Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 24

Thread: Finding WPA Keys Broadcast In Clear

  1. #11
    Senior Member
    Join Date
    Jul 2013
    Posts
    800
    To zerocool

    MTeams are constantly learning field craft. We see these probes all the time but you have to know what to look for. In fact we saw one this morning.

    With airodump-ng what is kept on the screen for view is for only 120 sec unless you add the --berlin 1,000,000 to the command line. Also add the --beacons to increase the number of becons stored. See airodump-ng --help

    Example:

    airodump-ng --berlin 1000000 --beacons -w dumpfile mon0

    After you capture this data run it thru our ESSIDPROBEWPA.sh

    Note MTeams will add these commands to the airodump-ng command lines when we update handshakeharvest2-5.sh

    Musket Teams
    Last edited by mmusket33; 2015-10-30 at 03:17 AM.

  2. #12
    Junior Member
    Join Date
    Oct 2015
    Posts
    8
    Ive been looking at these 'Probe' characters since I started with pentesting (2 weeks back).
    In fact, initially I did a web search for probe stations to figure what they actually are/were, but no info or TMI.

    Once again, thx MTeams for pointing this out, will keep an eye for these things.
    Is this script kali 2.0 compatible ?

  3. #13
    Junior Member
    Join Date
    Mar 2013
    Location
    Root
    Posts
    13
    Quote Originally Posted by mmusket33 View Post
    To zerocool

    MTeams are constantly learning field craft. We see these probes all the time but you have to know what to look for. In fact we saw one this morning.

    With airodump-ng what is kept on the screen for view is for only 120 sec unless you add the --berlin 1,000,000 to the command line. Also add the --beacons to increase the number of becons stored. See airodump-ng --help

    Example:

    airodump-ng --berlin 1000000 --beacons -w dumpfile mon0

    After you capture this data run it thru our ESSIDPROBEWPA.sh

    Note MTeams will add these commands to the airodump-ng command lines when we update handshakeharvest2-5.sh

    Musket Teams
    I have tried to do what you said, but both text files are empty ?> what am doing wrong?>?

    Does this look correct to you.
    Last edited by zerocool; 2015-11-02 at 09:59 AM. Reason: added screnshot
    The only reason that you fail is because you quit....

  4. #14
    Senior Member
    Join Date
    Jul 2013
    Posts
    800
    To zerocool

    Thanks for pointing out this out.

    We ran some test with kali 1.1 and it ran fine so we cranked up kali 2.0 and it did not run. We traced the error to airodump-ng csv output which looks like it has changed slightly which cause one of the awk lines to fail.

    We do not have alot of .csv files captured thru k2.0. to test this so will capture a big block of data and rewrite the program to fit the newer airodump-ng output.

    Again Thanks!!!

    MTeams
    Last edited by mmusket33; 2015-11-02 at 01:03 PM.

  5. #15
    Junior Member
    Join Date
    May 2015
    Posts
    18
    I got some strange probe.

    probe.jpg

    It seems that not only ssid and wpa-key can be found, but also local ip XD

  6. #16
    Junior Member
    Join Date
    Mar 2013
    Location
    Root
    Posts
    13
    Quote Originally Posted by mmusket33 View Post
    To zerocool

    Thanks for pointing out this out.

    We ran some test with kali 1.1 and it ran fine so we cranked up kali 2.0 and it did not run. We traced the error to airodump-ng csv output which looks like it has changed slightly which cause one of the awk lines to fail.

    We do not have alot of .csv files captured thru k2.0. to test this so will capture a big block of data and rewrite the program to fit the newer airodump-ng output.

    Again Thanks!!!

    MTeams
    Any eta on this, while we wait isn't there a copmmand or another way to output any keys found in the dumpfile.
    The only reason that you fail is because you quit....

  7. #17
    Senior Member
    Join Date
    Jul 2013
    Posts
    800
    To zerocool

    The are no tools for this as far as we know. This approach was not even recognized.

    To do this manually will take time if you have allot of .csv data. You could open up each .csv file collected by airodump-ng and look for any text strings that look like like WPA key. And then there is the fact that users may load the AP name into the WPA key block so the WPA Key and the ESSID are the same.
    MTeams has stopped all other projects to correct this as any of our lab programs if airodump-ng is run also collect data on the side and then send it to a textfile for brute force work. The program is running we are just adding modules to handle cases where the user inputs the WPA key incorrectly and the length is less then 8. I would think within three to five days unless the waves become rideable.

    MTeams

  8. #18
    Senior Member
    Join Date
    Jul 2013
    Posts
    800
    ESSIDPROBEWPA3-21.sh has been release for general use.

    See start of thread for version commentary.

    You can download at:

    http://www.datafilehost.com/d/3fb327e4

    MTeams
    Last edited by mmusket33; 2016-01-11 at 02:52 AM.

  9. #19
    Senior Member
    Join Date
    Jul 2013
    Posts
    800
    Those working with csv files may find the following script useful see:


    http://forum.aircrack-ng.org/index.php/topic,898.0.html


    Musket Teams

  10. #20
    Junior Member
    Join Date
    May 2013
    Posts
    1
    nice work thanks to MTeams

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •