Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Problems when trying to crack WEP

  1. #1
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    5

    Default Problems when trying to crack WEP

    I have read the several tutorials that are out there to crack WEP and decided to try this on my own network at home. I set my network to WEP protection (I usually have WPA2); and ran BT2 from a live CD. I loaded up my drivers for my wireless card found the SSID and the BSSID for the network. On the next step I start having peculiar problems. When I run airodump 0.7 r214 (airodump-ng --ivs --channel 11 --write /mnt/sdb1_removable/weptest eth1 is the command that i used) the command seems to work fine, however; instead of showing the network that are on channel 11 it shows all of them. I disregard this and keep going. My second problem occurs when I run aireplay 0.7 r214 (aireplay-ng -3 -b (MAC of the network) -h (Laptop's MAC that im doing this on) eth1 is the command that I used). The command runs, however; my packet count is going up very slowly about 7 or so per second also it says that there are 0 ARP requests and that 0 packets were sent. When I run aircrack it gives me a list of all the networks that the IVs were gathered from and I get a ridiculously small number of IVs like 125 or so. So the problem seems to be with aireplay; anyone have any ideas as to what the problem is?

    PS the router that i'm trying to gain access to is just in the other bedroom on the same floor 3m distance tops.

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    If you run the -3 attack with no clients connected to the AP it can take a while. To speed things up you may want to research a frag (-5) or chop-chop (-4) attack. Otherwise you just have to wait for a arp request. You need at least one arp request to start injecting packets and collecting ivs.

  3. #3
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    5

    Default

    Thanks for the fast reply,

    I will look into the frag and chop attacks.
    One other thing though, I do have one client connected to the network(My desktop is connected wirelessly to the router which is in turn connected directly to an old DELL computer XD)

  4. #4

    Default

    Or you can associate yourself with attack -1, fake auth. I have a step-by-step tutorial on my blog. The link is in my signature. or n00bhacker.blogspot.com

  5. #5
    setas
    Guest

    Default

    as abitaz said, you can use fakeauthentification in case of -3 attack, because -3 is used when there is a client connected to that ap in range and produces comunication between him and ap when an encrypted wep is transfered throught the air and can be "listened" for injection. abitaz lietuvis?

  6. #6
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    5

    Default

    Thanks for the replies guys, I'm currently reading up on the chop-chop attack but after im done i'll be sure to check out your tutorial abitaz.

  7. #7
    setas
    Guest

    Default asd

    as abitaz said, you can use fakeauthentification in case of -3 attack, because -3 is used when there is a client connected to that ap in range and produces comunication between him and ap when an encrypted wep is transfered throught the air and can be "listened" for injection. abitaz lietuvis?

  8. #8
    Junior Member
    Join Date
    Jan 2008
    Posts
    25

    Default

    first you need to make sure injection is working.
    once you know for sure you can inject.

    do the fakeauth cmd with the AP

    aireplay-ng -1 10-e [ESSID] -a [BSSID] -h 00:11:22:33:44:55 eth1

    then do the ARP request cmd

    aireplay-ng -3 -b [BSSID] -h 00:11:22:33:44:55 eth1

  9. #9
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    5

    Default

    Hey Macc, when I try to do the fake auth all I get is it trying to send the request several times and then it says that the attack was unsuccessful.

    Any ideas as to why this happens?

    When i try to do the fake auth the command sends a bunch of requests but in the end theres a message saying that the attack failed. Any ides as to why this is happening?

  10. #10

    Default

    What's that?!?



    Quote Originally Posted by setas View Post
    abitaz lietuvis?

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •