[Shrinivas]

i have many wifi network near my home .. some are hidden , one is wps protected, some are wpa and wpa2 protected and one is wep protected

i have problem in hacking all these .. i was unable to crack even one

my first question how hack hidden network which are open and mac filtering enabled ??
second question how hack those hidden network which broadcast two different bssid ... last two values of mac is changed ?
wat is the best way brute force wpa and wpa2 passsword... i have handshake but unable to crack it ... ...

[groove]

Hi Shrinivas,

I think your question is a little too broad to be answered entirely on a message board. They have written entire books that answer the questions you have. I can make some suggestions though:

1. Buy your own wireless AP(access point). Reconfigure your new AP to use whatever encryption/authentication you are trying to learn about. This way you can eliminate problems such as, "am I too far away?"

2. Go to Airckcrack-ng wiki. You will find the answer to your questions here.

3. Buy this book: Hacking Exposed Wireless, 2nd edition. This book definitely has what you're looking for.

4. If you become confused about anything in the reading. Come back here and talk to me.

Good Luck,

groove

[groove]

Hi Shrinivas,

I think your question is a little too broad to be answered entirely on a message board. They have written entire books that answer the questions you have. I can make some suggestions though:

1. Buy your own wireless AP(access point). Reconfigure your new AP to use whatever encryption/authentication you are trying to learn about. This way you can eliminate problems such as, "am I too far away?"

2. Go to Airckcrack-ng wiki. You will find the answer to your questions here.

3. Buy this book: Hacking Exposed Wireless, 2nd edition. This book definitely has what you're looking for.

4. If you become confused about anything in the reading. Come back here and talk to me.

Good Luck,

groove

[dR.0xYw0Rm]

Well, if you got the handshake and can't crack it the problem is with your wordlist. So in my opinion you have to find a better one. Also keep in mind that if you are in slavic countries you have to find a wordlist that contains words in cyrillic aswell.

[Shrinivas]

thanks u guys for ur responses ... i read that book i was able to get through hidden network @ groove i have a question how if ap is broadcasting two mac adress with last two values changed for example BA:AB:11:22:33:B9 OTHER MAC IS BA:AB:11:22:33:A1...?? failed to crack :handshake will any one help me in cracking handshakes .... wat does cyrillic word list mean ??

[dR.0xYw0Rm]

Cyrillic is the alphabet used by several Slavic languages, including Russian; it was supposedly invented by St. Cyril for use in writing church documents. Some sources say this is incorrect, and simply consider it as a character set derived from the Greek alphabet.

This is how cyrillic looks like:

Code:

А а    Б б    В в    Г г    Д д    Е е    Ё ё    Ж ж    З з    І і    Й й
К к    Л л    М м    Н н    О о    П п    Р р    С с    Т т    У у    Ў ў
Ф ф    Х х    Ц ц    Ч ч    Ш ш    Ы ы    Ь ь    Э э    Ю ю    Я я    ’

[Conch]

Grabbing a handshake doesn't always mean it's valid.
A method I used to use was to strip the capture file in Wireshark and check the EAPOLs.
That way, you know it's valid and can effectively be cracked.

I wouldn't bother cracking handshakes though if you only use Laptops, you'd need a rig to do it.
Otherwise it will run like a slug.

There are also WPA cracking services available, they'll do the work for you, you just need a small fee to cover electricity, time etc.

If the password isn't recovered, you pay nothing else.

Reaver is good, but it's not very effective as it was in 2011-2012.
ISPs have caught on and implemented strict locks on the manufactured APs (At least in here in the UK - It's TERRIBLE)

Having said that, a new tool was released recently called "Bully"
Which randomizes the pins it checks to confuse the AP, thus slowing or even preventing a Rate limit.

It comes bundled with Kali Linux and it's easy to make and install in BT5.

If you lose all hope, then you could always set up a rogue AP, Buy two Wireless adapters, one for the collection of packets from the rogue network, and the other for the Denial of Service (De-auth) of the main AP.

Don't give up though, from your post, it sounds like you're too far away
Get as CLOSE as possible, High RXQ = Less inteference = Good.
Low PWR = The closer you are.

Getting a PWR from just 70 to 65 or even 60 can make a difference from not being able to crack it at all, to cracking the key with Reaver or Aircrack.

If you're wondering which WiFi adapters to choose, the AWUS036H and AWUS036NHA are perfect adapters.

Hope this helps!

[Shrinivas]

@Conch thanks for ur valuable suggestion ... i have checked the wpa handshake with pyrit and its perfectly valid wpa handshake ... i will try out bully for sure ... i have cracked wep very easily ... but wpa wpa2 are like stone to me now ...

[Commander_Limo]

by the way when i tried it it does not worked???

[groove]

I'm glad that you're reading through the book that I had mentioned. I would treat the AP that is "broadcasting two mac addresses" as two seperate AP's. So, try to capture a different handshake for each one. I hate to be negative, but I want you to keep in mind that you're probably not going to crack a WPA protected AP(unless this AP is 'reaverable'). Does this mean you shouldn't try? Absolutely not... Give it a shot. You never know. What I recommend for you:

-Set up your own AP using WPA

-Set the password to a common word. For example, dog, cat, television, rooftop. Any of these will do.

-Use the tactics you've learned from the reading to capture and crack a handshake using the rockyou.txt dictionary. This dictionary comes with backtrack and can be found elsewhere online.

-Don't forget to change the authentication password for your AP back normal.

If you are unable to complete the previous tasks then you may be doing something wrong. If you are successful then you know that your doing it right. After success you can take your skills on the road. Good luck and get back to me.

groove