tag:blogger.com,1999:blog-8356530514965708840.post464473316830199321..comments2024-02-13T05:30:28.218+01:00Comments on A day with Tape: Using MDK3 in back|track 4 to crack hidden SSIDsUnknownnoreply@blogger.comBlogger32125tag:blogger.com,1999:blog-8356530514965708840.post-40872950435076562622012-11-17T22:58:48.176+01:002012-11-17T22:58:48.176+01:00Hello all,
So I am using mdk3 on my router with a ...Hello all,<br />So I am using mdk3 on my router with a hidden essid and for some reason mdk3 only sends approx 1 - 4 packets. It then says....<br />Got response from 00:11:22:33:44:55, SSID: ""<br />The SSID always shows "". Why is this? Also obviously the mac address is not 001122.... im just writing that as an example. Here is the command i write.<br />mdk3 mon0 p -c 6 -t 00:11:22:33:44:55 -b l -s 150Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-26971401083568114922012-09-30T21:41:33.661+02:002012-09-30T21:41:33.661+02:00Its probably not.. how many single characters were...Its probably not.. how many single characters were you expecting to see if<br />you whacking out 150/sec... ?!<br />More likely is that already all single characters quickly checked and then running into 2 characters.TAPEhttps://www.blogger.com/profile/13552543757002180973noreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-70951577173343316922012-09-30T19:17:08.848+02:002012-09-30T19:17:08.848+02:00I test the following on an hidden ESSID with knwon...I test the following on an hidden ESSID with knwon lenght and mdk starts with 2 characters ?<br />Why?<br />mdk3 mon0 p -b a -c $CHANNEL -t $BSSID -s 150Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-39690469176394590052011-04-03T20:52:12.922+02:002011-04-03T20:52:12.922+02:00oops i mixed my nicknames:D that was me dkaro:Doops i mixed my nicknames:D that was me dkaro:Ddkaronoreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-11394765253626538692011-04-03T20:50:44.517+02:002011-04-03T20:50:44.517+02:00yup this is the best way but i wanted to write abo...yup this is the best way but i wanted to write about this way too.:)<br />the routers are vulnerable to the attack i tried lot of them. just this one won't workdaninoreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-79237447386715653542011-04-03T20:40:41.401+02:002011-04-03T20:40:41.401+02:00:)
The only thing you could look for is whether t...:) <br />The only thing you could look for is whether the router<br />in question is vulnerable to any other type of attack<br />allowing access.<br /><br />But in reality, your best bet is to wait for a client to connect and spoof that mac address.TAPEhttps://www.blogger.com/profile/13552543757002180973noreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-7029253055437354532011-04-03T19:38:53.209+02:002011-04-03T19:38:53.209+02:00haha i didn't realized that you posted that co...haha i didn't realized that you posted that comment on bt forum:) ofcourse i read all topics on the forum and googled a lot thats why i'm here:)<br />well looks like there is no way to bypass the macfiltering on a "passive" network.<br />thanx again for your answer!dkaronoreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-91821772354069752022011-04-03T19:21:56.087+02:002011-04-03T19:21:56.087+02:00Well I tried a while ago as well and did not have ...Well I tried a while ago as well and did not have any success. <br />See my post I made on the backtrack forums a while ago;<br />http://www.backtrack-linux.org/forums/beginners-forum/483-mdk3-bruteforce-mac-filters.html<br /><br />I have no other ideas on bruteforcing MAC addresses, but<br />the best thing to do is to run a scanning tool and wait till<br />a client connects, so you can spoof that mac address and gain access that way.TAPEhttps://www.blogger.com/profile/13552543757002180973noreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-75405231010061842972011-04-03T16:09:48.318+02:002011-04-03T16:09:48.318+02:00hi tape again!
i'm stuck with mdk3 again but n...hi tape again!<br />i'm stuck with mdk3 again but now its mac brute force.<br />do you have any experience about it?<br />I've tried 3 different router and non off theme worked. its trying the same mac againg and again.<br />i read that the routers may not deny the authentication correctly so that could cause the problem.<br />do you know any other mac bruteforce tool?<br />dkarodkaronoreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-8856111005926259662011-03-30T18:58:48.428+02:002011-03-30T18:58:48.428+02:00Glad you finally got it working !
Thanks for the ...Glad you finally got it working !<br /><br />Thanks for the nice comment :)TAPEhttps://www.blogger.com/profile/13552543757002180973noreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-60099769389918789492011-03-30T18:51:13.177+02:002011-03-30T18:51:13.177+02:00Well, looks like the problem solved but don't ...Well, looks like the problem solved but don't ask how. I did a new wordlist with Kate it failed. It contained 10 word included the right SSID wich was "ca". Then i made a same one with nano and it worked. After that retried with Kate and it workd too. So i give up if anyone knows how could it be tell me. btw now its working so i can move on with my dissertation.<br />And very good blog, i'll read the other posts after i finish this.:)<br />thanks for the help.dkaronoreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-19833694269170444662011-03-30T10:13:28.114+02:002011-03-30T10:13:28.114+02:00Ok! I'll post the commands, the outputs and th...Ok! I'll post the commands, the outputs and the wordlist when i get home.<br />And the SSID was sFg or something like that so not a long one.<br />thanksdkaronoreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-43229804222685742322011-03-30T10:08:42.847+02:002011-03-30T10:08:42.847+02:00Sounds like you are creating the list OK, when I s...Sounds like you are creating the list OK, when I say carriage return, I mean that some wordlists made in Windows will have a carriage return[enter] at the end of each line (invisible) but which a linux system can read as a character. <br /><br />If you make the wordlist in Kate in BT4, then should be OK.<br /><br />Not sure what to say, when I tested it yesterday it all worked for me as long as I didnt try to do it too fast and not too far away.<br /><br />Can only suggest you double check your syntax (code you are using) and possibly change your router SSID to something easy to find like SMC and try with that.TAPEhttps://www.blogger.com/profile/13552543757002180973noreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-13958744174901537132011-03-30T09:56:41.596+02:002011-03-30T09:56:41.596+02:00Hi!
The router is next to me so the distance can&...Hi!<br /><br />The router is next to me so the distance can't be the problem.<br /><br />I tried my own dictionary and i tried a downloaded one both of them failed.<br /><br />Whats separator in the wordlist? I wrote every word in a new line (its worked with wpa bf).<br />Could be the character encoding the problem? i made my list on BT4 with Kate what should the encoding be?<br />Thanks again and sorry for my english im not too good at it:Ddkaronoreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-53470028180006126532011-03-30T00:25:17.944+02:002011-03-30T00:25:17.944+02:00Hey again dkaro :)
I havent played with mdk3 for...Hey again dkaro :) <br /><br />I havent played with mdk3 for a while, so I did a few tests again for sake of good order and all worked for me. <br /><br />You advise that the BruteForce attacks work OK, but that the dictionary attacks fail, correct ?<br /><br />So I am wondering with what OS you make the dictionary file.. <br />Is it possible that you have made a wordlist in windows, or downloaded one which may possibly have the carriage returns included ?<br /><br />If that is the case, try making a small dictionary list with for instance crunch in backtrack and add your SSID in that list and run it with mdk3.<br /><br />I have also seen the 'last try was NULL' sentence, but only after it found my correct SSID !<br />It has also come up when I was too far away from my AP.<br />Make sure you are close enough. <br /><br />I only test on my own equipment so it is never further away than a few metres.TAPEhttps://www.blogger.com/profile/13552543757002180973noreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-11989055879222135422011-03-29T20:54:41.206+02:002011-03-29T20:54:41.206+02:00Hi! Sorry i forgot to introduce myself:D i'm d...Hi! Sorry i forgot to introduce myself:D i'm dkaro!:D<br /><br />I think i have bigger problem than a wrong command.:S<br /><br />When i try to bf with a dictionary it always fails. I have a dictionary with 10 words (i tried bigger ones also) and i set the packet/s to 1 and it skip the pw.<br />I read a lot about mdk and watch a lot of tutorials and in every video it writes the tested key for example:<br />"next try testing xyz"<br />but in my case it always says last try was NULL.<br />with normal bf it works but with dictionary it doesnt. and i'd like find it out why.<br />any idea?<br />thanks for the help!<br />dkarodkaronoreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-14561884769822741592011-03-29T19:28:46.134+02:002011-03-29T19:28:46.134+02:00Hey there anonymous ;)
As mentioned, what I foun...Hey there anonymous ;) <br /><br />As mentioned, what I found is that if the speed was set to a too high a level that it sometimes missed it.<br /><br />Try to reduce the speed (-s switch) to a much lower level such as -s 50 or such. <br /><br />Alternatively, you could make sure that you have a dictionary list in which the SSID is included and run the dictionary attack instead.<br /><br />I did have consistently good results when using a lower speed. <br /><br />Let me know what your results are !TAPEhttps://www.blogger.com/profile/13552543757002180973noreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-72658747330878864842011-03-29T08:40:25.351+02:002011-03-29T08:40:25.351+02:00Hi Tape!
Do you know the reason why it "skips...Hi Tape!<br />Do you know the reason why it "skips" the right pw while brute forcing the hidden ssid?<br />I have the same problem (i'm writing my dissertation about wifi). It doesn't find the correct ssid always but bf should always work:SAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-23432155062821997672011-02-24T00:22:38.859+01:002011-02-24T00:22:38.859+01:00Glad you like the posts, thanks :)Glad you like the posts, thanks :)TAPEhttps://www.blogger.com/profile/13552543757002180973noreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-50588381942593876372011-02-23T23:16:13.105+01:002011-02-23T23:16:13.105+01:00in realty you have a very good information.
i like...in realty you have a very good information.<br />i like it and keep it up.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-13425395333439709252011-01-13T21:30:00.027+01:002011-01-13T21:30:00.027+01:00You really shouldnt be posting your email for the ...You really shouldnt be posting your email for the interwebz to see.. not smart.<br /><br />Also I really dont understand what you want to even do :/TAPEhttps://www.blogger.com/profile/13552543757002180973noreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-4826711631640862782011-01-13T00:29:31.541+01:002011-01-13T00:29:31.541+01:00This comment has been removed by a blog administrator.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-55734952573982566982010-07-08T07:58:25.245+02:002010-07-08T07:58:25.245+02:00? Seriously ?
The reply to your first comment show...? Seriously ?<br />The reply to your first comment shows how to navigate to the mdk3 directory..<br /><br />This whole post is about cracking hidden SSIDs... <br /><br />Test only on your own network.TAPEhttps://www.blogger.com/profile/13552543757002180973noreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-23790117617512800622010-07-07T17:55:59.763+02:002010-07-07T17:55:59.763+02:00hi Tape im mark again, in new in using backtrack4....hi Tape im mark again, in new in using backtrack4. can you make me instruction on how do i navigate the MDK3? and is it possible to crack hidden ssid?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8356530514965708840.post-39923002154655929052010-07-07T15:05:56.584+02:002010-07-07T15:05:56.584+02:00mdk3 is installed with backtrack4, but to use it y...mdk3 is installed with backtrack4, but to use it you have to navigate to the correct directory; <br /><br />cd /pentest/wireless/mdk3/<br />then when in that directory;<br />./mdk3 mon0 etc etcTAPEhttps://www.blogger.com/profile/13552543757002180973noreply@blogger.com