Is it your own AP you are playing with ?
Because code 12 usually has one of these causes:
1- Not WEP OPN (i.e. WPA)
2- Wrong ESSID (i.e. special characters used)
3- MAC filtering
Aireplay-ng - Authentication failed (code 12)
For the life of me I cannot find what a code12 is!?!?!
Tcpdump producesCode:hostname # aireplay-ng -1 6000 -q 10 -a 00:14:6C:B1:F8:E2 -e 'BELFAST' mon0 No source MAC (-h) specified. Using the device MAC (00:13:02:0C:XX:XX) 21:41:34 Waiting for beacon frame (BSSID: 00:14:6C:B1:F8:E2) on channel 11 21:41:34 Sending Authentication Request (Open System) [ACK] 21:41:34 Authentication failed (code 12)Which seems (to my untrained eyes) to be about right...Code:21:43:44.014566 1.0 Mb/s [0x0000000f] 314us BSSID:00:14:6c:b1:f8:e2 DA:00:14:6c:b1:f8:e2 SA:00:13:02:0c:XX:XX Authentication (Open System)-1: Succesful 21:43:44.015489 1.0 Mb/s 2462 MHz (0x00a0) -78dB signal -127dB noise antenna 2 [0x0000000e] 0us RA:00:13:02:0c:XX:XX Acknowledgment 21:43:44.015502 1.0 Mb/s [0x0000000f] 314us BSSID:00:14:6c:b1:f8:e2 DA:00:14:6c:b1:f8:e2 SA:00:13:02:0c:XX:XX Authentication (Open System)-1: Succesful 21:43:44.018466 11.0 Mb/s 2462 MHz (0x00a0) -79dB signal -127dB noise antenna 2 [0x0000000e] 258us BSSID:00:14:6c:b1:f8:e2 DA:00:13:02:0c:XX:XX SA:00:14:6c:b1:f8:e2 Authentication (Open System)-2:
Any ideas? Id love a RTFM link right now!
Cheers guys
Is it your own AP you are playing with ?
Because code 12 usually has one of these causes:
1- Not WEP OPN (i.e. WPA)
2- Wrong ESSID (i.e. special characters used)
3- MAC filtering
Of course its my own AP.. but:
1) Its WEP. Thats what i set it to, what every other computer and wifi scanner picks it up as.
2) Have tried copying ESSID straight from router config page, note that it is one word 'BELFAST' with no spaces or special characters..
3) Mac filtering is turned OFF (Would produce a different error code - cant remember off the top of my head, but i think its 1)
Would this be an error produced because router tries to prevent fake auth attacks?
I cant find a list of error codes anywhere
I don't think so.
Not sure why you are setting a periodic re-association delay of 6000 scs. Same about why you set 10 seconds between keep-alives.hostname # aireplay-ng -1 6000 -q 10 -a 00:14:6C:B1:F8:E2 -e 'BELFAST' mon0
Also ensure the injection MAC does match the card MAC (careful if you spoof your Intel card MAC adds). ifconfig will tell you mac for both.
By the way, which wireless card are you using ?
Finally, remove quotes for ESSID.
