Julio 03, 2015, 04:39:56 am

Autor Tema: Ayuda necesito sacar clave WEP con windows vista  (Leído 5720 veces)

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado sokonch

  • CPQUE??
  • *
  • Mensajes: 1
    • Ver Perfil
Ayuda necesito sacar clave WEP con windows vista
« en: Febrero 05, 2011, 11:26:37 pm »
buenas a todos, soy nuevo en esto, estoy buscando varios post pero no encuentro para windows vista algun tutorial o programa espero su ayuda pronto para sacar clave wifi al vecino gracias

Desconectado Can35

  • Me das tu IP?
  • *
  • Mensajes: 155
  • "Siempre hay una puerta abierta o mal cerrada"
    • Ver Perfil
Re: Ayuda necesito sacar clave WEP con windows vista
« Respuesta #1 en: Febrero 06, 2011, 02:56:35 am »
 Virtual box con conector usb conectado, tarjeta wireless usb y alguna distro linux (Backtrack,Wifiway,Ubuntu, etc...).

 A mi entender hackear señal wireless desde windows es como atracar un banco con una pistola de juguete.

" Mientras no tengas el control direccional de la señal,...no evitaras el crack"..802.11 b/g/n
¡Capitan Crunch...profeta!


Desconectado lealesdibua

  • Yo vivo en CPH
  • ***
  • Mensajes: 989
  • Sexo: Masculino
    • Ver Perfil
Re: Ayuda necesito sacar clave WEP con windows vista
« Respuesta #2 en: Febrero 09, 2011, 10:04:47 am »
no lo desanimes Can35 ¡¡que si que puede jejeje busca elmas apropiado para tu maquina
fijate si tienes programas lo pille de un foro

Recopilacion de programas Wifi para Windows, Linux y Mac.
Hay algunos que son free y otros de pago, hay una breve explicacion en Ingles. (Hay unos cuantos).y si alguno no van ya sabes como se llama
para googlear

Aegis Client
http://www.mtghouse.com/products/aegisc ... ndex.shtml
by Meetinghouse Data Communications
AEGIS Client offers the most comprehensive IEEE 802.1X/WPA supplicant
for wired and wireless networks. AEGIS Client is a standards-based
implementation of IEEE 802.1X and supports MD5, TLS, TTLS, Cisco LEAP,
and PEAP on Windows XP, 2000, NT, 98, ME, Pocket PC 2002/2003, Mac
OSX, and Linux operating systems. AEGIS Client provides
interoperability with 802.1X-capable wireless access points and
authentication servers like Microsoft IAS and Cisco's ACS.

by Sniph
Aerosol is easy to use wardriving software for PRISM2 Chipset, ATMEL
USB and WaveLAN Wireless cards on Windows. Its lightweight, written in
C, free, and uh, just works!

by AirCrack Team
aircrack is a 802.11 WEP key cracker. It implements the so-called
Fluhrer - Mantin - Shamir (FMS) attack, along with some new attacks by
a talented hacker named KoreK. When enough encrypted packets have been
gathered, aircrack can almost instantly recover the WEP key.

AirDefense Guard
by AirDefense, Inc.
AirDefense Guard is an 802.11a/b/g wireless LAN intrusion detection
and security solution that identifies security risks and attacks,
provides real-time nework audits and monitors the health of the
wireless LAN. AirDefense Guard: * Detects all rogue WLANs; * Secures a
wireless LAN by recognizing and responding to intruders and attacks as
they happen; * Performs real-time network audits to inventory all
hardware, tracks all wireless LAN activity and enforces WLAN policies
for security and management; * Monitors the health of the network to
identify and respond to hardware failures, network interferences and
performance degradation. Based of the AirDefense platform, AirDefense
Guard consists of distributed sensors and server appliances. The
remote sensors sit near 802.11 access points to monitor all WLAN
activities and report back to the server appliance, which analyzes the
traffic in real time.

by Dave Smith et al
AirFart is a wireless tool created to detect wireless devices,
calculate their signal strengths, and present them to the user in an
easy-to-understand fashion. It is written in C/C++ with a GTK front
end. Airfart supports all wireless network cards supported by the
linux-wlan-ng Prism2 driver that provide hardware signal strength
information in the "raw signal" format (ssi_type 3). Airfart
implements a modular n-tier architecture with the data collection at
the bottom tier and a graphical user interface at the top.

by abaddon
AirJack is a device driver (or suit of device drivers) for
802.11(a/b/g) raw frame injection and reception. It is ment as a
development tool for all manor of 802.11 applications that need to
access the raw protocol.

by AirMagnet, Inc.
AirMagnet keeps wireless networks of all sizes safe, secure, and
performing smoothly. AirMagnet Enterprise provides network
administrators with an enterprise-hardened intrusion prevention system
to protect and administer all of their 802.11 WLANs worldwide. The
system provides 24x7 coverage of all bands (802.11b, 802.11b or
802.11g) and channels in use worldwide, to detect and automatically
stop threats to the network.

AiroPeek SE
by WildPackets, Inc.
AiroPeek, a comprehensive packet analyzer for IEEE 802.11 wireless
LANs, is designed to identify and solve wireless network anomalies. It
quickly isolates security problems, fully decodes all 802.11 WLAN
protocols, and analyzes wireless network performance with accurate
identification of signal strength, channel and data rates. AiroPeek
incorporates all of the network troubleshooting expertise familiar to
users of WildPacket's award-winning EtherPeek. AiroPeek features: *
Full 802.11 WLAN protocol decodes; * Display of data rate, channel,
and signal strength for each packet; * Continuous monitoring of
network statistics in real-time; * Alarms, triggers, and notifications
- all user definable; * Customized output of statistics (HTML, XML,

AiroPeek NX
by WildPackets, Inc.
AiroPeek NX, WildPackets expert wireless LAN analyzer, provides
network engineers with the expert diagnostics they need to deploy,
secure, and troubleshoot wireless LANs. AiroPeek NX covers the full
spectrum of wireless LAN management requirements, including site
surveys, security assessments, client troubleshooting, WLAN
monitoring, remote WLAN analysis, and application layer protocol
analysis. Designed to accelerate the troubleshooting of WLAN-specific
problems, AiroPeek NX features powerful problem detection heuristics
and 802.11-specific diagnostic capabilities. AiroPeek NX features: *
Includes 802.11-specific Expert Diagnostics; * Includes features for
Site Surveys and Security Audits; * Includes a Channel Signal Strength
Meter with graphing and alarm setting capabilities; * Supports basic
VoIP Analysis; * Performs on-the-fly and post-capture WEP Decryption;
* Supports distributed WLAN analysis with the RFGrabber Probe.

Airscanner Mobile Sniffer
http://www.airscanner.com/downloads/sni ... iffer.html
by Airscanner Corp.
Sniff packets from your Pocket PC. With support for Ethereal packet
capture format. Airscanner Mobile Sniffer allows you to set your own
filters, allowing you to monitor only the information you need.

by The Shmoo Group
Airsnarf is a simple rogue wireless access point setup utility
designed to demonstrate how a rogue AP can steal usernames and
passwords from public wireless hotspots. Airsnarf was developed and
released to demonstrate an inherent vulnerability of public 802.11b
hotspots--snarfing usernames and passwords by confusing users with DNS
and HTTP redirects from a competing AP.

by The Shmoo Group
AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys.
AirSnort operates by passively monitoring transmissions, computing the
encryption key when enough packets have been gathered. AirSnort
requires approximately 5-10 million encrypted packets to be gathered.
Once enough packets have been gathered, AirSnort can guess the
encryption password in under a second.

by Elixar, Inc.
AirTraf 1.0 is a wireless sniffer that can detect and determine
exactly what is being transmitted over 802.11 wireless networks. This
open-source program tracks and identifies legitimate and rogue access
points, keeps performance statistics on a by-user and by-protocol
basis, measures the signal strength of network components, and more.
Developed as an open source program, AirTraf is available in a
stand-alone Linux package.

by Brian Barto, Ron Sweeney
Dictionary Attack Tool against LEAP. anwrap is a wrapper for ancontrol
that serves as a dictionary attack tool against LEAP enabled Cisco
Wireless Networks. It traverses a user list and password list
attempting authentication and logging the results to a file.

AP Hopper
by Matthew Davidson, Jeffrey Strube
AP Hopper is a program that automatically hops between access points
of different wireless networks. It checks for DHCP and Internet Access
on all the networks found. It logs successful and unsuccessful

AP Radar
by Don Park
Network Stumbler and Wireless Configuration client. AP Radar is a
Linux/GTK+ based graphical netstumbler and wireless profile manager.
This project makes use of the version 14 wireless extensions in linux
2.4.20 and 2.6 to provide access point scanning capabilities for most
models of wireless cards. It is meant to replace the manual process of
running iwconfig and dhclient. It makes reconfiguring for different
APs quick and easy.

http://www.math.ucla.edu/%7Ejimc/mathne ... nload.html
by Jim Carter
Access Point Hunter. It can find and automatically connect to whatever
wireless network is within range. It can be used for site surveys,
writing the results in a file.

by Frederic Bret-Mounet
Wireless (802.11) Access Point Sniffer for Windows 2000 only. It
enables you to list all access points broadcasting beacon signals at
your location. This is not a finished product. It was only tested on
DWL-650 & Linksys and requires you to manually change the SSID to
blank before running it.

by Kirby Kuehl
APTools is a Win32/Unix 802.11b rogue access point detection tool that
is able to locate access points over the "wired" network.

www.oxid.it <http://www.oxid.it>
by Massimiliano Montoro
Is an utility for sending customized 'ARP announce' packets over the
network. All ARP parameters, including the Ethernet Source MAC address
(the phisical address of your network card) can be changed as you
like. Other features are: IP to MAC resolver, subnet MAC discovery,
host isolation, packets redirection, general IP confict.

by Joshua Wright
Recovers weak LEAP passwords. Can read live from any wireless
interface in RFMON mode. Can monitor a single channel, or perform
channel hopping to look for targets. This tool is released as a
proof-of-concept to demonstrate a weakness in the LEAP protocol. LEAP
is the Lightweight Extensible Authentication Protocol, intellectual
property of Cisco Systems, Inc. LEAP is a security mechanism available
only on Cisco access points to perform authentication of end-users and
access points. LEAP is written as a standard EAP-type, but is not
compliant with the 802.1X specification since the access point
modifies packets in transit, instead of simply passing them to a
authentication server (e.g. RADIUS).

BlueSocket Wireless Gateway
by BlueSocket, Inc.
The Bluesocket Wireless Gateway Family constitutes a selection of
mutually interoperable appliances to secure and manage your wireless
local area networks. From controlling a single departmental WLAN, to
public hotspot locations and large enterprise networks spread across
your campus - there's a Bluesocket Wireless Gateway to meet your

by Dachb0den Labs
bsd-airtools is a package that provides a complete toolset for
wireless 802.11b auditing. Namely, it currently contains a bsd-based
wep cracking application, called dweputils (as well as kernel patches
for NetBSD, OpenBSD, and FreeBSD). It also contains a curses based ap
detection application similar to netstumbler (dstumbler) that can be
used to detect wireless access points and connected nodes, view signal
to noise graphs, and interactively scroll through scanned ap's and
view statistics for each. It also includes a couple other tools to
provide a complete toolset for making use of all 14 of the prism2
debug modes as well as do basic analysis of the hardware-based
link-layer protocols provided by prism2's monitor debug mode.

Cain & Abel
www.oxid.it <http://www.oxid.it>
by Massimiliano Montoro
Is a password recovery tool for Microsoft Operating Systems. It allows
easy recovery of various kind of passwords by sniffing the network,
cracking encrypted passwords using Dictionary, Brute-Force and
Cryptanalysis attacks, recording VoIP conversations, decoding
scrambled passwords, revealing password boxes and analyzing routing

by alksoft
ClassicStumbler scans for and displays information about all the
wireless access points in range. It will display your signal strength,
noise strength, signal to noise ratio, what channel your access point
is on, if other access points are interfering with yours, and whether
or not those access points are providing encrypted, unencrypted,
computer-to-computer, or infrastructure type networks. For an AirPort
capable Mac.

www.oxid.it <http://www.oxid.it>
by Massimiliano Montoro
(Cisco PIX Firewall Password Calculator) produces the encrypted form
of Cisco PIX enable mode passwords without the need to access the

Cqure AP
by cqure.net
Cqure AP is a 802.11 wireless accesspoint that runs on a small linux
distribution. This version is built using uClibc and fits on a single
floppy. It currently has support for running as a bridge or gateway.
It comes with a dhcp server and firewall and has support for 802.1X.
Configure the AP using the cqure.conf supplied on the floppy.

by DMZ Services, Inc.
Perl script uses the text output of netstumbler and generates IDW
overlay images on top of terraserver satellite maps.

by Dachb0den Labs
Part of the BSD-AirTools suite, dstumbler is a
wardriving/netstumbling/lanjacking utility for bsd operating systems
that attempts to provide features similar to netstumbler in a fast and
easy to use curses based application. it is part of the bsd-airtools
package released by Dachb0den Labs, which provides a complete bsd
based tool set for 802.11b penetration testing.

by Hagel Technologies
DU Meter is an award winning utility from Hagel Technologies that
provides an accurate account of the data which is flowing through your
computer's network connection at any given moment. This readout is
presented in both numerical and graphical format, in real time. DU
Meter includes extensive logging facility, flexible events system, and
more. It supports Windows 95/98/NT4/2000 and XP! DU Meter works with
virtually all types of network connections: phone modems, DSL, cable
modem, LAN, satellite, and more.

by Dachb0den Labs
Part of the BSD-AirTools suite, dweputils is a set of utilities that
allows you to fully audit and secure a wep encrypted network. it
consists of a packet collection tool called dwepdump, which allows you
to collect wep encrypted packets using a prism2 card, as well as
dwepcrack which allows you to recover wep keys using any of the
commonly used methods, and dwepkeygen a secure 40-bit key generator
that creates keys that aren't vulnerable to the Tim Newsham 221 attack
using a variable length seed.

by Gerald Combs et al
Ethereal is a free network protocol analyzer for Unix and Windows. It
allows you to examine data from a live network or from a capture file
on disk. You can interactively browse the capture data, viewing
summary and detail information for each packet. Ethereal has several
powerful features, including a rich display filter language and the
ability to view the reconstructed stream of a TCP session. Live data
can be read from Ethernet, FDDI, PPP, Token-Ring, IEEE 802.11,
Classical IP over ATM, and loopback interfaces (at least on some
platforms; not all of those types are supported on all platforms).
Ethereal Packet Sniffing

by Black Alchemy Enterprises
If one access point is good, 53,000 must be better. Black Alchemy's
Fake AP generates thousands of counterfeit 802.11b access points. Hide
in plain sight amongst Fake AP's cacophony of beacon frames. As part
of a honeypot or as an instrument of your site security plan, Fake AP
confuses Wardrivers, NetStumblers, Script Kiddies, and other

by Remco Treffkorn
gpsd is a daemon that listens to a GPS or Loran receiver and
translates the positional data into a simplified format that can be
more easily used by other programs, like chart plotters. The package
comes with a sample client that plots the location of the currently
visible GPS satellites (if available) and a speedometer. It can also
use DGPS/ip.

by Fritz Ganter
Gpsdrive is a map-based navigation system. It displays your position
on a zoomable map provided from a NMEA-capable GPS receiver. The maps
are autoselected for the best resolution, depending of your position,
and the displayed image can be zoomed. Maps can be downloaded from the
Internet with one mouse click. The program provides information about
speed, direction, bearing, arrival time, actual position, and target
position. Speech output is also available.

by Max Moser, Joshua Wright
Hotspotter was written to exploit this weakness in the Windows XP
operating system. Hotspotter passively monitors the network for probe
request frames to identify the preferred networks of Windows XP
clients, and will compare it to a supplied list of common hotspot
network names. If the probed network name matches a common hotspot
name, Hotspotter will act as an access point to allow the client to
authenticate and associate. Once associated, Hotspotter can be
configured to run a command, possibly a script to kick off a DHCP
daemon and other scanning against the new victim.

Intel PRO/Wireless 2100/2200BG/2915ABG native drivers for *BSD
by Damien Bergamini
This project aims at supporting the Intel(r) PRO/Wireless
2100/2200BG/2915ABG network adapters (core components of Intel(r)
Centrino™ technology) under *BSD. The drivers are distributed under
the terms of the BSD License. It is a work in progress. See the
following section for more information about the project latest
developments. You may have noticed that the Linux drivers developped
by Intel are under GPL and the ipw and iwi drivers are not. The ipw
and iwi drivers are NOT ports of the Linux drivers but are complete
re-writes (from scratch). Absolutely no code has been taken from Intel
which does not support neither officially nor unofficially these
drivers in any way.

www.oxid.it <http://www.oxid.it>
by Massimiliano Montoro
Scans for IP restrictions set for a particular service on a Host. It
combines "ARP Poisoning" and 'Half-Scan' techniques and tries totally
spoofed TCP connections to the selected port of the Target. IRS is not
a port Scanner but a 'valid source IP address' Scanner for a given

by Alf Watt
iStumbler is a free, open source tool for finding wireless networks
and devices with your AirPort equipped Macintosh. iStumbler combines a
compact user interface with a real time graph of signal strength and
complete debugging information such as network type, name and mac
address. Real-time visual feedback of signal strength and encryption
allows you to quickly find open networks, perform site surveys or just
have a look at your wireless neighborhood. For MacOS

http://www.binaervarianz.de/projekte/pr ... en/kismac/
by Michael Rossberg et al
KisMAC is a free stumbler application for MacOS X, that puts your card
into the monitor mode. Unlike most other applications for OS X we are
completely invisible and send no probe requests. KisMAC supports third
party PCMCIA cards with Orinoco and PrismII chipsets, as well as Cisco
Aironet cards. This program is not intended for people, who have not
much knowledge about WiFi, but for professional users.

by Mike Kershaw
Kismet is an 802.11 layer2 wireless network detector, sniffer, and
intrusion detection system. Kismet will work with any wireless card
which support raw monitoring (rfmon) mode, and can sniff 802.11b,
802.11a, and 802.11g traffic. Kismet is fully passive and undetectable
when in operation. Kismet automatically tracks all networks in range
and is able to detect (or infer) hidden networks, attack attempts,
find rogue access points, and find unauthorised users.

by The Packetfactory
A toolkit for 802.11 frame capturing, creation and injection.

by h1kari
libwnet is a packet creation and injection framework for building raw
802.11b frames and injecting them on *BSD based systems. Included in
this base package are the following applications which make use of
libwnet: dinject is a command line 802.11b packet injection package
based on nemesis; reinj is a proof-of-concept for the tcp/arp
reinjection attack to generate traffic on a weped network.

by Baseband Technologies
LinkFerret network monitoring products for LAN and wireless topologies
provide you with a comprehensive set of monitoring utilities and
packet sniffers for capture, statistical analysis, and protocol
decoding. The LinkFerret network monitor is a complete and reliable
Windows-based monitoring solution available at a truly affordable
price. LinkFerret supports both Ethernet and 802.11. It updates all of
the statistical displays as well as the brief decode in real time.
LinkFerret captures and displays network traffic at the MAC level. You
see real 802.11 frames, not just the data after it has been filtered
through an Ethernet emulation. It understands many formats, both on
input and output. Trace files are read and written in many popular
formats, and reports are created in several convenient formats
including HTML, CSV, text, and bitmap. LinkFerret provides a rich set
of filters that enable you to drill down to just what you are
interested in. Options include filter by MAC or IP address, by
protocol, and by hex string. It supports multiple alarm conditions
each of which may have its own scriptable action.

Linux WPA/WPA2/IEEE 802.1X Supplicant
by Jouni Malinen
wpa_supplicant is a WPA Supplicant for Linux, BSD and Windows with
support for WPA and WPA2 (IEEE 802.11i / RSN). Supplicant is the IEEE
802.1X/WPA component that is used in the client stations. It
implements key negotiation with a WPA Authenticator and it controls
the roaming and IEEE 802.11 authentication/association of the wlan
driver. wpa_supplicant is designed to be a "daemon" program that runs
in the background and acts as the backend component controlling the
wireless connection. wpa_supplicant supports separate frontend
programs and an example text-based frontend, wpa_cli, is included with

Lucent/Orinoco Registry Encr./Decr.
by Anders Ingeborn
Lucent Orinoco Client Manager stores WEP keys in Windows registry
under a certain encryption/obfuscation. This tool can be used to
encrypt WEP keys to reg value or to decrypt reg value into WEP key.

by Korben
MacStumbler is a utility to display information about nearby 802.11b
and 802.11g wireless access points. It is mainly designed to be a tool
to help find access points while traveling, or to diagnose wireless
network problems. Additionally, MacStumbler can be used for
"wardriving", which involves co-ordinating with a GPS unit while
traveling around to help produce a map of all access points in a given
area. MacStumbler requires an Apple Airport Card and MacOS 10.1 or
greater. MacStumbler doesn't currently support any kind of PCMCIA or
USB wireless device.

http://www.netstumbler.com/download.php ... load&cid=1
by W. Slavin
Network Stumbler for Pocket PC 3.0 and 2002. Supports ARM, MIPS and
SH3 CPU types.

by Sean Whalen
Mognet is a simple, lightweight 802.11b sniffer written in Java and
available under the GPL. It features realtime capture output, support
for all 802.11b generic and frame-specific headers, easy display of
frame contents in hex or ascii, text mode capture for GUI-less
devices, and loading/saving capture sessions in libpcap format. Mognet
requires a Java Development Kit 1.3 or higher, and a working C
compiler for native code compilation. Your wireless card must support
monitor mode, which most (but not all) do.

Musatcha Advanced WiFi Mapping Engine
by Brad Isbell
This is a freeware client to WiGLE.net. It also acts as a Kismet
client that can log (so you can effectively wardrive with a Linksys
wap54g or wrt54g running kismet). It supports NMEA GPS units (or you
can get GPS data from Netstumbler.) GPSd is in the works.

by Michael A. Waldron
Find WiFi hotspots with your Palm Tungsten C Handheld Computer.

NetMotion Mobility
by NetMotion Wireless
NetMotion Mobility offers: * SCALABILITY to support thousands makes it
easy to add capacity to meet enterprise demand. And it's still
plug-and-play; * FAILOVER and LOAD-BALANCING to support
mission-critical enterprise deployments; * ROBUST SYSTEM BACKBONE
powered by Sun Microsystems' industry-leading LDAP technology; *
REMOTE MANAGEMENT using new web console for intuitive, full-function
remote management and improved control of even the largest global

http://www.netstumbler.com/download.php ... load&cid=1
by W. Slavin
Windows Utility for 802.11b based Wireless Network Auditing.

by NoCatAuth Team
The goal of NoCat is to provide a mechanism for creating multiple
classes of service for cooperative wireless networking. The three
major components of the network are: * Roaming Client; * Wireless
Gateways; * Cooperative Authentication Services.

by Funk Software, Inc.
Odyssey is a wireless LAN access control and security solution that
not only provides strong security over the wireless link, but also can
be easily and widely deployed and managed across an enterprise
network. Odyssey includes client and server software. It secures the
authentication and connection of wireless LAN (WLAN) users, ensuring
that only authorized users can connect, that connection credentials
will not be compromised, and that data privacy will be maintained.
Odyssey is based on the IEEE security standard 802.1x, and supports a
wide variety of 802.1x security methods, including the strong and
easily managed security method EAP-TTLS.

by OpenAP Team
OpenAP is the complete distribution of open-source software that is
required to produce a fully 802.11b compliant wireless access point.
One cool feature of OpenAP access points is their ability to do
multipoint to multipoint wireless bridging, while simultaneously
serving 802.11b stations. OpenAP is also a platform on which
developers and hobbyists may realize their ideas. Since the build
environment and software development tools are all included, the
potential is limitless. Here are some features included in the OpenAP
distribution: * Simultaneous Bridge + Access Point + Repeater; * Fully
wireless operation; * Multipoint to Multipoint mesh networking; *
802.1d spanning tree protocol; * Layer 2 roaming; * Serial console
login, complete with unix bash shell; * Source code and build

by Network Chemistry
Packetyzer is a Windows user interface for the Ethereal packet capture
and dissection library. Packetyzer can decode more than 483 protocols.
Packetyzer works together with the Neutrino Sensor for 802.11 packet
capture and analysis. Packetyzer is known to work under Windows 95,
98, ME, NT, 2000 and XP. Packetyzer is distributed together with
winpcap and Ethereal.

by DataWorm Labs
Wi-Fi Surveying Tool for the Pocket PC. Wireless auditing software for
PRISM and NDIS 5.1 compatible card that runs on PocketPC 2002.
Supports GPS.

by MobileAccess
A Tool to check the vulnerability of your WirelessLan AccessPoint. In
case your AccessPoint is running a vulnerable Firmware, you get access
to all relevant details such as admin password, WEP keys, allowed
MAC-Addresses and some more.

by Jan Fernquist
Prismstumbler is a wireless LAN (WLAN) which scans for beaconframes
from accesspoints. Prismstumbler operates by constantly switching
channels an monitors any frames recived on the currently selected

by ReefEdge Networks
The scalable family of multi-site ReefSwitches offer advanced WLAN
functionality ensuring the performance, availability, mobility, and
security required for mission-critical business applications. Key
Features: * security, access control, encryption; * mobility and
roaming; * advanced monitoring and remote troubleshooting; * easy to
deploy, automated "zero-config" technology.

by WildPackets
WildPackets RFGrabber solution fundamentally changes wireless network
management by allowing IT Professionals to remotely analyze WLAN
segments. RFGrabber is a combination hardware/software solution,
consisting of the RFGrabber Probe and AiroPeek NX. With RFGrabber you
can remotely: * Check signal strength; * Scan for rogue access points;
* Troubleshoot applications on a WLAN; * Verify security policy
adherence; * Monitor client connectivity; * Gauge usage.

by Alfa & Ariss
SecureW2 for Windows platforms is the cost effective and most robust
client solution for deploying 802.1X networks. The SecureW2 Client
enables EAP-TTLS using the standard Microsoft IEEE 802.1X Client
currently available for Windows 2000, Windows XP and Pocket PC 2003.
Alfa & Ariss has extended the SecureW2 family with SecureW2 2 and
SecureW2 for Pocket PC 2003. The latest SecureW2 releases support
Inner EAP. SecureW2 can employ third-party EAP modules during
authentication so that it is deployable with virtually any AAA

Sniffer Wireless
http://www.sniffer.com/Products_details ... 6178370181
by Network General
Sniffer Wireless is a comprehensive solution for managing network
applications and deployments on wireless LAN 802.11a and 802.11b
networks. It spots security risks in real time, identifies network
problems quickly, and reduces network operating costs. The
wireless-specific Expert analysis system enhances visibility into
network anomalies and facilitates automatic problem-solving — ensuring
the correction of performance problems, the removal of rogue wireless
equipment, and the discovery of unauthorized mobile users.

by Andrew Lockhart
The Snort-Wireless project is an attempt to make a scalable (and
free!) 802.11 intrusion detection system that is easily integratable
into an IDS infrastructure. It is completely backwards compatible with
Snort 2.0.x and adds several additional features. Currently it allows
for 802.11 specific detection rules through the new "wifi" rule
protocol, as well as rogue AP, AdHoc network, and Netstumbler
detection. Many more new features are planned for future releases.
Bascially, Snort-Wireless intends to eventually be the opensource
answer to AirDefense.

by Kostas Evangelinos
A nifty tool to use when looking to discover access points and save
captured traffic. Comes with a configure script and supports Cisco
Aironet and random prism2 based cards.

www.oxid.it <http://www.oxid.it>
by Massimiliano Montoro
Is a Telnet client with a unique feature. It can establish an entire
bi-directional Telnet session to a target host never sending your real
IP and MAC addresses in any packet. By using "ARP Poisoning", "MAC
Spoofing" and "IP Spoofing" techniques sTerm can effectively bypass
ACLs, Firewall rules and IP restrictions on servers and network
devices. the connection will be done impersonating a Trusted Host.

by Michael Puchol, Sonar Security
StumbVerter is a standalone application which allows you to import
Network Stumbler's summary files into Microsoft's MapPoint 2004 maps.
The logged WAPs will be shown with small icons, their colour and shape
relating to WEP mode and signal strength. As the AP icons are created
as MapPoint pushpins, the balloons contain other information, such as
MAC address, signal strength, mode, etc. This balloon can also be used
to write down useful information about the AP, notes, etc.

by The Hacker's Choice
The THC LEAP Cracker Tool suite contains tools to break the
NTChallengeResponse encryption technique e.g. used by Cisco Wireless
LEAP Authentication. Also tools for spoofing challenge-packets from
Access Points are included, so you are able to perform dictionary
attacks against all users.

by Takehiro Takahashi
tinyPEAP is a very small RADIUS server that supports PEAP
authentication (the most secure wireless authentication protocol). It
was designed from scratch to be able to run on very minimal hardware,
such as the Linksys WRT54G. What are the benefits of such a server?
Traditional 802.1X/RADIUS solutions require a dedicated RADIUS server
and a rather complex setup. tinyPEAP allows you to have all of the
benefits of 802.1X and PEAP security without the hassle of having a
full blow RADIUS server on hand. In fact, the whole setup fits in a
relatively cheap wireless access point that is very easy to setup. For
those not familiar with 802.1X/PEAP solutions, they provide much
enhanced security and user management abilities. 802.1X/PEAP solutions
such as tinyPEAP successfully mitigate most of the known attacks
against 802.11 wireless networks, most notably sniffing and key
cracking. The tinyPEAP team has integrated this server into WRT54G and
GS firmware for you to try. TinyPeap comes with a graphical interface
in order to manage the server.

by Reyk Floeter
A free implementation of some basic 802.11b attacks. This tool
consists of the tools "deauth" and "auth". deauth (Network DOS) (flood
wireless networks with deauthentication packets and spoofed BSSID;
authenticated stations will drop their network connections). auth
(Accesspoint DOS) (flood accesspoints with authentication packets and
random stations addresses; some accesspoints will deny any service
after some flooding)

by WarGlue Team
This is a multiplatform general utility suite for use with existing
network stumbling software, such as Kismet or NetStumbler. The program
will convert between multiple output logs, including the popular
wi-scan format, between platforms.

by Fred
A new linux distribution for Wardrivers. It is available on disk and
bootable CD. Its main intended use is for systems administrators that
want to audit and evaluate their wireless network installations.
Should be handy for wardriving also.

