How to use Airodump (from WEP cracking tutorial)

Airodump usage: airodump [interface] [output file prefix] [channel no.] [IVs flag]

1. The [channel no.] can be set to a single channel (1 thru 14) or set to 0 to hop between all channels
2. The [IVs flag] can be set to 1 to only save the captured IVs

e.g. airodump eth1 testfile1 6 produced the in progress capture below:


Basics to be aware of from the above screen capture are:

- BSSID = MAC address of the access point (but not always!)

- Beacons = Number of captured beacon packets (of no use!)

- # Data = Number of IVs captured so far (this is the all important figure!)

- MB = Data Rate '48' mixed mode in the above example. A '.' appears after the figures if the Data Rate is dedicated e.g. '48.'

- WEP = Network is configured as WEP

- Number of IVs required to break WEP depends on the WEP key length
* Approximately 300.000 IVs for 40-bit WEP (AKA 64-bit WEP)
* Approximately 1.000.000 IVs for 104-bit WEP (AKA 128-bit WEP)


Examples:

airodump wlan0 capture1 10 (Interface=wlan0, filename=capture1, channel=10)

airodump eth1 testfile 6 1 (Interface=eth1, filename=testfile, channel=6, only captured IVs saved)

airodump ath0 alpha 0 (Interface=ath0, filename=alpha, channel hopping mode)




Output Files:


An airodump capture with produce the following output files .txt, .cap and .gps

The .txt file contains:

* BSSID and MAC addresses

* Time/Date info

* Channel Info

* Data rate

* Encryption method

* No. of beacons captured

* No. of IVs captured

* LAN IP

* ESSID


The .cap file contains the packet capture from your session. This is the file that is input into aircrack for WEP cracking.

The .gps file contains GPS related info if you have a GPS device enabled


Troubleshooting:

Be aware of the modes of your card and target network (802.11b or 802.11g). I have observed Airodump capture only around 2,000 IVs an hour (on a busy network) when the card is an 802.11b card and the network is working in 802.11g mode. Be sure your card and the target network are using the same mode.

On a saturated 802.11b network we captured around 23,000 IVs a minute.

On a saturated 802.11g network we captured around 140,000 IVs a minute.


Source:http://wirelessdefence.org/Contents/Aircrack_airodump.htm

Wep Cracking - The Fbi Way

WEP cracking usually takes hours. Lots of hours, depending on the amount of traffic on the access point. A few months ago, two FBI agents demonstrated how they were able to crack a WEP enabled access point within a couple of minutes. 3 minutes to be exact. This is unbelievable when compared to, say 3 days of work. Here is how they did it, and how you can do it. You may need to know your way with each and every of these tools to get this done. You can ask Google for that. Anyway, if you are familiar with them, just do as follows :

1. Run Kismet to find your target network. Get the SSID and the channel.
2. Run Airodump and start capturing data.
3. With Aireplay, start replaying a packet on the target network. (You can find a ‘good packet’ by looking at the BSSID MAC on Kismet and comparing it to the captured packet’s BSSID MAC).
4. Watch as Airodump goes crazy with new IVs. Thanks to Aireplay.
5. Stop Airodump when you have about 1,000 IVs.
6. Run Aircrack on the captured file.
7. You should see the WEP key infront of you now.

The software runs on Linux, they are all available on the Knoppix Linux Live CD. And finally, I think you should always use a combination of 2 or more security features. As for what you need, get Aircrack (Includes Airodump, Aireplay, Aircrack and optional Airdecap for decrypting WEP/WPA capture files) and get Kismet.

Update: Kismet for Windows (Kiswin32) is available now.

Download this tools:

Kismet:Win32 version
http://www.kismetwireless.net/code/setup_kismet_2007-10-R1.exe

Aircrack:
http://download.aircrack-ng.org/aircrack-ng-0.9.3-win.zip

Source:h++p://masc2279.no-ip.org/gadgets-toys/internet/wep-cracking-the-fbi-way/

5 ways to crack or reset a forgotten Windows XP administrator password

There are already so many articles written on how to recover or reset a password that I’m not going to reinvent the wheel, but instead will guide you to the best online resources that I used to crack my Windows XP password.

1. Ophcrack Live CD - My favorite ways to blank out or crack a Windows password is to use a Linux Live CD. These are special distributions of Linux that run directly from the CD (no installation required) and are specially designed for cracking Windows passwords. You can read the documentation to learn how to use it. Simply burn the ISO and boot using the CD and the program will get right to work. It won’t work, however, on very complicated password because it actually tries to determine the password rather than reset it.

2. Offline NT Password and Registry Editor - This is a very small program, only 3MB in size, that you can burn to a CD and boot to. It’ll auto-detect the Windows installation and the account names (that is if everything was installed in the default Windows directories). Using this program you can reset or blank out a Windows password, which means it doesn’t matter how long or complicated it is. I tried this program on Vista and it would not load afterwards, so definitely only use for Windows XP or earlier!

3. Login Recovery - Login Recovery is a web site that has a program that you can either download onto a floppy disk or a cd and that you use to boot up with. You’ll get a list of account and some numbers when the program runs. Take those numbers and enter them onto the web site and Login Recovery will crunch it through it’s system to find out password for Windows NT, 2000, XP and Vista. I have tried this site and it did not work for my password, which was 11 characters and mostly symbols, numbers, and letters. However, if the password was something simple, they will probably be able to crack it.

4. John The Ripper - Another free password cracker that works on Windows, Linux and Macs, so it’s useful for any Mac or Linux user who wants to recovery a password. Pretty easy to use and comes with good instructions, so most people can follow along.

5. Knoppix STD - G4TV has a good article on another Linux distro you can download and use to crack your Windows password. Follow the detailed instructions he gives and if the password is not too long or difficult, it should be able to crack it!

As you can tell, the best ways to crack a Windows password is using Linux! It might be a little too techie for some people, but it’s definitely worth it if you want to avoid having to re-install Windows and lose all of your data! Any questions, post a comment!