Test injection:
Try:Code:aireplay-ng -9 mon0
and post results.Code:aireplay-ng -1 0 -e BELFAST -a 00:14:6C:B1:F8:E2 -h injection-if-mac mon0
So:
aireplay-ng -9 mon0 behaves as it should:
But doesn't pick up my router.. strange.. its clearly visible (at the same time) with airodump-ngCode:vaiolent wep # aireplay-ng -9 mon0 16:51:14 Trying broadcast probe requests... 16:51:15 Injection is working! 16:51:16 Found 4 APs 16:51:16 Trying directed probe requests... 16:51:16 00:1B:11:99:6A:4C - channel: 6 - 'Rotto & Associates' 16:51:18 Ping (min/avg/max): 2.586ms/50.062ms/68.056ms Power: -82.97 16:51:18 30/30: 100% 16:51:18 00:21:27:DD:BD:70 - channel: 6 - 'IrelandBrazil' 16:51:20 Ping (min/avg/max): 46.715ms/69.091ms/86.138ms Power: -30.27 16:51:20 30/30: 100% 16:51:20 00:13:33:06:B3:18 - channel: 6 - 'Router' 16:51:21 Ping (min/avg/max): 37.051ms/52.684ms/84.316ms Power: -68.03 16:51:21 30/30: 100% 16:51:21 00:1C:F0:B2:9A:D4 - channel: 6 - 'QPS_DLINK' 16:51:24 Ping (min/avg/max): 48.600ms/70.635ms/97.774ms Power: -59.40 16:51:24 30/30: 100%
And aireplay-ng -1 0 -e BELFAST -a 00:14:6C:B1:F8:E2 -h 00:13:02:0C:E3:C3 mon0 still spits out a code 12Code:CH 11 ][ Elapsed: 1 min ][ 2009-09-05 16:54 BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID 00:14:6C:B1:F8:E2 -71 100 781 0 0 11 54e WEP WEP BELFAST BSSID STATION PWR Rate Lost Packets Probes
My card is a Intel 3945, with which I have successfully cracked WEP in the past (Mind you differnet router however)Code:vaiolent wep # aireplay-ng -1 0 -e BELFAST -a 00:14:6C:B1:F8:E2 -h 00:13:02:0C:E3:C3 mon0 16:53:31 Waiting for beacon frame (BSSID: 00:14:6C:B1:F8:E2) on channel 11 16:53:31 Sending Authentication Request (Open System) [ACK] 16:53:31 Authentication failed (code 12)
My bad. Aireplay -9 DOES pick up my router when i have it set to the right channel (dumbass)
Code:vaiolent wep # aireplay-ng -9 mon0 17:04:16 Trying broadcast probe requests... 17:04:16 Injection is working! 17:04:18 Found 6 APs 17:04:18 Trying directed probe requests... 17:04:18 00:14:6C:B1:F8:E2 - channel: 11 - 'BELFAST' 17:04:21 Ping (min/avg/max): 1.026ms/110.131ms/140.550ms Power: -71.27 17:04:21 30/30: 100%
Ok. Can you check which wep auth scheme your AP is using (open system or shared key) ?
Is set to open - the tcpdump snippet in 1st post picks it up...
Here is an extended version of tcpdump -i mon0
Its lines 9-16 that are applicable.. The rest are just beacons, but i figured better to leave in than get accused of cutting necessary bits out...Code:18:37:46.639031 1.0 Mb/s 2462 MHz (0x00a0) -73dB signal -127dB noise antenna 2 [0x0000000e] Beacon (BELFAST) [1.0* 2.0* 5.5* 11.0* Mbit] ESS[|802.11] 18:37:46.647649 1.0 Mb/s 2462 MHz (0x00a0) -85dB signal -127dB noise antenna 2 [0x0000000e] Beacon[|802.11] 18:37:46.671442 short preamble 5.5 Mb/s 2462 MHz (0x00a0) -85dB signal -127dB noise antenna 2 [0x0000000e] Acknowledgment RA:00:0e:35:f8:a3:72 (oui Unknown) 18:37:46.726760 1.0 Mb/s 2462 MHz (0x00a0) -83dB signal -127dB noise antenna 2 [0x0000000e] Beacon (StrawberryQT)[|802.11] 18:37:46.727764 short preamble 5.5 Mb/s 2462 MHz (0x00a0) -85dB signal -127dB noise antenna 2 [0x0000000e] Acknowledgment RA:00:0e:35:f8:a3:72 (oui Unknown) 18:37:46.740727 1.0 Mb/s 2462 MHz (0x00a0) -72dB signal -127dB noise antenna 2 [0x0000000e] Beacon (IrelandBrazil)[|802.11] 18:37:46.750056 1.0 Mb/s 2462 MHz (0x00a0) -85dB signal -127dB noise antenna 2 [0x0000000e] Beacon[|802.11] 18:37:46.829162 1.0 Mb/s 2462 MHz (0x00a0) -83dB signal -127dB noise antenna 2 [0x0000000e] Beacon (StrawberryQT)[|802.11] 18:37:46.830056 1.0 Mb/s [0x0000000f] Authentication (Open System)-1: Succesful 18:37:46.830233 short preamble 5.5 Mb/s 2462 MHz (0x00a0) -84dB signal -127dB noise antenna 2 [0x0000000e] Acknowledgment RA:00:0e:35:f8:a3:72 (oui Unknown) 18:37:46.830274 1.0 Mb/s [0x0000000f] Acknowledgment RA:00:14:6c:b1:f8:e2 (oui Unknown) 18:37:46.830384 1.0 Mb/s [0x0000000f] Acknowledgment RA:00:14:6c:b1:f8:e2 (oui Unknown) 18:37:46.831302 1.0 Mb/s 2462 MHz (0x00a0) -75dB signal -127dB noise antenna 2 [0x0000000e] Acknowledgment RA:00:13:02:0c:e3:c3 (oui Unknown) 18:37:46.831313 1.0 Mb/s [0x0000000f] Authentication (Open System)-1: Succesful 18:37:46.833009 1.0 Mb/s [0x0000000f] Acknowledgment RA:00:14:6c:b1:f8:e2 (oui Unknown) 18:37:46.833464 1.0 Mb/s [0x0000000f] Acknowledgment RA:00:14:6c:b1:f8:e2 (oui Unknown) 18:37:46.834322 11.0 Mb/s 2462 MHz (0x00a0) -74dB signal -127dB noise antenna 2 [0x0000000e] Authentication (Open System)-2: 18:37:46.843332 1.0 Mb/s 2462 MHz (0x00a0) -73dB signal -127dB noise antenna 2 [0x0000000e] Beacon (IrelandBrazil)[|802.11] 18:37:46.852534 1.0 Mb/s 2462 MHz (0x00a0) -84dB signal -127dB noise antenna 2 [0x0000000e] Beacon[|802.11] 18:37:46.874831 short preamble 5.5 Mb/s 2462 MHz (0x00a0) -84dB signal -127dB noise antenna 2 [0x0000000e] Acknowledgment RA:00:0e:35:f8:a3:72 (oui Unknown) 18:37:46.931565 1.0 Mb/s 2462 MHz (0x00a0) -83dB signal -127dB noise antenna 2 [0x0000000e] Beacon (StrawberryQT)[|802.11] 18:37:46.932634 short preamble 5.5 Mb/s 2462 MHz (0x00a0) -84dB signal -127dB noise antenna 2 [0x00
Well you know the following:
1. Your card injects just fine and you were able to complete the process with another AP
2. You are using wep-opn and the ESSID is right
3. Your card can see your AP while in monitor mode
So, whatever the issue is it is related to your router. I still believe it is running some sort of MAC filtering.
My suggestion as follows:
Spoof your MAC to a known working MAC with that router (One you use to connect to in managed mode) and repeat tests. Set your card to ch 11 and try to get a bit closer to the AP. Also try double quotes as in "BELFAST".
If still unsuccessful then you need to check the router configuration, specifically the security profile, and carefully go through every option and understand what they do. The answer is possibly there.
My MAC will normally connect, have spoofed aswell to be the same as phone/other computers...
So i'm thinking right now my router is un-"injectable"Still hope someone sees this thread and can tell me what a code 12 is...
What I dont understand is:
What the '-1' and '-2' are after the authentication message..Code:18:37:46.831313 1.0 Mb/s [0x0000000f] Authentication (Open System)-1: Succesful 18:37:46.833009 1.0 Mb/s [0x0000000f] Acknowledgment RA:00:14:6c:b1:f8:e2 (oui Unknown) 18:37:46.833464 1.0 Mb/s [0x0000000f] Acknowledgment RA:00:14:6c:b1:f8:e2 (oui Unknown) 18:37:46.834322 11.0 Mb/s 2462 MHz (0x00a0) -74dB signal -127dB noise antenna 2 [0x0000000e] Authentication (Open System)-2:
Seems strange that 'oui Unknown' pops up too - 00:14:6c is netgear, that should be pretty common..
Have tried locking the speed down to 1Mb/s to no avail..
Posting Permissions