Wavelan Tools
by Cyrus Durgin et al
802.11 network tools - allow for detection of networks and services
initially using wireless extensions for linux and raw 802.11 frames.
Initial support is for the wavelan/orinoco card and plan support for
aironet cards.

by Jan Morgenstern
WaveMon is a ncurses-based monitor for wireless devices. It allows you
to watch the signal and noise levels, packet statistics, device
configuration, and network parameters of your wireless network
hardware. It has currently only been tested with the Lucent Orinoco
series of cards, although it should work (with varying features) with
all devices supported by the wireless kernel extensions written by
Jean Tourrilhes.

http://www.flukenetworks.com/us/LAN/Han ... erview.htm
by Fluke Networks
Have employees unwittingly put these access points on your network?
More importantly, would you know it if they had? WaveRunner is a
Linux-powered HP iPAQ Pocket PC that verifies 802.11b deployments
while detecting the rogue access points and clients that compromise
the performance and security of enterprise networks. The Fluke
Networks WaveRunner gives you the visibility for managing your
wireless networks. This palm-sized device lets you see what's
happening in every corner of your business. As you detect, deploy and
support wireless, you need a tool as mobile as you are.

by Patrik
WaveStumbler is console based 802.11 network mapper for Linux. It
reports the basic AP stuff like channel, WEP, ESSID, MAC etc. It has
support for Hermes based cards (Compaq, Lucent/Agere, ... ) It still
in development but tends to be stable. It consist of a patch against
the kernel driver, orinoco.cs which makes it possible to send the scan
command to the driver via the /proc/hermes/ethX/cmds file. The answer
is then sent back via a netlink socket. WaveStumbler listens to this
socket and displays the output data on the console. The patch should
be applied agains linux-2.4.17. It patches the whole
linux/drivers/wireless to version 2.4.18-pre7 + the apscan code in
orinoco.c. This is a 100% experimental patch, but it seems to work
quite good with a Orinoco Silver Card, so feel free to try it out.

by Michael Lauer et al
Wellenreiter is a wireless network discovery and auditing tool.
Prism2, Lucent, and Cisco based cards are supported. It is the easiest
to use Linux scanning tool. No card configuration has to be done
anymore. The whole look and feel is pretty self-explaining. It can
discover networks (BSS/IBSS), and detects ESSID broadcasting or
non-broadcasting networks and their WEP capabilities and the
manufacturer automatically. DHCP and ARP traffic are decoded and
displayed to give you further information about the networks. An
ethereal/tcpdump-compatible dumpfile and an Application savefile will
be automaticly created. Using a supported GPS device and the gpsd you
can track the location of the discovered networks.

by Dominik Blunk, Alain Girardet
WepAttack is a WLAN open source Linux tool for breaking 802.11 WEP
keys. This tool is based on an active dictionary attack that tests
millions of words to find the right key. Only one packet is required
to start an attack.

by Anton Rager, Paul Danckaert
WEPCrack is a tool that cracks 802.11 WEP encryption keys using the
latest discovered weakness of RC4 key scheduling.

by Jose Ignacio Sanchez
Weplab is a tool to review the security of WEP encryption in wireless
networks from an educational point of view. Several attacks are
available so it can be measured the efectiveness and minimun
requirements of each one.

by Anton Rager
WEPWedgie is a toolkit for determining 802.11 WEP keystreams and
injecting traffic with known keystreams. The toolkit also includes
logic for firewall rule mapping, pingscanning, and portscanning via
the injection channel and a cellular modem.

WEP_Tools (wep_crack/wep_decrypt)
by Tim Newsham
This package contains two tools, one for cracking WEP keys and one for
decrypting WEP packets. Wep_crack: Given a pcap file containing a
packet capture of WEP packets, this program will attempt to find the
key used in encryption. This is done by searching the key space using
keys generated from dictionary words, or by exhaustively searching
through the key generation seeds. Keys are validated by decrypting a
number of packets and verifying their CRC. If the CRC validates for
all packets, there is a high probability that the proper key was used.
Wep_decrypt is a program for decrypting captured 802.11 traffic that
is protect with WEP traffic. It reads in a pcap capture file, such as
that generated by prismdump, and outputs another pcap capture file
with decrypted packets. By default it will read from stdin and ouput
to stdout. The key to decrypt with can be specified as a string of hex
characters, optionally seperated by spaces or colons, or as a text
string. If a text string is specified, the actual keying material will
be generated by the string in the (ad hoc) standard fashion used by
many drivers.

by Eric Olinger
Wi-find is a wirelesss network detection tool that is written in C and
is aiming for flexibility and clean easy to understand code. It
currently only suports prism2 based cards using the wlan-ng drive (the
hostap might work also) but the support is there to add more cards.

WiFi Finder
by Kensington Technology Group
This device etects 802.11b and 802.11b/g signals up to 200 feet away.
No software or computer required.

by Malcolm Hall
WiFiFoFum is a 802.11 scanner designed for PDAs running PocketPC 2003.
It scans all 802.11 access points in range and offers a list and a
radar to view. It also offers GPS features to record the location of
the access points. The list can be saved to file.

by Jérôme Poggi
WifiScanner is a tool that has been designed to discover wireless node
(i.e access point and wireless clients). It is distributed under the
GPL License. It works with CISCO cards and prism cards with a hostap
driver or wlan-ng driver. An IDS system is integrated to detect
anomaly like MAC usurpation.

by Globalmediapro
wifistatd is an easy program written in Perl for monitoring
signal/noise/link levels on selected wireless interface. The result is
a simple PNG image, which may be used at web-page.

Wind Net 802.1x
http://cdn.windriver.com/products/devic ... ndnet_802/
by Wind River
Network security and access control have become the biggest issue in
wireless LAN deployment, and Wind Net 802.1X is the standards-based
solution to access control problems. Wind Net 802.1X AUTHENTICATOR and
Wind Net 802.1X SUPPLICANT are Wind River's implementation of the IEEE
802.1X specification for port-based access control for wireless
clients and access points. Pre-integrated with the Wind River Wireless
Ethernet Driver, Wind Net 802.11b and the Wind Net Radius Client, the
Wind Net 802.1X packages provide the security and access control
needed for today's demanding wired or Wireless LAN environments.

by Loris Degioanni et al
WinDump is the porting to the Windows platform of tcpdump, the most
used network sniffer/analyzer for UNIX. WinDump is fully compatible
with tcpdump and can be used to watch and diagnose network traffic
according to various complex rules. It can run under Windows 95/98/ME,
and under Windows NT/2000/XP. WinDump uses a libpcap-compatible
library for Windows, WinPcap, which is freely downloadable from the
WinPcap site. WinDump is free and is released under a BSD-style

www.oxid.it <http://www.oxid.it>
by Massimiliano Montoro
Is a graphical Rainbow Tables Generator that supports LM, NTLM, MD2,
MD4, MD5, SHA1, RIPEMD160, MySQL323, MySQLSHA1, CiscoPIX, SHA-2 (256),
SHA-2 (384) and SHA-2 (512) hashes.

Wireless Access Point Utilities for Unix
by Roman Festchook et al
A set of utilites to configure and monitor Wireless Access Points
under Unix using SNMP protocol. Utilites are known to compile and run
under Linux, FreeBSD, NetBSD, MacOS-X, AIX, QNX and OpenBSD.

http://www.gongon.com/persons/iseki/wis ... index.html
by Isao Seki
Network stumbler for WaveLAN/IEEE wireless networking of NetBSD.

WLAN Expert
http://www.allaboutjake.com/network/lin ... xpert.html
by Author unknown
WLAN Expert is a graphical wireless client utility designed to work
with the PRISM chipset by Intersil. The main screen offers signal
strength, errors, interference (all in dBm) as well as channel, SSID
and speed indicators. There is also an antenna test, measuring the
standing wave ratio of the antenna.

WPA Cracker
by Takehiro Takahashi
WPA Cracker is a dictionary/brute-force attacker against WiFi
Protected Access (WPA). WPA takes two forms; WPA Enterprise Mode and
WPA PSK (Pre-Shared Key) Mode. WPA Cracker takes advantage of an
inherently vulnerable characteristics of the PSK implementation to
provide users an insight that the security must be deployed properly.

by Portland State University
wscan is a X-11/visual 802.11 wireless signal-strength display tool
(version 2.0 includes AP scanning mode). You can download a tar
archive for it that allows you to build it on Linux or FreeBSD.
There's also an ipkg/package for linux/ipaqs running familiar.

http://www.bvsystems.com/Products/WLAN/ ... 2.11bg.htm
by Berkeley Varitronics Systems, Inc.
Yellowjacket is a calibrated wireless receiver module that interfaces
with HP's iPAQ PocketPC in sweeping, analyzing and optimizing 2.4 GHz
Wi-Fi Networks. The receiver measures all 14 OFDM/DSSS network
channels which operate on the IEEE 802.11b/g standard allowing the
user to determine the AP's MAC, SSID and RSSI signal levels for all
access points on or off any 802.11b/g WISP or Hotspot. The
Yellowjacket system uses a custom receiver, custom software and
interfaces with an iPAQ 5000 series giving Yellowjacket the
distinction of being the only true RF spectrum protocol analysis and
direction finding tool accurate to within 1 dB. Berkeley's calibrated
receiver sweeps and measures all RF energy in the 2.4 GHz range as
well as on each of the 14 OFDM/DSSS channels for detailed network
inspection of any nearby 802.11b/g APs or STAs. Yellowjacket is a
passive, network independent device with the ability to see the "whole
picture" as well as pinpointing channel interference and hackers that
plague so many 802.11b/g WISPs and Hotspots. Yellowjacket can contain
an optional 12-channel GPS receiver for realtime GPS data so that
every 802.11b/g measurement is time/date/location stamped for post
analysis using spreadsheets or Berkeley's own Dolphin mapping coverage
analysis software.
« Última modificación: Febrero 09, 2011, 12:20:41 pm por lealesdibua »

Desconectado Can35

  • Me das tu IP?
  • *
  • Mensajes: 155
  • "Siempre hay una puerta abierta o mal cerrada"
    • Ver Perfil
Re: Ayuda necesito sacar clave WEP con windows vista
« Respuesta #3 en: Febrero 09, 2011, 12:29:56 pm »
 Te juro que por lo mas sagrado que no quería desanimarlo, sólo queria dejarle ver que Windows es un sistema demasiado cuadriculado y lleno de bugs, que ademas, a mi parecer no hace mas que fabricar zombies de raton, pero esa es otra cuestion.

 Me reitero en mi recomendación, utiliza el win para ver peliculas y descargarte algo, lo normal, pero para hacer "trastadas" sal de el.
" Mientras no tengas el control direccional de la señal,...no evitaras el crack"..802.11 b/g/n
¡Capitan Crunch...profeta!


Desconectado decoder79

  • Me das tu IP?
  • *
  • Mensajes: 39
  • En tu mente está el poder.
    • Ver Perfil
Re: Ayuda necesito sacar clave WEP con windows vista
« Respuesta #4 en: Febrero 09, 2011, 02:02:57 pm »
Anda que le animais al chico, esto esta tirado.Mira te creas una maquina virtual en tu pc, luego le cargas un cd live de wifiway o wifislax, pones una tarjeta usb que disponga de modo monitor y le sacas la clave en un par de minutos. Ten en cuenta que una vez le saques la clave y le des a conectar desde tu maravilloso windows jejeje este sabra que estas conectado mediante unos simples pasos desde su shell. Tambien mencionarte que el nombre de tu ordenador saldrá reflejado en su router al cual no tendras acceso porque le habra cambiado la clave, aunque si indagas por la red hay programas para romper esta seguridad tambien. Si quieres mandame un privado y te doy los pasos para destrozar esa clave. Salduos.

Desconectado lealesdibua

  • Yo vivo en CPH
  • ***
  • Mensajes: 989
  • Sexo: Masculino
    • Ver Perfil
Re: Ayuda necesito sacar clave WEP con windows vista
« Respuesta #5 en: Febrero 09, 2011, 02:13:37 pm »
yo estoy deacuerdo con Can35 instalale un linux a windows y cuando la saques lo desinstala y listo

con windows para peliculas y juegos .y ya ni para eso lo quite salu2

ubuntu 10.4 por ejemplo   no el 10.10 ojo

Desconectado RuidosoBSD

  • Yo vivo en CPH
  • ***
  • Mensajes: 505
  • Think correcly
    • Ver Perfil
Re: Ayuda necesito sacar clave WEP con windows vista
« Respuesta #6 en: Febrero 09, 2011, 02:22:40 pm »
A ver que lo vais a volver loco, no hace falta instalar nada si quiere usar linux, tan solo usar una live de wifiway, wifislax, russix, Backtrack, Nubuntu.......

Por lo demas......


Guias de Pesca

Desconectado decoder79

  • Me das tu IP?
  • *
  • Mensajes: 39
  • En tu mente está el poder.
    • Ver Perfil
Re: Ayuda necesito sacar clave WEP con windows vista
« Respuesta #7 en: Febrero 09, 2011, 02:24:22 pm »
Si desdde luego pero me da que tampoco sabra cambiarle al ordenador el disco de inicio, jeje

Desconectado lealesdibua

  • Yo vivo en CPH
  • ***
  • Mensajes: 989
  • Sexo: Masculino
    • Ver Perfil
Re: Ayuda necesito sacar clave WEP con windows vista
« Respuesta #8 en: Febrero 10, 2011, 03:56:34 am »
te lo busque para que lo hagas desde windows vista pero con linux es mas facil
es un poco largo

1. ¿Qué necesitamos para hacking wireless en Windows?

Ya se lo ha mencionada varias veces, pero vale la pena repetir. La marca de la tarjeta inalambrica que usemos es irrelevante, lo que realmente importa es su chipset.

Lo importante de una tarjeta WIFI es el chipset. Dá igual la marca, lo que en realidad importa es el chipset. En esta página podéis consultar los chipsets de vuestras tarjetas:

Entramos al link que nos da el amigo Uxio para averiguar cual es el chipset que usa nuestra tarjeta.
Después comprobar lo que se puede hacer con vuestro chipset:

Le hacemos caso y entramos al link para comprobar lo que puede hacer nuestro chipset y si es compatible con Windows. (Si no lo es pues ni modo tendremos que usar linux.
En mi caso el chipset de mi tarjeta es una atheros ar5005g, perfectamente compatible.

2. Descargando e instalando los drivers


En mi caso el primer link funcionará a la perfección.:

Para instalar los drivers en windows, un manuall muy detallado aquí:

Listooooo, ya tenemos instalados los drivers, podemos empezar. :

3. Bajando y usando la suite aircrack

Procedemos a bajar la suite aircrack:

Esta vez utilizaremos la Aircrack-ng 0.9.3, para Windows recuerden :¬¬

La suite viene comprimida, la descomprimimos en cualquier lugar, ingresamos la carpeta bin, ejecutamos el Aircrack-ng GUI.exe, este será nuestro centro de mando.

Ahora vamos a la pestaña Airodump-ng, Airodump es el programa que nos permitirá capturar. Pulsamos “Launch” para iniciar el Airodump.

Nos preguntará si necesitamos instalar los drivers de omnipeek, le decimos que no porque ya los tenemos instalados.

Ahora saldrá otro mensaje diciéndonos que nos falta los archivos PEEK.DLL y PEEK5.SYS, no hay problema, le damos clic a Yes y nos lleva a la página para bajarlos: http://www.tuto-fr.com/tutoriaux/crack-wep/fichiers/wlan/en-index.php

Especificamente la que dice peek.zip, aqui el link directo:

Una vez que tenemos el zip lo descomprimimos y copiamos los archivos en la carpeta bin.

4. Capturando

Ahora sí lanzamos de nuevo el Airodump:

Explicaré cada una de las opciones que nos da:

Primero nos sale una lista con las tarjetas de red que tengamos instaladas:

Known network adapters:

11 Atheros AR5005G Cardbus Wireless Network Adapter
2 NIC Fast Ethernet PCI Familia RTL8139 de Realtek

Network interface index number ->
En mi caso salen la Atheros y la Realtek que es para la red cableada.
Escojemos el numero de la tarjeta correspondiente, en mi caso "11" y
Interface types: 'o' = HermesI/Realtek
'a' = Aironet/Atheros

Network interface type (o/a) ->
Nos pide la interface, en mi caso "a" por Atheros. Enter.

Channel(s): 0 = hop on 2.4Ghz channels, -1 = hop on 5Ghz channel,
1, 7, 13, 2, 8, 3, 14, 9, 4, 10, 5, 11, 6, 12, 36, 40,
44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120,
124, 128, 132, 136, 140, 149, 153, 157, 161, 184, 188,
192, 196, 200 ->

Los canales que podemos capturar, si sabemos en que canal está siendo
transmitida nuestra red inalámbrica pues lo especificamos, sino podemos
especificar para que capture varios a la vez con 0 y -1.

(note: if you specify the same output prefix, airodump will resume
the capture session by appending data to the existing capture file)

Output filename prefix ->

Aquí especificamos el nombre del archivo en donde almacenaremos nuestra
captura, en mi caso le puse "captura" :xD Cabe mencionar de que si
especificamos el mismo nombre de un archivo que ya existe la captura
será continuada y se agregaran los datos al archivo.

(note: to save space and only store the captured WEP IVs, press y.
The resulting capture file will only be useful for WEP cracking)

Only write WEP IVs (y/n) ->

Esta opción... pongámoslo así: Si eliges "y" el archivo que se generará
será de extención .ivs (captura.ivs" y solo guardará los datos
necesarios para crackear la clave wep. Si le ponemos "n" pues en el
archivo se guardará todo lo que se capture, paquetes y todo. Esta
opción se da con el objeto de ahorrar espacio en disco si lo único que
vamos a hacer es crackear la wep, pero como necesitamos los otros datos
para más adelante le ponemos "n". Enter y empezamos a capturar.

En la parte de arriba nos dirá los AP que estén al alcance, el BSSID
será la mac, y en donde dice ENC (Encriptación) vemos que nos sale OPN,
eso significa que es una red abierta, si tuviera clave Wep diría WEP.
En la parte de abajo vemos las estaciones que están conectadas al AP
con sus respectivas macs y todo lo que se captura se está llendo al
fichero "captura.cap" dentro de la carpeta bin de la suite aircrack.

Para cerrar el Airodump aplastamos Ctrl+C

5. Sacando la wep

sacar una clave wep normalmente necesitamos capturar al menos un millon
de ivs, sin embargo a veces lo podemos lograr con menos (o con más,
depende de la dificultad de la clave).

Una vez que tengamos al
pelo nuestro archivo .ivs o .cap con las suficientes ivs vamos de nuevo
al aircrack-ng GUI en la pestaña de "Aircrack-ng", ponemos examinar y
escogemos nuestro archivo, para empezar el ataque ponemos Launch

Mi caso es un caso especial porque he usado una wep muy facil que he
podido sacarla con 79353 ivs, esto por motivos de tiempo, pero nunca se
conformen con tan poco. Si el archivo guarda informacion de diferentes
AP pues nos dara a escoger, en mi caso pondré el 1 y empezamos el
ataque y con algo de suerte:

Hemos encontrado nuestra primera clave wep :

6. Recordando nuestras claves con WZCook

Otra de las
pestañas en el Aircrack-ng GUI es el WZCook, este no es un programa
para hacking wireless, más bien es una herramienta para recordar la
clave wep o wpa de las redes a las que alguna vez en nuestra vida nos
hemos conectado con windows (siempre y cuando no hayamos formateado
claro está).

En caso de que sea una red abierta (sin encriptación) nos pondrá 00000000, etc...

Esta ha sido una pausa para seguir explicando el resto, siempre es bueno tener en cuenta esta utilidad muy útil.
7. Desencriptando nuestra captura

Ahora introducimos el uso de otro programa que nos servirá de mucho en el mundo del hacking wireless, este es el ethereal http://www.ethereal.com/

No se por qué pero parece que la página no va Pero bueno les he subido el rar aquí:

Ethereal es un programa que nos servirá para analizar los paquetes que
hemos capturado. Todo el trafico de la red ante nuestros ojos sí!
Recuerdan nuestro archivo "captura.cap" contiene información sobre la
red, pero esperen... está encriptada! eso quiere decir que aunque
abramos nuestro archivo con el ethereal los paquetes no serán legibles,
intentemos una vez teniendo instalado el ethereal abrir nuestro archivo


mmm... nada que ya no hemos visto... A lo mucho podemos ver el ssid de la red y las mac del ap y los clientes.

vamos a desencriptar nuestro archivo para hacerlo legible, para eso
usaremos otras de las pestañas el Aircrack-ng GUI, la llamada Airdecap

nos permitirá desencriptar nuestro archivo de captura, en el cuadro de
texto de Filename ponemos la direccion de nuestro archivo
"captura.cap". Tenemos la opcion de especificar el ESSID o el BSSID en
caso de que nuestro archivo contenga info de algunas redes. En la parte
de abajo escogemos si es calve wep o wpa y por último escribimos la
clave en formato hexadecimal. Recordemos que el aircrack nos la da de
dos formas, la hex y ascii, esta vez utilizaremos la hex de más arriba
(6E:75:65:76:65), ponemos "launch" y el airdecap hará su trabajo.

En Number of decrypted WEP packets nos pondrá cuantos paquetes se han
desencriptado con éxito, si todo va bien debería ser el mismo número de
Total number of WEP data packets, aunque si hemos capturado datos de
diferentes redes nos pondra un numero menor, si te da 0 es porque has
puesto mal la clave.

