Results 1 to 9 of 9

Thread: WEP key cracking -- No IV / Data acquired

  1. #1
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    17

    Default WEP key cracking -- No IV / Data acquired

    Okay, so after lots of research i can't seem to resolve my problem, that is not having suficient data to aircrack successfuly a WEP key.

    I start with the basics,

    im using a D-Link USB model no. DWL-G122 , HW Ver:B1 based in a Ralink chipset( according to what people say, it supports injection).

    and for the access point i am using a D-Link DSL-G604T with WEP security , open authentication , 64 bits cypher (so yes, it is my router).
    I've also deactivated MAC filtering.

    Backtrack 3 is running from a 1000H EEE PC, hard drive boot.

    The method i use is the folowing,

    ifconfig rausb0 up
    iwconfig rausb0 mode monitor


    Then i start airodump in the specific AP channel and capture it's ivs

    airodump-ng -C 11 --bssid XX-XX-XX-XX-XX-XX -w test rausb0

    Now i make a fake authentication atack,

    aireplay-ng -1 0 -e DLINK -a XX-XX-XX-XX-XX-XX -h XX-XX-XX-XX-XX-XX rausb0

    if the auth is successfull, i try an arp request atack,

    aireplay-ng -3 -b XX-XX-XX-XX-XX-XX -h XX:XX:XX:XX:XX:XX rausb0


    At this point i'm sending lots of packets but almost none ARP requests and therefore no Data is collected in airodump.

    ->Also tried Chop-Chop atack and interactive frame selection, and the results are quite the same : after one hour, the max Data i collect is ~500.

    -> According to 'aireplay-ng --test rausb0' injection is working with a % rate of 96.

    ->Power of the AP is aprox 100 %.

    So with all of this information, what problem do you think it is? I'm clueless..

    ah and btw, when i execute 'airmon-ng start rausb0' , it makes rausb0 into monitor mode but also prints the folowing : 'Invalid Command: forceprismheader'

  2. #2
    Junior Member
    Join Date
    Aug 2007
    Posts
    85

    Default

    Assume you have pc connected to the router try to ping the router IP 192.168.1.1 -t

    then start your -3 attack
    How you spend your time is more important than how you spend your money. Money mistakes can be corrected, but time is gone forever. David Norris

  3. #3
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    17

    Default

    Nothing, no arp requests and no data..

  4. #4
    Junior Member
    Join Date
    Aug 2007
    Posts
    85

    Default

    Okey Fisher i think there is patch issue .. i used Google for " Invalid Command: forceprismheader " and found Topics regard the patch look at this from aircarck forum
    How you spend your time is more important than how you spend your money. Money mistakes can be corrected, but time is gone forever. David Norris

  5. #5
    Senior Member secure_it's Avatar
    Join Date
    Feb 2010
    Location
    在這兩者之間 BackTrack是4 FwdTrack4
    Posts
    854

    Lightbulb

    Quote Originally Posted by Ethical View Post
    Assume you have pc connected to the router try to ping the router IP 192.168.1.1 -t

    then start your -3 attack
    Dude there is no need to generate traffic as in clientless chopchop attack there is no need of a connected client at all.

    To the OP
    ifconfig rausb0 up
    iwconfig rausb0 mode monitor
    dont use these commands.

    some access points requires association after each 30 seconds
    simply play with injection rate as by default its set to 54 Mbps
    do
    iwconfig rausb0 rate 1M
    open one console and do
    airodump-ng -C 11 --bssid XX-XX-XX-XX-XX-XX -w test rausb0
    open another console and do
    aireplay -1 20 -e DLINK -a XX-XX-XX-XX-XX-XX -h XX-XX-XX-XX-XX-XX rausb0(Association request)
    open another console and do
    aireplay-ng -3 -b XX-XX-XX-XX-XX-XX -h XX:XX:XX:XX:XX:XX rausb0

  6. #6
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    17

    Default

    Thanks for the replies,

    @Secure_it ive followed your method and still no data was being captured . Then while the atack was still going i connected to the router via ethernet and made a ping as Ethical said : got me surprised when i saw data rising and eventually 3 minutes later i was able to decrypt the key.

    and secure_it what does the rate of injection as to do with all the process? i mean wouldn't be allways better to make the injection with the max rate we have available?

    So, any guesses? Drivers ?

  7. #7
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default

    No if your injecting packets at a higher speed than you can communicate, the attack will be slowed down significantly.
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

  8. #8
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    4

    Default no data

    Quote Originally Posted by killadaninja View Post
    No if your injecting packets at a higher speed than you can communicate, the attack will be slowed down significantly.
    i am having the same problem and still no data.
    any updated drivers guys i think i am not the only one with this problem
    thx

  9. #9
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    17

    Default

    So far i actually was able to crack WEP with the built in realtek card in my eee pc , which does not support injection .. i think the way to go is buy a new and supported card : o

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •