 at 5:10 PM
Hi,
Nice blog, at least smtg clear to understand how to use kismac, great thx.
Anyway I got a pbm to get a wpa key.
I got the data packets ok, I get the green light with the deauthentification
, but when I ask to find the wpa I get this:
"the wpa key could not be recovered because of the following reason: the key
was none of the tested passwords.."
Reply
MeJuly 13, 2009 at 5:39 PM
Thanks for the cheers :-)
I have posted a detailed video on Ytube,
http://www.youtube.com/watch?v=lBGN5OGCPgI
I will post soon dic files.
Re: "the wpa key could not be recovered because of the following reason: the
key was none of the tested passwords.."
it's probably because your dic file does not contains the exact (verbatim) p
swd
KisMAC does not use a "real" Bruteforce attack to crack WPA, but a bruteforc
e on a list.
Take a look at the "nota bene on dic file"
Using real Bruteforce (a,aa,aaa,aaaa,...abaaa, etc) would be un-human and yo
u'll be dead long before cracking a 10Ch ASCII.
Read the "I am bored" part for an idea of how long it may take...
Reply
AnonymousJuly 18, 2009 at 7:35 PM
Hi ! Very very nice blog !
2 questions :
- to crak wpa key what kind of USB device i need ? (name please)
- what does mean dictionnary file !??!
Thanks a lot !
Reply
MeJuly 19, 2009 at 10:36 AM
Hey,
Thanks for the comment.
All answers to your questions are posted in the second part of the post, loo
k in Resources and Troubleshooting.
Read carefully the WPA part as it can be a long process to crack a WPA key.
dictionary files are also known as wordlist
Reply
AnonymousJuly 23, 2009 at 11:32 PM
Don't use kismac to crack your handshake. If it writes it to PCAP format as
it should, you should be able to get about 300 keys per second out of it (I can
do so on a 2.2 intel dual core with 1GB of RAM).
Reply
MeJuly 24, 2009 at 1:57 PM
"Don't use kismac to crack your handshake"
Sorry, I am not sure I follow you.
we're talking WPA here, correct?
According to KisMAC, the only way, with KisMAC to break a WPA is to use a wo
rdlist.
Handshakes or 4-Way EAPOL are not cracked, they're captured. The Deauthentic
ate attack speeds up the process of D-auth.
If you have another solution(with KMac) please let me know in details,I'll b
e really grateful
WEP: between 1000 and 3000 key per second
Reply
SergioAugust 13, 2009 at 1:52 AM
Hi I have some problems to find Kiss Mac Dictionary files. can you post a li
nk please.
Thanks
Reply
MeAugust 13, 2009 at 9:08 AM
Hello Sergio,
The Wordlists, or Dic files are posted here
http://aloah.free.fr/Mactips/home_En.html
you'll also find a builder or expander to create larger Wordlist
It was explained in the "resources" section.
When using KisMAC, you should familiarize yourself and read the FAQ and trou
bleshooting before. A lot of things can go wrong and you will save a great deal
of time
Reply
AnonymousAugust 25, 2009 at 2:28 PM
I Unfortunately installed Ralink Rt-73 USB driver via CD~ BEFORE~ I intalled
Kismac. So Kismac recognizes it but will not connect to it in Preferences. Shou
ld I uninstall USB wireless utility, removing all traces in the preference panes
and start over? once uninstalled should I be able to simply plug in my USB devi
ce and Kismac will now connect to it?
Reply
MeAugust 25, 2009 at 3:07 PM
yup,
Uninstall thoroughly everything you have installed via the CD, or better, us
e your Time Machine.
take a look at the post "ressources" for KisMAC, you should find some info.
If not, look into the console log.
Also, KisMAC should return an error, please indicate what type (for a better
debugging)
Reply
JSeptember 23, 2009 at 2:35 PM
hi there, congrats for the nice job here....
i woud like to ask you if on a MBP I get a usb device rt73 Hawking HWUG1 for
ex, do I need to install subversion, xcode and compile kismac explained on this
link?
http://screammy.name/projects/kismacmacbook/
I really hope not.... :)
Will you advice me about the USB devise "rt73 Hawking HWUG1 "and "rt73 Hawki
ng HWUG1A" , whats the diference between them and your opinion about this USB DE
VICE "D-link DWL-G122?
This blog will be from now on my favorites...
Thanks in advance and keep the good work
J
Reply
MeSeptember 23, 2009 at 2:46 PM
Hi J,
Thanks for the cheer up.
I have posted a reply on the Q&A part of the "Troubleshoot" Kismac
(Few posts down)
Reply
jaySeptember 23, 2009 at 5:16 PM
Thanks for your repy,...really appreciate.
Im gonna try the usb AWUS036s, but I see also that Alfa got a usb AWUS036H d
evice, more powerful..., is it also compatible with kismac 0.2.99 ?
http://www.data-alliance.net/-strse-73/802.11g-USB-802.11b-high-dsh-power/De
tail.bok...
Ive got a MBP 2.4 Ghz Intel core duo with 4 Go 667 DR2 SDRAM
Thanks in advance :)
J
Reply
MeSeptember 24, 2009 at 2:55 PM
Have you read the post(s)?
Reply
AnonymousDecember 1, 2009 at 1:43 PM
Hey!
great blog, I learned more that just cracking wep keys. I just have one ques
tion: where do I enter in the wep key to gain access to the network? I'm a silly
newb so after I got the key I simply clicked on the wifi icon on my toolbar and
entered in the 14 character wep key which failed to connect to the network. Obv
iously I was totally wrong in doing that so where am I supposed to enter that ke
y?
Thanks =)
Reply
MeDecember 1, 2009 at 5:40 PM
Wifi icon on toolbar:
The Airport icon?
you just need to enter the ASCII key in the appropriate network
If you enter the Hexadecimal Key, don't enter the semicolon
i.e 12:45:34 would be 124534
Reply
AnonymousDecember 22, 2009 at 7:59 PM
This blog rocks! I actually was able to find a Linksys router at one of my e
mployee's desks by tracking the MAC address in our network monitor. Killer tutor
ials.
I have one question though. There is a network that I can't seem to crack. I
t's using WEP but the channel keeps changing. Does kisMAC support this or is the
re a workaround?
Thank you for all the time you've put into this!
Reply
MeDecember 22, 2009 at 8:15 PM
To Anonymous
"There is a network that I can't seem to crack. It's using WEP but the chann
el keeps changing."
