Results 1 to 6 of 6

Thread: Fake authentication problem

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Jul 2008
    Posts
    3

    Default Fake authentication problem

    When I am trying to fake-authenticate to my WEP AP, aireplay-ng says it is successful, but when I check airodump-ng, my fake mac address is not listed in the clients list. Normally I would expect a MAC address filter, however my AP does not have a MAC filter. Moreover, why would aireplay tell me that fake authentication is successful?

    I should also add that I use the infamous broadcom bcm43xx card and please do not tell me to buy an atheros card, because if I could find one in my country, i would have bought one.

  2. #2
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by aliveli123 View Post
    When I am trying to fake-authenticate to my WEP AP, aireplay-ng says it is successful, but when I check airodump-ng, my fake mac address is not listed in the clients list. Normally I would expect a MAC address filter, however my AP does not have a MAC filter. Moreover, why would aireplay tell me that fake authentication is successful?

    I should also add that I use the infamous broadcom bcm43xx card and please do not tell me to buy an atheros card, because if I could find one in my country, i would have bought one.
    Airodump-ng will not pick up your Broadcom card as a client until you generate some actual traffic between you and the AP. Try an ARP-reply attack and if you indeed are successfully authenticated the AP will start answering with some data packets. At this point I believe that airodump-ng also should identify you as a client.
    -Monkeys are like nature's humans.

  3. #3
    Just burned his ISO
    Join Date
    Jul 2008
    Posts
    3

    Default

    Quote Originally Posted by =Tron= View Post
    Airodump-ng will not pick up your Broadcom card as a client until you generate some actual traffic between you and the AP. Try an ARP-reply attack and if you indeed are successfully authenticated the AP will start answering with some data packets. At this point I believe that airodump-ng also should identify you as a client.
    Of course when I authenticate with my desktop computer, I can fake-auth successfully. However, my question was whether it is possible to fake auth to an AP when there is no ARP request traffic on the AP, i.e. no clients connected to the AP. I tried chopchop attack and fragmentation attack; but it was unsuccessful, possibly because of the broadcom`s crappiness

    edit: Maybe what I've said above is impossible, i.e. using arp reply attack without any clients connected to my AP. It would be useful for me to know whether it's possible or not.

  4. #4
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    However, my question was whether it is possible to fake auth to an AP when there is no ARP request traffic on the AP, i.e. no clients connected to the AP. I tried chopchop attack and fragmentation attack; but it was unsuccessful, possibly because of the broadcom`s crappiness
    The fake-auth process does not rely on other clients transmitting any ARP requests, and can therefore successfully be done without any active (or inactive clients). If you have problems with fake-authenticating using your Broadcom card try moving closer to the AP. The transmission power is usually pretty low on these cards which makes transmitting any kind of packets over a long distance impossible.

    Instead of using the chopchop- or fragmentation attack, which both rely on intercepting traffic generated by connected clients, try the method described in the following thread after you are successfully authenticated.
    http://forums.remote-exploit.org/showthread.php?t=9063

    Just note that in case you do not choose an ARP-packet to be replayed you will have to use the older KoreK (-K) method in aircrack-ng instead of the PTW method.
    -Monkeys are like nature's humans.

  5. #5
    Just burned his ISO
    Join Date
    Jul 2008
    Posts
    3

    Default

    Wow, I thought chopchop and fragmentation attacks are no-client attack techniques. Suppose I'm still learning.

    What I did not understand was aireplay-ng's "Association successful :-)" message. I thought aireplay would show an error message, but it says association is successful although i cannot see my fake mac in airodump.

    this is where I'm stuck in xploitz's tutorial in fact, apart from chopchop and fragmentation attack, this is the only problem that I'm stuck.

    Thanks for all the information

  6. #6
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Wow, I thought chopchop and fragmentation attacks are no-client attack techniques. Suppose I'm still learning
    Well both the chopchop and fragmentation attack will try to obtain PRGA, and using this with packetforge-ng you can create an ARP packet yourself. I have to admit that I am not sure if the PRGA can be intercepted with no clients connected as well, as I usually have not seen the need to use either of these methods. However, after some rethinking I am positive that you indeed can use this method without any connected clients, so please pardon my last post

    What I did not understand was aireplay-ng's "Association successful :-)" message. I thought aireplay would show an error message, but it says association is successful although i cannot see my fake mac in airodump.
    As I said in my very first post. Airodump-ng will not pick up your Broadcom card as a client until you generate some actual traffic between you and the AP. If aireplay-ng states that you are successfully authenticated there is no need to doubt this just because airodump-ng has not yet picked up your wireless card.
    -Monkeys are like nature's humans.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •