Alfa r8187 + injection
First off I'm extremely happy that I found this little community here. It's been very helpful for me over the past few weeks reading all the tutorials and posts here.
Quick question to verify this; When cracking wep.. I need to have a client online in order to generate "sent packets" during the aireplay-ng -3 sequence?
I have the alfa 500mW adapter, so from what i've read it should support injection out of the box with no need to modprobe any drivers included with BT3.
Anywho, look forward to discussing more topics here. I'm a IS Security major so, i'm sure i'll be back with more questions.
That is correct, the attack relies on intercepting an ARP-packet which will then be endlessly replayed to the AP in order to generate IVs. There are however other methods that can be used when there are not clients currently connected to the AP.Originally Posted by ice531
The required driver is included with BT3F, which will recognize and support the card out of the box.
-Monkeys are like nature's humans.
Can you give a example for me, how to get arp without a client.
I have tryed but with fake auth isn't working for me. :-(
Aireplay-ng tells me Authentication is successfull, but i can see the association in airodum-ng.
The last line Aireplay-ng give's, looks strange for me
That last (AID: 1) is strange.Code:Association successful :-) (AID: 1)
With the Netgear card i get not that message on the last, and i see the netgear successfull associated with the Apoint, in the airodump-ng screen.
Maybe you or other alfa users can help me with this prob.
And make the life a litle bit easyer :-)
Regards Rongogo
Check out the following tutorial.
This is normal, the AWUS036H card will not show itself under the associated clients in airodump-ng although the attack was successful.
This is a perfectly valid confirmation of a successful association, AID stands for Association ID.
-Monkeys are like nature's humans.
@Tron. about the video posted above.
I had already ran through the clientless wep tutorial on the aircrack-ng site. After watching Xploitz video though, it appears (maybe i'm just not seeing it..) that his video doesn't actually showcase a true clientless wep crack. It says he had a client connected to ping an address...which during a -3 would generate more traffic..
Doesn't that defeat the purpose of clientless? According to what I think is supposed to happen if you don't have any clients connected to your AP...you need to run the following after you have successful association:
packetforge-ng -0 -a BSSID -h YourMac -k 255.255.255.255 -l 255.255.255.255 -y NameOfYourFile.xor -w arp-request
then after you get that done:
aireplay-ng -2 -r arp-request wlan0
Then you should begin seeing traffic on sent as well, i believe.
Please someone let me know and explain to me if i'm incorrect in my assumptions above?
Follow this step by step tutorial:
aircrack-ng.org/doku.php?id=how_to_crack_wep_with_no_clients
The very first seconds of the video in question shows the following text:
In other words, no it does not defeat the purpose of a no client attack, he only speeds up the process by "cheating" a bit. However, there are other approaches that might work better on some APs, personally I like the one documented at aircrack-ng.org as it does not rely on waiting around for an ARP packet at all. It is also more along the line of the process that you describe.Please note that in this tutorial, I have a client connected so that I can ping a non existant IP address to hasten the -3 attack I will be using. You don't have to ping..but if you don't you could be waiting for anywhere from seconds..up to 30 minutes..depends on how lucky you are.
-Monkeys are like nature's humans.
Posting Permissions