Are you using a passive mode or using re-injection?
It's possible that, if using re-injection the router detects it and change c
hannel. it's rare but it can happen.
Try both ( passive and re-injection) and see if you detect a change.
Console.app may give a hint (not sure though)
Reply
AnonymousDecember 22, 2009 at 8:25 PM
I've tried both passive and re-injection mode. I can actually see it change
channels in the "show networks" window. The device is listed as a Netopia and I
see from the details that the main channel is 6, but it bounces around to 4, 6,
and 8.
Oh well... I guess you can't break them all... :)
Thanks for your quick response by the way...
Reply
MeDecember 22, 2009 at 8:41 PM
It's strange that is bounces on passive. Do you know if it is a very dense n
etwork grid?
Go to the Q&A, look at the end of post, and send me the Network, MAC address
, etc by email. I'll look if I can find something
Reply
misMacFebruary 7, 2010 at 4:33 PM
hi, nice tutorial, but i still cant get it working. I am trying to crack my
own network(WPA). I have usb wireless stick i found network, get green light on
ch/re, try to crack it with dictionary file but i get message that network could
nt be cracked because password doesnt exist in the file. I put my own password i
n the file so it has to be found. Help please?
Reply
MeFebruary 7, 2010 at 7:54 PM
mismac:
I think it is already answered:
File must be .txt and contain an empty line at the end
Passwords are tested "verbatim"
Reply
MortenFebruary 25, 2010 at 6:57 AM
Hi there, first of all, great guide!
I've got Kismac .30 installed on a Mbpro running 10.6.2, and got hold of a R
T73-device (Edimax ew7318usg) (and haven't installed any drivers) I'm trying to
gain access to my own (naturally) wep-encrypted network, but when I've collected
about 100 unique IV's and i select "reinject packets" nothing happens, except i
t seems to be counting down through my IV's but not getting any responses, thus
not generating more.
...I can of course just scan longer and wait passively for several hundred t
housand Iv's, but I'm just wondering: Are there "good" Iv's and "bad" ones, or w
hy are there no responses?
Regards!
Reply
MeFebruary 25, 2010 at 9:03 AM
Morten,
collecting packets is like collecting rain water, the more it rains, the mor
e you collect...
If the traffic is slow, you can wait a long time for a good packet to re-inj
ect.
So, when RE-injecting, you have first a "Waiting For Interesting Packets"
(look a the video, 04:34)
To Speed up the process, just go on youtube, and rewatch the video. (Awaitin
g for a Grammy) During that time the traffic will likely increase and you'll get
a bunch of "good packets" to re-inject.
You can also look at:
http://easymactips.blogspot.com/2009/07/kismac-ultimate-stumbler-ressources.
html
and read the "Can't Collect IV's" part. it's pretty straightforward ;-)
Reply
RaffiMarch 7, 2010 at 3:27 PM
Hi,
I have MAC OS X 10.6.2 and KisMAC 0.3
I have found the WEP
I have 250.000 Unique IV's
I went to Network/Crack/Weak Scheduling Attack/against both
Now it's written Weak Scheduling Attack....
Checked 3500,000 and it is still going
Why can't it find the WEP key?
Reply
MeMarch 7, 2010 at 6:10 PM
Raffi
http://easymactips.blogspot.com/2009/07/kismac-ultimate-stumbler-ressources.
html
Reply
AnonymousMarch 8, 2010 at 1:17 PM
Hello!
I installed the 0299 version of KisMAC on the 2008 iMac, I found a WEP netwo
rk (do not know if at 64 or 128 bit), I've been collecting IVs (about 500,000) b
ut when I make a weak scheduling attack, is still the same key does not work (AS
CII key 5 characters). I had already tried it with 130,000 and with 200,000 as r
ecommended but the key is always the same and does not work!
You recommed me waiting 1,000,000 or 2,000,000 IVs or start again? May have
caught handsnake corrupt? Must decrypt the ASCII key in hexadecimal key?
Please Help me! If you want I can post pictures ... bye
Reply
MeMarch 8, 2010 at 1:29 PM
Anonymous,
Look at the previous post for Raffi, same issue.
>> Handshakes are for WPA
>> Re-start again , if you get the same key, the problem is somewhere else
>> Hex key must be entered without the semicolons
>> ASCII key must be entered verbatim
Reply
AnonymousMarch 8, 2010 at 2:30 PM
Hello.
I wanted to know why when I try a weak scheduling attack at two different ti
mes (about the same number of IVs) the first time out immediately the ASCII key
while at the second attempt began to test all the keys, etc. 1000 2000 3000 and
employs a lot time.Why?
Bye
Reply
MeMarch 8, 2010 at 6:00 PM
I suppose the answer rest in your question:
"(about the same number of IVs)"
Hence, not the same IV's
Use the same PCAP file (dump file) and you should have the same results all
the time
Reply
ChristinaMarch 30, 2010 at 1:35 PM
Hi there
It's my first time trying to crack a WEP encrypted network. Just moved into
a new apartment and there are 20 or so nearby networks taunting me, all encrypte
d (most WEP, I won't bother with the ones that have WPA encryptions.) I'm collec
ting data packets from the three networks with the best signals.
With one of the networks I have collected nearly 2.5 million data packets, w
ith only around 69K unique IVs whereas one of the other networks has only around
1million data packets and already 110K unique IVs. Any idea why this is?
Anyway, tried cracking the network with 110K unique IVs last night, left it
running for a few hours to no avail. Any idea where I could be going astray? Sho
uld I wait for more unique IVs and try again?
Thanks,
Christina
Reply
MeMarch 30, 2010 at 1:51 PM
Christina,
I do not condone, help, or promote illegal activities.
you seriously need to read the legal disclaimer: cracking an "unauthorized"
network is a crime, and by helping you, I would be also under the long arm of th
e law.
I suppose you would not appreciate your neighbors doing to same to you.
If I were to crack your network and penetrate your computer, you'll probably
be furious against me.
Nevertheless, if you want to succeed, read the part that mention:
"If you NEED an internet connection because you just moved, are in a new pla
ce, can't afford the monthly overpriced FIOS or UberDuper connection, then you'l
l need a SA-6p, SA-12PSA or SA-24PO"
it's right here in this blog, under Troubleshooting'
Good luck
Reply
ChristinaMarch 30, 2010 at 1:57 PM
Oops, I'm sorry- too much information, I should have known. But thanks for t
he tip.
Reply
Michael ScherMay 14, 2010 at 5:02 PM
Hi. I have followed all of the instructions, but I can't seem to get KisMAC
to scan in passive mode. I have a new MBP6,2 with Core i7 and AirPort Extreme (0
x14E4, 0x93) Firmware Version:Broadcom BCM43xx 1.0 (5.10.131.14.7). When I hit t
he scan button, I am asked for my password, which I enter, but after that, nothi
ng happens (ie - no scanning). Thoughts on this? Thanks.
Reply
MeMay 14, 2010 at 5:24 PM
New MBP 6.2 ??? You need to send me that beast ASAP (for me to conduct some
scientific test, research purpose only :-)
a ) check that video , step by step
http://www.youtube.com/watch?v=Pyiz2Mct6dk
be sure to hit "scan" and to have the proper settings for your Airport = Pas
sive mode
Also , KisMAC 0.3??? First Install?
Let me know ....
Reply
Michael ScherMay 14, 2010 at 9:39 PM
Yep, doesn't work. Nothing. I hit Start Scan, and it responds (ie- the butto
n IS pressed, but then nothing. No scanning, no info gathered,nothing.) I'm not
a newbie, so I'd like to think I can troubleshoot, but not on this problem. I fe
el it must be obvious, I'm just missing it.
BTW, 0.3 was my first install.
Reply
MeMay 14, 2010 at 10:11 PM
Check the Console.app for any weird message.
If you have growl, you should see a message "KisMAC Scan Started"
If you have correctly selected the capture device , Apple Airport Passive Mo
de" and it's not working, then the last before calling god is iChat + Screen Con
trol.
Shoot me an email ...
Reply
MeMay 14, 2010 at 10:12 PM
email link is in
http://www.google.com/recaptcha/mailhide/d?k=01UYrcOb9KW7S1kLXrqN6IKw==&c=Kc
RwiSDknB1ieUnMh8dINA==
Reply
b_baslerMay 27, 2010 at 2:18 PM
Hey just writing on the blog like you asked ;) Yes this is my first install
with KisMac 0.3 there was no .plist in the prefences folder related to kismac an
d I am correcting what i said to you before... There is no crashing I am able to
scan except it is extremely slow almost to slow that the program is impossible
to use and the thinking wheel is constantly spinning. Here is my information aga
in...
Snow Leopard - 10.6.3
KisMac - 0.3
Network Chipset - Card Type: AirPort Extreme (0x14E4, 0x8D)
Firmware Version: Broadcom BCM43xx 1.0 (5.10.91.27)
And here is what I pulled from the console...same errosr over and over again
until I quit..
10-05-27 7:45:10 AM [0x0-0x9c09c].org.kismac-ng.kismac[1136] 1_ERROR_DOMAIN
Code=-3900 "The operation couldn\u2019t be completed. (APPLE80211_ERROR_DOMAIN e
rror -3900.)"
10-05-27 7:45:12 AM [0x0-0x9c09c].org.kismac-ng.kismac[1136] Error Domain=AP
PLE
10-05-27 7:45:12 AM [0x0-0x9c09c].org.kismac-ng.kismac[1136] 80211_ERROR_DOM
AIN Code=-3900 "The operation couldn\u2019t be completed. (APPLE80211_ERROR_DOMA
IN error -3900.)"
10-05-27 7:45:16 AM [0x0-0x9c09c].org.kismac-ng.kismac[1136] Error Domain=AP
PLE8021
10-05-27 7:45:16 AM [0x0-0x9c09c].org.kismac-ng.kismac[1136] 1_ERROR_DOMAIN
Code=-3900 "The operation couldn\u2019
10-05-27 7:45:16 AM [0x0-0x9c09c].org.kismac-ng.kismac[1136] t be completed.
(APPLE80211_ERROR_DOMAIN error -3900.)"
10-05-27 7:45:16 AM KisMAC[1136] DEAUTH ALL 0
Reply
MeMay 27, 2010 at 2:59 PM
b_basler
Seriously, have you looked for any info on this page?
Try a Command + F or Google your error "80211 ERROR DOMAIN Code=-3900", that
will return :
http://easymactips.blogspot.com/2009/07/kismac-ultimate-stumbler-ressources.
html
Why do I see DEAUTH, are you trying to DE-authenticate?
Are you in your kitchen or in a dense WIFI Area?
Once you have thoroughly read the previous answers, If that does not work, I
need full config, including Mac, memory, apps running, etc
If you run kisMAC with no memory left on a G5, I can't guess it.
Reply
b_baslerMay 27, 2010 at 8:04 PM
Heh ya I did read that and I didn't choose channels 12 13 14 and what do you
know it works :) I don't understand why having those selected would cause it to
slow and freeze at times. No, im not in my kitchen im in my basement so not a d
ense wifi area. Thanks for your support!
Reply
MeMay 27, 2010 at 8:37 PM
Channels 12,13,14 are not used in the US. Only Japan uses 14
On those ranges, you are close to the range of Micro Waves Oven, Baby Monito
rs or cordless phones, they can "pollute" your WIFI connection. When in dense WI
FI area, the same can happen when too many are on the same channel.
So I guess, I was not sure before if it was the cause, now it's getting clos
er.
Reply
HanJune 14, 2010 at 12:17 AM
Sorry, im just a newbie.
1. Using your tutorial how to crack WEP with injection device (in this case
im using Asus WL-167G v2) RT73 chipset. I was curious, what for we doing reinjec
t packet? When i was using reinject packet, theres something written on it "got
a valid packet" injecting... and the right place theres a number or response. Th
e question is, how long should i wait for the injection finish?
you said that "KisMAC will now try to reinject packets to speed up the proce
ss" but the question is, when i reinject packet, how come it speed up the proces
s but the injecting never finish/done (question 1), OR it can FINISH? but in my
case, i have waiting the reinject packets finish, but over 6 hours the reinject
packet still there, not finish/done.
3. is reinject packet has affect with the unique IV?
4. just said that i have collected enough unique IV about 200.000, should i
turned the scanning off for doing the next step (against both).
5. if i collected unique IV without injecting, still i doing crack WEP using
RT73 and against both option?
6. What is different between 40bit with 104bit?
7. Which one cracking is the quick one? And why you said that quick? what re
ason?
8. What for doing test injection if you already know that your tools can doi
ng injection and the method you want to use is injection method
9. Sorry, im just curious. I already read the TSG (troubleshooting guide), F
AQ etc but i cant find the answer OR i understand the meaning.
sorry for my english. Im using MacBookPro 2009 earlier with SL 10.6.3, crack
ing tools is Asus WL-167G V2. the methode i want to using is cracking WEP
Reply
MeJune 14, 2010 at 8:45 AM
- The question is, how long should i wait for the injection finish?
Until you reach a minimum of 130,000 IVs
KisMAC will re-inject packets for as long as you keep re-injection active.
3. is reinject packet has affect with the unique IV?
- Short answer: Yes.
4. >> yes
5. >> yes, it's called passive mode.
6. Length of the encryption. 104 is "more secure"
7. If the encryption is 104 and you try to crack it as 40: Good luck!!!
8. Test means "test". it's a "TEST", hence not mandatory
9. You can Google a little and read, it seems to me that you are very confus
ed on what does what. i.e "cracking tools is Asus WL-167G V2" or even 40bits Vs
104.
Your Asus is not a "cracking too" it's a Network Adapter"
it only transmit data.
Reply
AnonymousJune 14, 2010 at 10:08 PM
hello. You seem to be the man to talk to!
i have a few questions for you.. hope you can help.
i have a macbook 10.5.8 2.4 GHz intel Core 2 Duo
2GB 667 MHz DDR2 SDRAM
loaded kismac 0.2.99- check
preferences- Apple Airport extreme, passive-check
scanning check
correct channel picked -check
dont have a external usb driver- so i'm doing it without injection.
network signal is strong for particular WEP, data being received packets als
o- the prob is no IVs-? it remains at zero..
now heres my question- can i crack network with just packets and (No) IVs !!
??? do they both have to be in the hundreds of thousands at the same time for th
e crack to work like you wrote (read alot of your info..maybe i missed another b
log)?.. also... getting the packets is tremendously slow and slow IVs on other n
etworks.. been scanning for over a hr and only have 18,000 packets so far as a e
xample of slow...IVs also still at zero...(is there a way to get the IVs going?)
as it goes for most of the networks also.... on other networks that i see.the m
ost IVs i got is less then a thousand as the highest out of all of them..and tha
ts in one hr...if i need 150k to 200k as a average...then doing the math at this
rate...150 hrs of collecting??? wow has to be a better way!!
note- i noticed before the channel rapidly changing on the particular networ
k..but now holding the same channel primarily at least for the last hour...
any advice would be appreciated
Reply
MeJune 15, 2010 at 9:11 AM
Your answer is here:
http://easymactips.blogspot.com/2009/07/kismac-ultimate-stumbler-ressources.
html
Can't Collect IV's
Can't Collect Packets
Packets Collection is very slow
Reply
AnonymousJune 25, 2010 at 11:53 PM
I fear I am probably running into an ID: Ten-t error, but I have been readin
g enough and not finding an answer so I am unsure that is all that it is.
A friend of mine taking a class in Internet security and told me about kisma
c, and I have learned much about how it works (and how often it doesn't) by play
ing with it and reading the various faqs and tutorials.
I have set up both a linksys and a 2wire routers, both with 40bit keys (and
both on channel 11 so I can collect packets simutaniously). But I have been unab
le to get the packet reinjection to bear fruits. I am using an awus036H USB adap
ter, and I can successfully do a test injection (the first 5 or so gems turn gre
en) and I can seemingly inject packets, but I have yet to get a respose from eit
her router.
I also have a question about authetication floods. The best description I ha
ve seen describes it as a flood of authentication requests, in the hopes of gett
ing a responce that reveals part of the encryption key. If that is the case does
that mean that this is another way of collecting unique IVs?
Thanks for putting together such an awesome collection of information. I pla
n on working my way through most of the rest of your blog over ne next week as t
hings like this fasinates me.
Reply
MeJune 26, 2010 at 12:03 PM
No ID10T error so far, but, try put yourself in my shoes:
If I were to ask you a question such as "My car does not work, what should I
do?"
What would be your first question back to me? Make? Model?
Same here. Otherwise I can assume that you have Win95 and KisMAC Trunk 0.01
The Second thing is: try to ask your question in the Questions and Answers A
rticle : http://easymactips.blogspot.com/2009/09/kismac-q.html
Thanks
Reply
BrandonJuly 4, 2010 at 2:32 AM
Dude props, this is the best unofficial user guide i have ever read.
Q: up to how long would a weak scheduling attack take with 200,000 unique iv
s, using the HWUG1A, os x 10.6.4?
Reply
MeJuly 4, 2010 at 9:32 AM
Brandon:
Answer & proof documented here:
http://www.youtube.com/watch?v=qHHLI__xhY0
Reply
AnonymousJuly 12, 2010 at 8:21 AM
Private tutorial ?
thanks
Reply
MeJuly 12, 2010 at 5:17 PM
Private tutorial:
Contact me here for details:
http://www.google.com/recaptcha/mailhide/d?k=01UYrcOb9KW7S1kLXrqN6IKw==&c=Kc
RwiSDknB1ieUnMh8dINA==
Reply
huleiDecember 5, 2010 at 2:16 PM
I try to find the proper place to post my response but I could not find it,
therefore I need some help on how to work my adapter with KisMac. I recently bou
ght a HWUG1 Hawking USB adapter with antenna from an ebayer, the problem is, whe
n I try to work this thing with Kismac I select the RT73 preference for USB, but
it gave me an error showing the following:
KisMAC was able to load the driver backend for USB RT73 device, but it was u
nable to create an interface. Make sure your capture device is properly plugged
in. If you think everything is correct, you can try to restart your computer. Ma
ybe your console.log and system.log show more details.
How do I fix this? I am using Snow Leopard 10.6 OS X, in brief the >$2000 17
-Inch Macbook Pro. Dang this computer is supposed to be good but what the heck?
The main goal I am trying to do is WEP cracking, I saw videos on youtube but
they don't have the specific case in which I have. Anyone can help that would b
e much appreciated.
Thanks
Reply
MeDecember 6, 2010 at 10:48 AM
Hulei,
As indicated in this article, in regards to the Hawking:
"(Hawking HWUG1 shown here, RT73 Chipset. DO NOT BUY THAT ONE"
The solution to your issue is here:
http://tinyurl.com/37x6bhv
Reply
MattDecember 27, 2010 at 4:57 AM
Would there be a reason that I am not collecting any Injection Packets? It a
lways stays at 0, so I can not reinject them to get more unique IV's.
Any help would well..... help :-)
Reply
GrasshopperJanuary 5, 2011 at 8:58 PM
has anyone tried to use Parallels or Vmware fusion running on OSX to try all
of the Linux WIFI-crack tools. Is it doable o not?
Reply
fadiyFebruary 11, 2011 at 5:20 PM
Hello,
I have Macbook pro 2.4 GHz Interl Core 2 Duo with Snow leopard 10.6.6
I bought the HAWKING HWUN3 " white " for mac , at the begining I installed t
he driver that comes with the HAWKING, then I saw your video and I removed the d
river with the uninstall utility that comes in the CD.
I download all versions of KisMac and none worked for me, your help is highl
y appropriated .
Reply
MeFebruary 11, 2011 at 5:31 PM
Fadyi,
You NEED to read a bit more. it's explained 10 times on this blog that you M
UST NOT INSTALL THE DRIVERS.
Un-install the Hawking drivers, and retry.
Also, if you can return the hawking, do it now. it's a piece of junk.
Read this article: http://kismaxx.blogspot.com/2008/11/kismac-best-compatibl
e-wifi-card-re.html
Reply
fadiyFebruary 11, 2011 at 5:43 PM
The problem I found out about your blog , after I did the installation . I m
anaged to uninstall the drivers.
It will cost me more to return the Hawking card, the funny thing is that thi
s card was recommended on another site to be used with Macbook and Kismac.
Reply
MeFebruary 11, 2011 at 6:01 PM
Fadiy,
Which website?
The white hawking is the same as the grey one. Chipset is the same, spec are
the same.
The only difference is the software, that you can not use(!)
The Card that I recomend is cheaper than the Hawking and has 8 times more ju
ice. If you can get a signal 3000ft away with the Hawking, I'll buy you a drink.
it's explained in details here:
http://kismaxx.blogspot.com/
If your drivers are properly un-installed, KisMAC should be running with no
issues.
Reply
alMarch 29, 2011 at 10:13 AM
Im using KISMAC 0.3.3 and TL-WN321G on RT73 device. Everything looks correct
, but I CANT reinject packets because appears NO SSID or HIDDEN SSID.
Reply
MeMarch 29, 2011 at 10:18 AM
question already answered
Reply
jVirusMay 22, 2011 at 1:56 AM
What of Adapters that function also in the "n" networks?
Reply
AnonymousJune 10, 2011 at 12:36 PM
Hi everybody,
this blog it's great!!
I'm just a beginner on KisMAC and I'm trying to crack my own network with WP
A... but I've a question that I've no read in the Q&A: how long it takes for a d
eauthentication attack? I mean how many hours, more or less. Because after 3/4 h
ours the handshake dot is still red...
Thanks for any help!
Reply
AdminJune 10, 2011 at 5:19 PM
between 5 sec and eternity.
"Step 1:
Capture the 4way Handshake
Before doing anything, you need to capture the handshake between the AP (Acc
ess Point) and the Client. The handshake is sent when a client connects to the A
P. This process of "listening" to the AP-Client can take some time. In order to
speed up this process you can use a Deauthentication Attack. The Deauthenticatio
n is a bit like a Ddos and will simulate a "kick out"and force the AP to respond
."
Reply
AnonymousJune 10, 2011 at 6:45 PM
...got it!
it seems that I'll have to be more patient ;)
thank you so much
Reply
AdminJune 10, 2011 at 7:15 PM
if you make a connection, the handshakes will be sent again. use airport ..
Reply
AnonymousJune 13, 2011 at 10:52 AM
Hi everybody,
I'm still the last "anonymous"... first of all, thankyou so much for your he
lp!
But now... 2 more questions!
1. Once I get the handshake and launched the wordlist attack, kM suddently c
rash/stop after few seconds. Why did it happen? (worlist are .txt and with empty
line at the end)
2. May be due to the fact that I've to stop scanning before launching wordli
st attack? I think to have read something, but I don't find it anymore!
kM 0.3.3- MB 2.2 Ghz - Mac OS X 10.6.3 - AWUS036H
Any help will be appreciated!!
Reply
AdminJune 13, 2011 at 4:26 PM
=> A bug in KisMAC 0.3.3 prevents from using a wordlist on a WPA key recover
y while on 64-bit
Either, Select the 32-bit option on "Get Info" on the KisMAC.app (Finder >>
Applications Folder >> KisMAC.app >> Get Info)
Or use KisMAC 0.3.2, 0.3.1 , or even better: Aircrack-ng
=> http://easymactips.blogspot.com/2010/10/how-to-install-aircrack-on-mac.ht
ml
Yup, a lot of anynymous, you guys should use pseudos: that will make the com
ments more readable :D
Reply
AnonymousJuly 7, 2011 at 9:26 AM
Good morning, I bought the ALFA AWUS036NEH 150Mbps and when I plug it to my
MacBook Pro 10.6 Snow leopard, it does not recognize it. I install the driver ON
LINE due to the fact that the box came with a mini DVD and MAC do not like these
, as they get stuck in the DVD device, so I went to the ALFA site and download t
he correct driver for 10.6
NOTHING!!! Still not recognizing the drive or the chipset when plugged in, I
am trying to use Kismac and I always get error messages like:
Could not instantiate Driver.
KisMAC was able to load the driver backend for USB Prism2 device, but it was
unable to create an interface. Make sure your capture device is properly plugge
d in. If you think everything is correct, you can try to restart your computer.
Maybe your console.log and system.log show more details.KisMAC was able to load
the driver backend for USB Prism2 device, but it was unable to create an interfa
ce. Make sure your capture device is properly plugged in. If you think everythin
g is correct, you can try to restart your computer. Maybe your console.log and s
ystem.log show more details.
No injection driver.
You have no primary injection driver chosen, please select one in the prefer
ences dialog.
Please help !!! Thanks...
Reply
AdminJuly 7, 2011 at 9:42 AM
Dear anonymous,
It's the morning here. I was having a nice cup of Joe when I read your post:
I almost barfed the coffee on the screen!
Presently my co-worker is banging his head on the desk.
You have *OBVIOUSLY* failed to read ONE single line of this blog. You can't
possibly have tried.
