wesside-ng
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
wesside-ng [2008/02/08 01:44] – added -k parameter documentation darkaudax | wesside-ng [2009/09/25 23:01] – Fixed typos darkaudax | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Wesside-ng ====== | ====== Wesside-ng ====== | ||
- | |||
- | ++++++ IMPORTANT ++++++\\ | ||
- | ++++++ IMPORTANT ++++++\\ | ||
- | ++++++ IMPORTANT ++++++\\ | ||
- | |||
- | This functionality will be available in a future release. It is NOT available currently. | ||
- | |||
- | ++++++ IMPORTANT ++++++\\ | ||
- | ++++++ IMPORTANT ++++++\\ | ||
- | ++++++ IMPORTANT ++++++\\ | ||
- | |||
- | |||
===== Description ===== | ===== Description ===== | ||
Line 17: | Line 5: | ||
Wesside-ng is an auto-magic tool which incorporates a number of techniques to seamlessly obtain a WEP key in minutes. | Wesside-ng is an auto-magic tool which incorporates a number of techniques to seamlessly obtain a WEP key in minutes. | ||
- | The original wesside tool was written by Andrea Bittau and was a proof-of-concept program to accompany two published papers. | + | The original wesside tool was written by Andrea Bittau and was a proof-of-concept program to accompany two published papers. |
For you trivia buffs, who knows where the program name " | For you trivia buffs, who knows where the program name " | ||
Line 29: | Line 17: | ||
- After it sniffs an ARP request, it decrypts the IP address by guessing the next four bytes of PRGA using multicast frames and the linear keystream expansion technique. | - After it sniffs an ARP request, it decrypts the IP address by guessing the next four bytes of PRGA using multicast frames and the linear keystream expansion technique. | ||
- It floods the network with ARP requests for the decrypted IP address. | - It floods the network with ARP requests for the decrypted IP address. | ||
- | - Launches the [[http:// | + | - Launches the [[aircrack-ng|aircrack-ng PTW attack]] to determine the WEP key. |
So you may be asking "What is the linear keystream expansion technique?" | So you may be asking "What is the linear keystream expansion technique?" | ||
There are a few known limitations: | There are a few known limitations: | ||
- | * Only open authentication is support. Shared key authentication is not supported. | + | * Only open authentication is supported. Shared key authentication is not supported. |
* Only B and G networks are supported. | * Only B and G networks are supported. | ||
* Fake MAC functionality is broken if there is a lot of traffic on the network. | * Fake MAC functionality is broken if there is a lot of traffic on the network. | ||
Line 51: | Line 39: | ||
*-c Do not start aircrack-ng. | *-c Do not start aircrack-ng. | ||
*-f Allows the highest channel for scanning to be defined. | *-f Allows the highest channel for scanning to be defined. | ||
- | *-k Ignores ACKs since some cards do not report them. It will therefore automatically retransmit X times. | + | *-k Ignores ACKs since some cards/ |
- | *-p Determines the minimum number of bytes of PRGA which is gathered. | + | *-p Determines the minimum number of bytes of PRGA which are gathered. |
*-t For each number of IVs specified, restart the airecrack-ng PTW engine. (Optional) | *-t For each number of IVs specified, restart the airecrack-ng PTW engine. (Optional) | ||
*-v Wireless access point MAC address | *-v Wireless access point MAC address | ||
- | When you run wesside-ng, it creates three files automatically in the current directory | + | When you run wesside-ng, it creates three files automatically in the current directory: |
* wep.cap - The packet capture file. It contains the full packet, not just the IVs. | * wep.cap - The packet capture file. It contains the full packet, not just the IVs. | ||
Line 140: | Line 128: | ||
===== Usage Tips ===== | ===== Usage Tips ===== | ||
- | None at this time. | + | ==== Using the -k option ==== |
+ | Some cards/ | ||
+ | |||
+ | Some specific cases: | ||
+ | |||
+ | * If you get MAX retransmits error, try -k 1. | ||
+ | * If you have a poor connection, try -k 3. | ||
+ | |||
+ | In general, you can experiment with different values to determine if it resolves the problem. | ||
Line 150: | Line 146: | ||
Make sure your card is in monitor mode. | Make sure your card is in monitor mode. | ||
- | Make sure your card can inject by testing it with the [[http:// | + | Make sure your card can inject by testing it with the [[injection_test|aireplay-ng injection test]]. |
Make sure your card supports the fragmentation attack. | Make sure your card supports the fragmentation attack. | ||
Line 157: | Line 153: | ||
There are a few known limitations: | There are a few known limitations: | ||
- | * Only open authentication is support. Shared key authentication is not supported. | + | * Only open authentication is supported. Shared key authentication is not supported. |
* Only B and G networks are supported. | * Only B and G networks are supported. | ||
* Fake MAC functionality is broken if there is a lot of traffic on the network. | * Fake MAC functionality is broken if there is a lot of traffic on the network. | ||
- | ==== "ERROR Max retransmists" message ==== | + | ==== "ERROR Max retransmits" message ==== |
You get an error similar to the following while running the program: | You get an error similar to the following while running the program: | ||
- | [18:23:49] ERROR Max retransmists | + | [18:23:49] ERROR Max retransmits |
B0 00 FF 7F 00 1A 70 51 B0 70 00 0E 2E C5 81 D3 00 1A 70 51 B0 70 00 00 00 00 01 00 00 00 | B0 00 FF 7F 00 1A 70 51 B0 70 00 0E 2E C5 81 D3 00 1A 70 51 B0 70 00 00 00 00 01 00 00 00 | ||
This can be caused if the AP does not acknowledge the the packets you are sending. | This can be caused if the AP does not acknowledge the the packets you are sending. | ||
- | Another reason is that the internal state machine of wesside-ng is confused. | + | Another reason is that the internal state machine of wesside-ng is confused. |
+ | |||
+ | |||
+ | ==== RT73 chipset and "ERROR Max retransmits" | ||
+ | |||
+ | If you are using the RT73 chipset, try adding the "-k 1" option. | ||
==== Known Bugs ==== | ==== Known Bugs ==== | ||
- | There are are a variety of known bugs which are outlined below. | + | There are a variety of known bugs which are outlined below. |
| |
wesside-ng.txt · Last modified: 2018/03/11 18:57 by mister_x