User Tools

Site Tools


tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
tools [2006/11/19 16:12]
darkaudax
tools [2018/06/18 03:48] (current)
mister_x Added kstats
Line 1: Line 1:
 ====== Tools ====== ====== Tools ======
- 
 =====  WZCook ===== =====  WZCook =====
 It recovers WEP keys from XP's Wireless Zero Configuration utility. This is experimental software, so it may or may not work depending on your Service Pack level. It recovers WEP keys from XP's Wireless Zero Configuration utility. This is experimental software, so it may or may not work depending on your Service Pack level.
  
-WZCOOK can also display the PMK (Pairwise Master Key), a 256-bit value which is the result of the passphrase hashed 8192 times together with the ESSID and the ESSID length. The passphrase itself can't be recovered -- however, knowing the PMK is enough to connect to a WPA-protected wireless network with [[http://​hostap.epitest.fi/​wpa_supplicant/​|wpa_supplicant]] (see the [[http://​hostap.epitest.fi/​cgi-bin/​viewcvs.cgi/​*checkout*/​hostap/​wpa_supplicant/​README-Windows.txt?​rev=HEAD&​content-type=text/​plain|Windows README]]). Your wpa_supplicant.conf configuration file should look like:+WZCOOK can also display the PMK (Pairwise Master Key), a 256-bit value which is the result of the passphrase hashed 8192 times together with the ESSID and the ESSID length. The passphrase itself can't be recovered -- however, knowing the PMK is enough to connect to a WPA-protected wireless network with [[http://​hostap.epitest.fi/​wpa_supplicant/​|wpa_supplicant]] (see the Windows README). Your wpa_supplicant.conf configuration file should look like:
  
   network={ ​   network={ ​
      ​ssid="​my_essid" ​      ​ssid="​my_essid" ​
-     ​pmk=5c9597f3c8245907ea71a89d[...]9d39d08e ​+     ​pmk=5c9597f3c8245907ea71a89d[...]9d39d08e 
 +  }
  
-If you don't use WZC service, but you use USR Utility, get this registry value and try it [[http://​www.latinsud.com/​js.html?//​%20edit%20this%20and%20press%20Ejecutar%0Atoken%3D%22f30d29486b%22%0A%0Atocho%3D%226a6b6c6a7a39386326323e612b7429636c355b643d6e333b22665f756d%22%0Ahexc%3D%220123456789abcdef%22%0Ar%3D%22%22%0Afor%20%28i%3D0%3B%20i%3Ctoken.length%3B%20i+%3D2%29%20%7B%0A%20j%3Dtoken.length-i-2%3B%0A%20c%3DparseInt%28token.substring%28i%2Ci+2%29%2C16%29%3B%0A%20c%5E%3DparseInt%28tocho.substring%28j%2Cj+2%29%2C16%29%3B%0A%20r%3Dhexc.charAt%28c%2516%29+r%3B%0A%20r%3Dhexc.charAt%28parseInt%28c/​16%29%29+r%3B%0A%7D%0Ab.value%3Dr|here]]:​+The WZCook tool also supports a silent mode.  This is invoked by adding "​-''''​-silent"​ (double dashes) to the command. ​ The program runs and does not output any messages. ​ This is useful for batch files and scripts. 
 + 
 +If you don't use WZC service, but you use USR Utility, get this registry value and try it [[http://​www.latinsud.com/​js.html?//​%20edit%20this%20and%20press%20Ejecutar%0Atoken%3D%22f30d29486b%22%0A%0Atocho%3D%226a6b6c6a7a39386326323e612b7429636c355b643d6e333b22665f756d%22%0Ahexc%3D%220123456789abcdef%22%0Ar%3D%22%22%0Afor%20%28i%3D0%3B%20i%3Ctoken.length%3B%20i+%3D2%29%20%7B%0A%20j%3Dtoken.length-i-2%3B%0A%20c%3DparseInt%28token.substring%28i%2Ci+2%29%2C16%29%3B%0A%20c%5E%3DparseInt%28tocho.substring%28j%2Cj+2%29%2C16%29%3B%0A%20r%3Dhexc.charAt%28c%2516%29+r%3B%0A%20r%3Dhexc.charAt%28parseInt%28c/​16%29%29+r%3B%0A%7D%0Ajsout.value%3Dr|here]]:​
   HKey_Current_User/​Software/​ACXPROFILE/​profilename/​dot11WEPDefaultKey1   HKey_Current_User/​Software/​ACXPROFILE/​profilename/​dot11WEPDefaultKey1
  
 =====  ivstools ===== =====  ivstools =====
  
-You can handle //.ivs// files with this tool. You can either merge or convert them.+This tool handle //.ivs// files. You can either merge or convert them.
  
 ==== Merge ==== ==== Merge ====
-Use --merge option to merge multiple //.ivs// files. Example:+Use -''''​-merge option to merge multiple //.ivs// files. Example:
   ivstools --merge dump1.ivs dump2.ivs dump3.ivs out.ivs ​   ivstools --merge dump1.ivs dump2.ivs dump3.ivs out.ivs ​
 It will merge dump1.ivs, dump2.ivs and dump3.ivs into out.ivs. You can merge more than 2 files, output file must be the last argument. ​ It will merge dump1.ivs, dump2.ivs and dump3.ivs into out.ivs. You can merge more than 2 files, output file must be the last argument. ​
Line 28: Line 30:
 ==== Convert ==== ==== Convert ====
  
-Use --convert option to convert a pcap file (by default, they have //.cap// extension) to a //.ivs// file. Example:+Use -''''​-convert option to convert a pcap file (by default, they have //.cap// extension) to a //.ivs// file. Example:
   ivstools --convert out.cap out.ivs   ivstools --convert out.cap out.ivs
 It will save out.cap IVs to out.ivs ​ It will save out.cap IVs to out.ivs ​
Line 36: Line 38:
 **Note**: Kismet produce pcap files (the extension is //.dump//), that can be converted **Note**: Kismet produce pcap files (the extension is //.dump//), that can be converted
  
-**WARNING**:​ pcap2ivs from aircrack, and aircrack-ng up to v0.2.1 have a bug which creates broken captures. You should not use pcap2ivs from that versions. If you did and got messed .ivs file and want to recover it as much as possibleyou should try [[FixIvs]]. +**WARNING**:​ pcap2ivs from aircrack, and aircrack-ng up to v0.2.1 have a bug which creates broken captures. You should not use pcap2ivs from those versions. If you have broken IVs file from using the broken versions, then try using [[FixIvs]] ​to recover ​it.  
 + 
 +===== Versuck-ng ===== 
 + 
 +versuck-ng'​s purpose is to calculate the default WEP key for Verizon issued Actiontec wireless routers. It does this using  a  list of  known  hardware ​ IDs in the wired mac used by the router. Depending on the BSSID you can some times use it as well. The OUI needs  to  match on both the wireless and wired mac for use of the BSSID to work. 
 + 
 +  Usage: versuck-ng options -m -e 
 +   
 +  Options: 
 +   -h--help ​           show this help message and exit 
 +   -m MAC, --mac=MAC ​    Mac Address 
 +   -e ESSID, --essid=ESSID essid 
 + 
 +Use: 
 +    versuck-ng -e ESSID -m WIRED_MAC 
 + 
 +=====  buddy-ng ===== 
 + 
 +Check out [[easside-ng]] documentation. 
 + 
 +=====  makeivs-ng ===== 
 + 
 +makeivs-ng is a tool designed to generate an IVS dump file with an inputted WEP key. The aim of is tools is to provide a way to create dumps with a known encryption key for tests. 
 + 
 +By default, it will generate a file with the BSSID 01:​02:​03:​04:​05:​06 of 100000 packets and 16 bytes of keystream. IVs will be sequential. Various parameters can added to test different scenarios:​ 
 + 
 +^Option^Description^ 
 +|-b <​bssid>​ or --bssid <​bssid>​|Set the BSSID (Access Point MAC).| 
 +|-f <num> or --first <​num>​|Value for the first IV generated.| 
 +|-k <key> or --key <​key>​|Target network WEP key in hex. Separator between bytes is accepted but not necessary.| 
 +|-s <num> or --seed <​num>​|Seed used to setup random generator. May be used in combination with -p or --prng.| 
 +|-w <​file>​ or --write <​file>​|Filename to write IVs into.| 
 +|-c <num> or --count <​num>​|Amount of IVs to generate. Default value is 100000.| 
 +|-d <num> or --dupe <​num>​|Percentage of duplicate IVs.| 
 +|-e <num> or --error <​num>​|Percentage of erroneous keystreams.| 
 +|-l <num> or --length <​num>​|Size of keystreams. Default: 16 bytes.| 
 +|-n or --nofms|Ignores weak IVs.| 
 +|-p or --prng|Use random values when generating IVs. Default is to use sequential values.| 
 + 
 +Minimum required parameters: -w and -k. 
 + 
 +=====  kstats ===== 
 + 
 +kstats is a tool designed to show the FMS algorithm votes for an IVS dump with a specified WEP key. The IVS dump can be get by using the  combination of both [[airodump-ng]] and [[#​ivstools|ivstools]]. 
 + 
 +Usage: 
 + 
 +   ​kstats <IVS file> <WEP Key>
tools.1163949138.txt.gz · Last modified: 2007/02/04 22:00 (external edit)