If you need personal tailored assistance, for any reason, including because
you do not want to be bothered and wish to be able to use KisMAC like a pro, We
have the KisMAC School. It's the best help you can get.
it's here:
http://easymactips.blogspot.com/2009/11/kismac-school.html
Reply
AnonymousJuly 10, 2011 at 12:37 PM
Admin,
Kisma 0.3.3, Alfa awus036h, mac osx 10.6.8.
Trying to reinject on my wep.
1) I am really just wondering, when i do a test injection it just hangs and
waits, nothing populates in the boxes is this normal for a slow network? Also wh
en I actually perform a re-injection on the wep network, it just creeps along. I
s this truly just due to the lack of activity on the wep network?
2) Also I thought re-injection sped up this process regardless of traffic on
the targeted wep network, or am I misunderstanding.
3) Finally, does re-injection only speed up when there is normal traffic and
not when there is hardly any?
Thanks for answering the questions, I have been reading the blog, and saw th
at this takes time, I also checked everything on the AWUS usb and it is a legit
model.
Thanks again,
Vincent
Reply
AdminJuly 10, 2011 at 1:11 PM
Vince,
1) "is this normal for a slow network?"
No, Slow or not, the injection TEST should work. It tells you that everythin
g is in order to work, and the (actual) speed of the network.
2) "Is this truly just due to the lack of activity on the wep network?"
-Mostly. Try to open multiple youtube video to maximize the traffic on the n
etwork. You should see the data flying up. Then Re-inject.
3) "only speed up when there is normal traffic and not when there is hardly
any?"
Re-injection is made to artificially increase the # of IV's. Once Re-injecti
on has started, the amount of traffic will have very little impact.
Reply
AnonymousJuly 11, 2011 at 7:20 AM
Admin,
Thanks for the quick response.
In reference to my first question any thoughts on why injection/reinjection
wouldn't be responsive for the test?
And i begin an authentication flood, not sure if this increases traffic, and
next begin re-injection after i have some iv's and packets, when i am re-inject
ing i do get 200 or so responses, it just seems minimal to other examples online
, including yours, I have seen.
Any other additional feedback is appreciated.
Thanks again,
Vincent
Reply
AdminJuly 11, 2011 at 8:49 AM
Why use a DE-authentication? the network is not hidden, is it?
As previously explained in the blog, de-hauthentication forces the AP to re
send the authentication frames, hence de-cloaking. it may (possibly, sometimes,
not sure, it depends) force an ARP , but that would depend on the router.
http://easymactips.blogspot.com/search?q=deauthentication
On the top of that, when using deauth, you leave the cover of stealth and be
come visible. FYI, I could detect you, counter your attack, and locate you very
precisely.
" do get 200 or so responses, it just seems minimal to other examples online
"
the pop-up window says "received 200 responses, re-injecting" ?
In that case, re-injection is working. Working very well as a matter of fact
. You just need to let KisMAC re-inject enough IVs. Re-injection is NOT instanta
neous.
Reply
AnonymousJuly 11, 2011 at 12:40 PM
Admin,
Thanks again for the feedback.
It was my misunderstanding of the flood as a de-authentication technique. I
understand your statement now.
Also for the reinjection I was just puzzled why the test woulf fail, then wh
en I would try the normal reinjection I come back with responses. I have roughly
gained 40k ivs over 3+ hours of listening and reinjection.
Finally I guess my questions stem from whether this timeframe is normal when
trying to snap a wep with little traffic in your experience.
Again, truly do appreciate the feedback and help with learning this tool, so
rry any perceived ignorance I display.
Thanks again,
Vince
Reply
AdminJuly 11, 2011 at 1:07 PM
"I was just puzzled why the test woulf fail,"
That, I need to see in details. i.e Quicktime. + Console log.
"..timeframe is normal when trying to snap a wep with little traffic in your
experience"
Yes, but as it is your network, I clearly stated to open multiple YT to boos
t the traffic. The more traffic, the better.
"Again, truly do appreciate the feedback"
No problems, everyone has to learn one day.
It's just when people show a strong belief of entitlement coupled with ruden
ess and the spelling capabilities of a lolcat, then, I must admit that the answe
r is not that... nice.
have a good one.
Reply
AnonymousJuly 11, 2011 at 8:41 PM
Admin,
One last quick question, what is your preferred loadout, which version of Ki
smac do you utilize or is it a combo of aircrack and kismac?
Thanks again,
Vince
Reply
AdminJuly 12, 2011 at 10:47 AM
KisMAC 0.3.3 in 32 bit mode + Aircrack-ng 1.1
Reply
AnonymousJuly 13, 2011 at 8:58 AM
can't install kismac please help
Reply
AdminJuly 13, 2011 at 1:53 PM
Sure...
Are you trying to install kismac on a fridge?
Reply
AnonymousJuly 16, 2011 at 7:22 AM
no its a brand new HP pc with 7 home premium. .dmg is doing nothing?
ihave tried 10 time fucking fedup
Reply
AdminJuly 18, 2011 at 8:00 AM
Ah, Windows 7, ok...
Do You have an error when you try to install? Something like Err Id 10 T
Probably the DMG on Win7. Try with KisMAC.exe
Reply
AnonymousAugust 26, 2011 at 11:33 AM
Hi, i tried, and i recover 140.000 uniques, but i try and fail, i forget "ke
ep everything" now im trying again, i have a mac, SL, with only airport express
so no reinjects avaliable. some tip?
Reply
AnonymousSeptember 22, 2011 at 7:43 AM
Hey there,
Should I stop scanning the available networks while running a weak schedulin
g attack (both), or just let it continue to run?
It's taking forever; OS Snow Leopard, Airport Extreme Passive mode, with ove
r 2,000,000 packets collected. I've had weak scheduling going for over 24 hours
and no luck. Would turning off the scan help at all or am I destined to wait for
ever?
Thanks in advance for any advice!
-J
Reply
AdminSeptember 22, 2011 at 10:53 AM
-J
nothing personal, but:
read step 4 again, and the first paragraph again.
"Before you post a question, PLEASE be sure to Read the 3 following post:
KisMAC + KisMAC troubleshooting + KisMAC Q & A
Once you are sure that the answer to your question can not be found, Please,
Post your question in the Q&A Article: CLICK HERE.
ALL QUESTIONS WITHOUT KisMAC Version and OS Full Version will be ignored. Pl
ease Include Model and FCC number of the Network Adapter (the USB thingy) if app
licable. And YES the FCC number is on it! and NO, it's not the MAC address.
"
Reply
rhSeptember 28, 2011 at 6:44 PM
mbp osx 10.7 2.3ghz quad core i7 kismac 0.3.3 alfa awus036h fcc id : UQ2AWUS
036H
i feel as though my mbp is not running wordlists (for wpa crack) as fast as
it could be, according to activity monitor, I'm using 13-15%. and thats with saf
ari and pages and several other things running too. also, kismac says its runnin
g 0.02/sec as far as words go, yet the counter is jumping in 500 word intervals
every ~2 seconds. can i get it to go faster and how? would having more packets h
elp? i have the hand shake. the last time i did a weak scheduling attack on a we
p network i was using ~80 % cpu if memory serves.
thanks
Reply
AdminSeptember 28, 2011 at 8:15 PM
Rh,
first, Thanks for posting your specs.
"kismac says its running 0.02/sec as far as words go"
yup, it's a bug...
"I'm using 13-15%."
weird, I would try a "open in 32-bit" as stated in troubleshooting
"would having more packets help?"
Packets are worth NOTHING for WPA (as stated in troubleshooting....)
"can i get it to go faster and how?"
How fast do you want it to go? 10% or 5,000,000% faster?
Because I can run 100,000,000 passwords in 40 seconds, and it's explained in
the blog....
Reply
MBPmanOctober 30, 2011 at 1:42 AM
Hello,
I'm trying to crack a WPA2 network with my built-in Airport Extreme Broadcom
BCM43xx chipset in my MBP.
Is it possible to capture 4-way handshakes with this chipset using Kismac? O
r do I need a card that supports injection?
Please help me!
Reply
AdminOctober 30, 2011 at 5:48 AM
Dear,
Your question has been answered multiple times.
Nothing personal, but your post will be removed for the sake of clarity. Nev
ertheless, Thanks for reminding me to do some dusting.
Reply
MBPmanOctober 30, 2011 at 12:28 PM
Hi,
I understand your frustration answering the same questions over and over. Ho
wever, I have searched and searched for an answer that to this question and ther
e is none.
Lot's of info about injection and deauthenticating, more about purchasing ch
ipsets off amazon and ebay. Nothing about HOW TO capture a handshake without dea
uthentication.
Reply
AdminOctober 30, 2011 at 2:05 PM
What's passive mode then?
Reply
MBPmanOctober 30, 2011 at 2:18 PM
From what I can see passive mode is for collecting packets and unique IV's f
or WEP cracking. Can't see anything that says it collects handshakes for WPA enc
ryption.
Are you suggesting that by scanning in passive mode, it will collect handsha
kes?
Reply
AdminOctober 30, 2011 at 2:36 PM
the process is the same: rfmon
without a "Chipset" You'll just need the patience of Buddhist monk
Quoted
"How to crack WEP / WPA with Airport Extreme, Passive mode
WITHOUT Injection Device (Airport, Airport Extreme Alone)"
Reply
MBPmanOctober 30, 2011 at 4:20 PM
Ok, enough said. I've ordered an Alfa AWUS036H and in the meantime I will te
st my patience.
Thank you!
Reply
AdminOctober 30, 2011 at 5:27 PM
Joking aside, your comments are showing that you do not grasp completely the
concept behind the handshakes, what is a deauth or a flood.
Capturing it is the easy part. Then comes the Encryption ....
I would highly suggest that you read about the handshakes, deauth and flood
before attempting to crack the encryption.
I will delete your posts and mine as they are redundant.
good luck
Reply
J the Best!November 23, 2011 at 6:30 PM
---- Step 5
If the Column ENC is NO, the network is OPEN: No need of cracking anything ---
I attempted to join an open network by selecting "Join Network" under the Ne
twork tab. Why isn't this working ?
Reply
J the Best!November 23, 2011 at 6:44 PM
Also, all of the networks my airport picks up (without using Kismac) say a W
PA password is required... the option of joining an open network from the airpor
t alone is not an option.
Reply
MichelNovember 25, 2011 at 9:22 PM
Hi all, I have two questions regarding the WEP cracking.
It is taking a long time to collect IV's. If I quote this tutorial :
"500,000 packets for weak scheduling attack on a 40/64-bit WEP" Is this mean
that I don't need a lot of IV's and I just stay focus on the number of normal p
acket ? 500K to 2000K ?
From my calculation, it will take 2 days to have 1000K packets and 20 to hav
e the150K IV's that is why I wanted to know if with just the packets it will wor
k
My other question is that the WEP network is changing the channel every 4 da
ys (goes Channel 6 to Channel 11 and go back to Channel 6 ...) Do I have to star
t over each time the channel is changing ?
Thank you everyone and have a good day
Reply
AdminNovember 26, 2011 at 6:32 AM
"500,000 packets for weak scheduling attack"
Well, we have to change that. it's too confusing for people.
Only IV's are needed.
The number of Iv's you can collect depends on the traffic and if you are re-
injecting or not.
2 days seems an awful lot to me.
A weak scheduling is basically a statistical attack. the more Iv's the great
er the chance.
"Do I have to start over each time the channel is changing ?"
No.
Reply
RAADecember 30, 2011 at 9:17 AM
Hi! I have EXACTELY the same issue of a guy here in the blog : "Im using KIS
MAC 0.3.3 and TL-WN321G on RT73 device. Everything looks correct, but I CANT rein
ject packets because appears NO SSID or HIDDEN SSID. " but you said that the que
stion was already answered. Could you please tell me what were the question? Tha
nk you for your time..
Reply
AdminDecember 30, 2011 at 9:38 AM
Are you on Windows?
-2 questions left.
Reply
RAADecember 31, 2011 at 7:35 AM
I'm on 10.7.2 Lion 64 bit. I have a WN321G v. 2 device. Do you need other ad
ditional information?
Reply
AdminJanuary 2, 2012 at 8:28 AM
It's in troubleshooting
Reply
guidomixJanuary 14, 2012 at 2:25 PM
sorry man.....one question....i'm trying to crack MY wpa with an external us
b wireless card that have the chip rtl8187L with my mac....i go to preferences-d
rivers...i added my usb wifi card and i check all the boxes that you explain in
your video....then i go to the main page of kismac....i click on start scan but
nothing appear! no one wifi lan! Where is the error? how can i solve this issue?
?? My card is not right to do this? have i to install particular drivers before
start trying to crack???have to install some drivers???
Reply
Vincius K-MaxAugust 3, 2012 at 7:09 PM
fucking love this blog!
keep up the good work, Admin!