Si ha salido bien vemos en la carpeta donde
estaba el archivo "captura.cap" y notaremos que se ha generado otro
llamado "captura-dec.cap", que es precisamente el archivo de captura ya

8. Solucionando DHCP deshabilitado

¿Qué es dhcp deshabilitado? Bueno, creo que este es el tema que más se habla dentro del mundo del hacking wireless.

DHCP (sigla en inglés de Dynamic Host Configuration Protocol) es un
protocolo de red que permite a los nodos de una red IP obtener sus
parámetros de configuración automáticamente. Se trata de un protocolo
de tipo cliente/servidor en el que generalmente un servidor posee una
lista de direcciones IP dinámicas y las va asignando a los clientes
conforme éstas van estando libres, sabiendo en todo momento quién ha
estado en posesión de esa IP, cuánto tiempo la ha tenido y a quién se
la ha asignado después.

que el dhcp esté deshabilitado significa que aunque tengamos bien la
clave wep y nos podamos asociar a la red, está no nos asignará
automáticamente una dirección IP, la tendremos que configurar nosotros
mismos manualmente.

Les menciono que le mejor manual sobre dhcp deshabilitado es el de Uxío, y se encuentra aquíhttp://www.elhacker.net/solucion-dhcp-deshabiitado.html
Sin embargo hace uso de linux, por lo que yo haré aquí una adaptación del manual para que sea 100% Windows
¿Cómo reconocemos que la red tiene dhcp deshabilitado? Fácil, nos
podemos asociar a la red pero no nos dara ip, por lo que nos saldrá el
famoso "Conexión limitada o nula":

Ok, no hay problema, para todo hay solución. :
Recordemos que tenemos el archivo captura-dec.cap que tiene los
paquetes ya desencriptados. Vamos a analizarlo con el Ethereal.
Simplemente le damos doble clic al archivo (al instalar el Ethereal
asocia los archivos .cap al programa automáticamente).

Voy a
tomarme el atrevimiento de postear una de las imagenes del manual de
Uxío, al fin de cuentas el ethereal de Windows es lo mismo que el de

El amigo Uxío nos lo explica muy bien, yo no podría haberlo hecho
mejor. Creo que no tiene sentido seguir escribiendo el resto del manual
porque ya lo tenemos bien explicado, el resto en windows, recuerden el
manual está aquí: http://www.elhacker.net/solucion-dhcp-deshabiitado.html

El Look@lan aquí:


9. Filtrado Mac

Yo les doy todo masticado:

En redes de computadoras la dirección MAC (Medium Access Control
address o dirección de control de acceso al medio) es un identificador
de 48 bits (6 bytes) que corresponde de forma única a una tarjeta o
interfaz de red. Es individual, cada dispositivo tiene su propia
dirección MAC determinada y configurada por el IEEE (los últimos 24
bits) y el fabricante (los primeros 24 bits) utilizando el OUI. La
mayoría de los protocolos que trabajan en la capa 2 del modelo OSI usan
una de las tres numeraciones manejadas por el IEEE: MAC-48, EUI-48, y
EUI-64 las cuales han sido diseñadas para ser identificadores
globalmente únicos. No todos los protocolos de comunicación usan
direcciones MAC, y no todos los protocolos requieren identificadores
globalmente únicos.

Para saber cual es la dirección mac de nuestros dispositivos de red haremos desde el símbolo del sistema:


Manual Hacking Wireless en Windows usando la suite aircrack

« : 04-Septiembre 06:12:54 am (Jueves) »

Bueno pues me he decido a hacer este manual porque veo que la mayoría de info. que se puede encontrar es más para linux, y como no me gusta la discriminación Tongue

Este manual está pensado para novatos ok? :xD

1. ¿Qué necesitamos para hacking wireless en Windows?

Ya se lo ha mencionada varias veces, pero vale la pena repetir. La marca de la tarjeta inalambrica que usemos es irrelevante, lo que realmente importa es su chipset.
Lo importante de una tarjeta WIFI es el chipset. Dá igual la marca, lo que en realidad importa es el chipset. En esta página podéis consultar los chipsets de vuestras tarjetas:


Entramos al link que nos da el amigo Uxio para averiguar cual es el chipset que usa nuestra tarjeta.
Después comprobad lo que se puede hacer con vuestro chipset:


Le hacemos caso y entramos al link para comprobar lo que puede hacer nuestro chipset y si es compatible con Windows. (Si no lo es pues ni modo tendremos que usar linux. Sad Tongue)

En mi caso el chipset de mi tarjeta es una atheros ar5005g, perfectamente compatible. Cheesy

2. Descargando e instalando los drivers

Llegado este punto debemos ponernos a buscar los drivers:


En mi caso el primer link funcionará a la perfección. :Smiley

Para instalar los drivers en windows, un manual muy detallado aquí:


No olvidar hacer respaldo de los drivers anteriores! Solo por si acaso. Procedemos a seguir el manual. Grin

Listooooo, ya tenemos instalados los drivers, podemos empezar. :Smiley

3. Bajando y usando la suite aircrack

Procedemos a bajar la suite aircrack:


Esta vez utilizaremos la Aircrack-ng 0.9.3, para Windows recuerden :¬¬

La suite viene comprimida, la descomprimimos en cualquier lugar, ingresamos la carpeta bin, ejecutamos el Aircrack-ng GUI.exe, este será nuestro centro de mando.

Ahora vamos a la pestaña Airodump-ng, Airodump es el programa que nos permitirá capturar. Pulsamos “Launch” para iniciar el Airodump.

Nos preguntará si necesitamos instalar los drivers de omnipeek, le decimos que no porque ya los tenemos instalados. Tongue Ahora saldrá otro mensaje diciéndonos que nos falta los archivos PEEK.DLL y PEEK5.SYS, no hay problema, le damos clic a Yes y nos lleva a la página para bajarlos:


Especificamente la que dice peek.zip, aqui el link directo:


Una vez que tenemos el zip lo descomprimimos y copiamos los archivos en la carpeta bin.

4. Capturando

Ahora sí lanzamos de nuevo el Airodump:


(Anotamos la de la wireless, solo por si acaso.

Ahora en la seguridad de redes inalámbricas existe el Filtrado Mac, lo que quiere decir que el ap solo dejará asociarse a él equipos específicos que cuenten con “cierta” dirección mac.

Pero ya lo dije, para todo hay solución.


Ethercange es una pequeña utilidad que nos ayudará a cambiar nuestra mac. simplemente lo ejecutamos y nos mostrará los dispositivos de red que tenemos:

1-EtherChange 1.1 - (c) 2003-2005, Arne Vidstrom
2- http://ntsecurity.nu/toolbox/etherchange/

0. Exit
1. NIC Fast Ethernet PCI Familia RTL8139 de Realtek
2. Atheros AR5005G Cardbus Wireless Network Adapter

Pick a network adapter:
En mi caso escojo el número 2, que el de mi atheros.

0. Exit
1. Specify a new ethernet address
2. Go back to the built-in ethernet address of the network adapter

Pick an action:
La opción 1 es para cambiar la mac a la que queramos, la 2 es para regresar a la mac original del dispositivo.

Specify a new ethernet address (in hex without separators)
Ethercange es una pequeña utilidad que nos ayudará a cambiar nuestra mac. simplemente lo ejecutamos y nos mostrará los dispositivos de red que tenemos:

Fatal error: Call to undefined function seo_social_bookmarks() in /home/portalh/public_html/Seo.php on line 1528