wesside-ng
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
wesside-ng [2007/06/21 23:44] – darkaudax | wesside-ng [2009/09/08 01:20] – removed availability warning (1.0 is released) mister_x | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Wesside-ng ====== | ====== Wesside-ng ====== | ||
- | |||
- | ++++++ IMPORTANT ++++++\\ | ||
- | ++++++ IMPORTANT ++++++\\ | ||
- | ++++++ IMPORTANT ++++++\\ | ||
- | |||
- | This functionality will be available in a future release. It is NOT available currently. | ||
- | |||
- | ++++++ IMPORTANT ++++++\\ | ||
- | ++++++ IMPORTANT ++++++\\ | ||
- | ++++++ IMPORTANT ++++++\\ | ||
- | |||
===== Description ===== | ===== Description ===== | ||
Line 16: | Line 5: | ||
Wesside-ng is an auto-magic tool which incorporates a number of techniques to seamlessly obtain a WEP key in minutes. | Wesside-ng is an auto-magic tool which incorporates a number of techniques to seamlessly obtain a WEP key in minutes. | ||
- | The original wesside tool was written by Andrea Bittau and was a proof-of-concept program to accompany two published papers. | + | The original wesside tool was written by Andrea Bittau and was a proof-of-concept program to accompany two published papers. |
- | For you trivia buffs, who knows where the name " | + | For you trivia buffs, who knows where the program |
Wesside-ng has been updated to reflect advances in determining the WEP key. Here are the steps which wesside-ng takes: | Wesside-ng has been updated to reflect advances in determining the WEP key. Here are the steps which wesside-ng takes: | ||
Line 28: | Line 17: | ||
- After it sniffs an ARP request, it decrypts the IP address by guessing the next four bytes of PRGA using multicast frames and the linear keystream expansion technique. | - After it sniffs an ARP request, it decrypts the IP address by guessing the next four bytes of PRGA using multicast frames and the linear keystream expansion technique. | ||
- It floods the network with ARP requests for the decrypted IP address. | - It floods the network with ARP requests for the decrypted IP address. | ||
- | - Launches the [[http:// | + | - Launches the [[aircrack-ng|aircrack-ng PTW attack]] to determine the WEP key. |
So you may be asking "What is the linear keystream expansion technique?" | So you may be asking "What is the linear keystream expansion technique?" | ||
Line 37: | Line 26: | ||
* Fake MAC functionality is broken if there is a lot of traffic on the network. | * Fake MAC functionality is broken if there is a lot of traffic on the network. | ||
- | Please remember that this is still basically a proof-of-concept tool so you can expect to find bugs. Plus you will find features that don't quite work as expected. | + | Please remember that this is still basically a proof-of-concept tool so you can expect to find bugs. Plus you will find features that don't quite work as expected. Consider using [[easside-ng]] as an alternative or a companion program. |
Line 49: | Line 38: | ||
*-a | *-a | ||
*-c Do not start aircrack-ng. | *-c Do not start aircrack-ng. | ||
+ | *-f Allows the highest channel for scanning to be defined. | ||
+ | *-k Ignores ACKs since some cards/ | ||
*-p Determines the minimum number of bytes of PRGA which is gathered. | *-p Determines the minimum number of bytes of PRGA which is gathered. | ||
- | *-v Wireless access point MAC address | ||
*-t For each number of IVs specified, restart the airecrack-ng PTW engine. (Optional) | *-t For each number of IVs specified, restart the airecrack-ng PTW engine. (Optional) | ||
- | *-f Allows the highest channel for scanning to be defined. | + | *-v Wireless access point MAC address |
When you run wesside-ng, it creates three files automatically in the current directory when run the program: | When you run wesside-ng, it creates three files automatically in the current directory when run the program: | ||
Line 137: | Line 128: | ||
===== Usage Tips ===== | ===== Usage Tips ===== | ||
- | None at this time. | + | ==== Using the -k option ==== |
+ | Some cards/ | ||
+ | |||
+ | Some specific cases: | ||
+ | |||
+ | * If you get MAX retransmits error, try -k 1. | ||
+ | * If you have a poor connection, try -k 3. | ||
+ | |||
+ | In general, you can experiment with different values to determine if it resolves the problem. | ||
===== Usage Troubleshooting ===== | ===== Usage Troubleshooting ===== | ||
+ | |||
+ | ==== General ==== | ||
Make sure your card is in monitor mode. | Make sure your card is in monitor mode. | ||
- | Make sure your card can inject by testing it with the [[http:// | + | Make sure your card can inject by testing it with the [[injection_test|aireplay-ng injection test]]. |
Make sure your card supports the fragmentation attack. | Make sure your card supports the fragmentation attack. | ||
Line 155: | Line 156: | ||
* Only B and G networks are supported. | * Only B and G networks are supported. | ||
* Fake MAC functionality is broken if there is a lot of traffic on the network. | * Fake MAC functionality is broken if there is a lot of traffic on the network. | ||
+ | |||
+ | ==== "ERROR Max retransmists" | ||
+ | |||
+ | You get an error similar to the following while running the program: | ||
+ | |||
+ | [18:23:49] ERROR Max retransmists for (30 bytes): | ||
+ | B0 00 FF 7F 00 1A 70 51 B0 70 00 0E 2E C5 81 D3 00 1A 70 51 B0 70 00 00 00 00 01 00 00 00 | ||
+ | |||
+ | This can be caused if the AP does not acknowledge the the packets you are sending. | ||
+ | |||
+ | Another reason is that the internal state machine of wesside-ng is confused. | ||
+ | |||
+ | |||
+ | ==== RT73 chipset and "ERROR Max retransmists" | ||
+ | |||
+ | If you are using the RT73 chipset, try adding the "-k 1" option. | ||
+ | |||
+ | |||
+ | ==== Known Bugs ==== | ||
+ | |||
+ | There are are a variety of known bugs which are outlined below. | ||
+ | |||
+ | | ||
+ | | ||
+ | |||
+ | " | ||
+ | | ||
+ | |||
+ | | ||
+ | | ||
wesside-ng.txt · Last modified: 2018/03/11 18:57 by mister_x