Reply
AdminAugust 3, 2012 at 9:20 PM
Thank you fucking buckets! :)
Reply
HKairpostSeptember 5, 2012 at 10:30 AM
I don't get it I have like 700,000 unique IVs gathered at once on a WEP sign
al, but when I do Weak Scheduling Attack >>> Against Both after less than a minute k
ismac tells me that cracking was unsuccessful.
I already had this message on other signal but it was with fewer IVs and aft
er a long time of calculation. Can someone help?
Reply
AdminSeptember 5, 2012 at 11:07 AM
ALL QUESTIONS WITHOUT KisMAC Version and OS Full Version will be ignored. Pl
ease Include Model and FCC number of the Network Adapter (the USB thingy) if app
licable. And YES the FCC number is on it! and NO, it's not the MAC address.
Reply
HKairpostSeptember 5, 2012 at 8:39 PM
Oops sorry here are the missing info from my previous question:
OS: 10.7.4
FCC ID: UQ2AWUS036H
Kismac: 0.3.3
Reply
AdminSeptember 6, 2012 at 7:12 AM
HK,
There is always the possibility that your dump is corrupted.
Second, I am extremely sad to say so, but KisMAC is getting old.
I would encourage people to use KisMAC for the GUI, GPS, etc, but the crack
itself should be conducted with Aircrack-ng (for WEP) see the post on this blog.
If you still can't figure it out, send me the dumpfile, I'll take a look at
it. Dropbox is preferred.
Reply
LiquidMarch 4, 2013 at 1:41 PM
I have a rosewill n600ube can i inject with this? I dont have the mac disc e
ither. How can i make aircrack work? Emaol me at jarelivory@gmail.com please.
Reply
Replies
AdminMarch 4, 2013 at 1:54 PM
Seriously?
Reply
MikeMarch 5, 2014 at 6:08 PM
Hi,
whenever I get a sufficient amount of packets and IVs that would allow me to
crack a WEP network, I click on Weak Scheduling Attack against both and nothing
happens. Nothing loads, just nothing. It just keeps scanning as if I had not cl
icked on anything. What might be the problem?
OS: 10.9.2
KisMAC: 0.3.4
Reply
Replies
AdminMarch 5, 2014 at 7:24 PM
Mike,
that's a though one as I don't know what you have captured. Logic would
be that even if the .kismac file was corrupted, you should load something.
I would take a wild guess and blame 10.9 with KisMAC altogether
Zip and Upload your file on Dropbox and send me the link . It will NOT b
e published. I'll take a look at it.
Reply
NonasolMay 6, 2014 at 9:23 PM
I'm now running KisMAC version 0.3.3, with OSX Mavericks 10.9.2. When I open
ed up KisMACS the second time (first time worked perfectly), nothing comes up wh
en I hit the "Start Scan" button. I've already deleted "org.kismac-ng.kismac.pli
st" from my preferences folder, which the KisMAC FAQ stated was the problem. How
ever, it's still not working. What did I do wrong?
Reply
Replies
AdminMay 6, 2014 at 10:10 PM
use kismac 0.3.4
NonasolMay 7, 2014 at 12:08 AM
Thanks, that did help. However, now I'm having some more problems:
1. I can't seem to get KisMAC to export its files with a .pcap extension
, only with a .kismac extension. I've already checked the driver preferences for
the "save everything" option.
2. Scanning constantly brings up repetitive copies of the same network.
(eg. linksys appearing multiple times on the list) Is this normal?
AdminMay 7, 2014 at 8:09 AM
1) Have you tried to simply rename the file and change the extension?
1a) There is a search box on the top left. Try "PCAP". Then you can use
command-F to find "PCAP" within the page(s).
2) is it the same same same network? i.e identical "SSID" and "BSSID". I
see a lot of Toyota on the road, but they don't have all the same license plate
. ;-)
Reply
NonasolMay 7, 2014 at 3:28 PM
1) Yes, renaming my saved .kismac file and using it in aircrack doesn't work
, since it states that it is in an unsupported file format.
1a) Do you mean the search box on the top left of KisMAC? If so, nothing sho
ws up when I type PCAP. (Or when I search in Finder).
1b) When looking in my folders, I found that my dumplogs were somehow saved
in my user folder. *facepalm* Do I change the save location in the preferences -
-> driver ---> "save dump at"? What's the difference between the contents of a .
kismac and a dumplog file?
2) Same network name, different BSSID. My home network (whose name is unique
) is repeated, along with some other neighboring networks (which show up in the
regular wifi settings) and new ones that only appear in KisMAC. Also, extra copi
es of the network have far less packets than the first ones to show up.
Thanks for helping!
Reply
Replies
AdminMay 7, 2014 at 5:11 PM
1) I am going to need proof of that, since that's what I have been doing
that since 2007.
1a) nope, I mean search the blog. My apologies for the lack of clarifica
tion.
1b) "*facepalm*" Welcome to the club. :) the ~ (tilde) indicates home fo
lder, it's a convention. You better read about Unix and terminal, or you'll have
some surprises. Have you tried to drag a file into the Terminal window? No? try
it.
1b #2) close to none. the extension is different, that's pretty much it.
you can open the file the file with Wireshark and dig into it.
1b #3) Search PCAP in blog.
2) mmmm... I would need a copy of that file. Are you on passive mode? So
me routers have "protection" and will skip channels if they receive Dehauth fram
es or injection, and that could be a (far fetched) possibility. It could also be
a bug.
NonasolMay 12, 2014 at 9:52 PM
Sorry for not replying sooner.
1) Not sure how I should prove it, but here's the terminal output:
User1:~ user1$ aircrack-ng /Users/User1/Downloads/KisMAC/dumplog.pcap
Opening /Users/User1/Downloads/KisMAC/dumplog.pcap
Unsupported file format (not a pcap or IVs file).
Read 0 packets.
No networks found, exiting.
Quitting aircrack-ng...
Note: The dumplog.pcap was the file I renamed.
2) Here's a screenshot for KisMAC, if it helps:
http://tinypic.com/r/2qimcnm/8
Yes, I was on passive mode. I don't have an injection device, only Airpo
rt Extreme.
AdminMay 13, 2014 at 7:10 PM
As per your DumpLog provided:
You are not using a packet dump, but you are renaming a .kismac file. Th
at's why it's going haywire.
just use the DumpLog file

Вам также может понравиться