First off, clear something up. When you say there are plenty of APs round here, you not trying to access them? True?
Secondly, it depends on your hardware and how good your signal is to your AP
Very slow PPS. Is this right?
I'm following Xploitz tutorial video to the T:
hxxp://forums.remote-exploit.org/showthread.php?t=9063
I've tried two of his other tutorials as well with the same results. I get very slow packets. I let it run for just under an hour and only had 2500-ish packets of data. My PPS stayed at pretty much zero, although I would see it jump up to 7ish from time to time. For hardware I'm using an acer aspire one netbook. The wireless card is an atheros chipset.
I started going through tutorials on aircrack's site to try and single out the problem, and I've found that I can't even run an injection test. Maybe I'm trying to do it wrong, but here's what I do:
airmon-ng stop ath0
airmon-ng start wifi0
that's how I'm supposed to start my card in monitor mode, right? I follow that up with these commands to try and test packet injection:
airoplay-ng -9 ath0
and I get this in reply:
Trying to broadcast probe requests...
No Answer...
Found 0 APs
And yet I know that there are several APs around here. What's the deal? Is this linked to why I have such slow PPS when I follow the tutorial video?
First off, clear something up. When you say there are plenty of APs round here, you not trying to access them? True?
Secondly, it depends on your hardware and how good your signal is to your AP
Move closer to your AP.
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
I'm trying to access my own AP.Originally Posted by marked
I'm not certain, but from what I can find, the wireless card appears to be an atheros AR5007EG. Doing a quick search on the forums, the AR5007EG seems to be a supported card, and I've seen users say that it's great. I sat right next to my router to make sure I had a good signal.
I have to ask this just cuz sometimes people dont understand this when you enter this:
aireplay-ng -3 -b (bssid) -h (fake mac) (interface)
you have to have another machine that is wireless do some sort of network activity. It could be anything you could just open the home page and after that you should see the data packets jump. Running 2 hours of data packets is way to long I have done alot of WEP stuff for customers and the longest I have ever had to run it was 10min.
If you dont have another machine to use to test it with then you have force the data packets. That can be done by doing this open up a new shell and type in:
aireplay-ng -5 -b (bssid) -h (fake mac) (interface) <--this will capture packet frags. You will have to select y/n
Open yet another shell and type:
aireplay-ng -2 -p 0841 -d ff:ff:ff:ff:ff:ff -a (bssid) -h (fake mac) (interface)
That will capture full packets from the frags you were sending to the router. Once again you will have to select yes or no. If you say no it wont work. Once you send 1 packet you should at that time see your data packets clim like crazy.
This was kinda a quick answer for you if you need more detail then go look for clientless WEP cracking. Hope this helped.
I think the reason I wasn't finding any AP's earlier when I did the test command was because I was on the wrong channel. Regardless, when I run the following command, I receive confirmation that my card can inject.
This is what my AP pings as:Code:aireplay-ng -9 ath0
So then I start up airodump-ng with the following command:Code:Ping (min/avg/max): 4.542ms/70.745m/95.948ms Power:50.5 30/30: 100%
Once that's started, I run the aireplay-ng command with the following attributes:Code:airodump-ng -c 1 --bssid (my AP's ssid) -w default ath0
Once I run that, I get a bunch of lines that looks like it's doing a lot. In Xploitz video, his terminal appears to show only one line, and the line just keeps updating. My screen gets flooded with lines. Here's an exact line from the last run I did:Code:aireplay-ng -3 -b (mac address of ap) -h (my ath0 mac address) ath0
So I look back at my other console, the one with airodump-ng running, and I see the following stats. PWR, depending on where I am, is about 60ish. Beacons seem to go up rather quickly. My #Data seems to jump at first, and #/s looks to be about 300 at first, but quickly falls. Usually, it hits 0 in a few seconds, and my #Data slows down around 1300ish. The CH is correct, the MB speed and ENC are correct, and the ESSID reads correct.Code:Read 72129 packets (got 260 ARP requests and 23405 ACKs), sent 46719 packets...(500 pps)
I've tried pinging a non-existing machine on my network from another computer to see if it helps, and it seems to have no effect. In addition, all the computers in my house seem to lose connection quite a bit while I'm running packet injection - is that normal?
Also, I ran the same test on another laptop, this one with an intel3954 a/b/g card, and I had the same results.
Some APs max out at so many IVs. You can run a replay attack several times while using Airodump-ng over a few hours or days if you have to till the AP lets you have more.
Once you have done it a few times run 'aircrack-ng -z wep-*.*' and it will use all the data in the files and crack it.
You start with this code? Your first line should look like this:
aireplay-ng -1 0 -a (bssid) -h (mac real or fake) (interface)
after that you should get a line that says successful. Once you have that then type in your line of:
aireplay-ng -3 -b (bssid) -h (mac real of fake) (interface)
try that and let us know if that changes anything.
No, sorry. First I set my card in monitor mode, then I start listening to my AP using airodump-ng. Once I'm listening, I use aireplay -1 to deauth, and after that I use aireplay -3. I tried Xploitz's other video tutorial dealing with korek chopchop and had the same results. Very slow PPS.
Is there a list of routers that limit IVs so I can find for sure if this is the case? Or is it an option I can disable? I'm using a WRT54GX2.
I have two new observations. I took my laptop over to my brother's house, and with his permission, I tried the exact same thing on his AP. It worked perfectly. I noticed two things, though.
The first is this: The computers connected to his AP never lost connection. We were surfing the web all through the attack, and never once lost connection. At my own house, as soon as I start aireplay-ng with the -3 attack (standard ARP-request replay), all the machines connected to my AP randomly loose their connections. Is this normal?
The second thing I noticed was that his router generates a single random key for encryption. Looking at my router, it takes a passphrase and generates five keys from the passphrase. I verified that encryption is set to WEP 64bit.
Anyone have any ideas?
Posting Permissions