BT3 and aireplay-ng deauth
I am sorry if this is the wrong place to post this, but it seems this is the ONLY place I can post right now.
Anyway, I am completely new to Linux and BT3 for that matter, but over the past week I have been trying to crack my WEP/WPA2 keys and been coming short every time.
Currently I am using BT3 and aireplay-ng to try to deauth one of my other clients form the AP I am testing against.
I was watching Xploit videos and followed everything in the WPA2 video, but right now the deauthenticaion attacks seems to have no effect.
I have an Intel 3945ABG card and this is the sequence of commands I ran:
modprobe -r iwl3945
airmon-ng start wifi0
airodump-ng -c 6 -w psk --bssid MYAPBSSID wifi0
aireplay-ng -0 1 -a MYAPBSSID -c MYCLIENT wifi0
the last command returns:
Sending 64 directed DeAuth. STMAC: [MYCLIENT] [0| 0 ACKs]
any idea why I can't get the client deautheticated?
aireplay-ng -0 10 -a MYAPBSSID wifi0
aireplay-ng -0 0 -a MYAPBSSID -c MYCLIENT wifi0
should work ... you also might need to get closer
I will give this a shot. thank you. Also I am right next to the AP. 2 feet literally
Originally Posted by vvpalin
I have an intel 4965ang and I am using the latest BT4 release.
I followed Mixit's guide step by step (the guide which was here until a few hours ago and now is gone).
I was finally able to run MixIt's "fakeit" shell script (I had copied and save it in windows so it had windows-style newlines - and the bash' parser sucks).
I then ran aireplay -3 which I think is what MixIt's guide said (it had disappeared by the time).
After a short while I got 1 ARP without need for the deauth thing. After the ARP was receuved, aireplay started apparently reinjecting packets: it printed a huge lot of "Read nnnnn packets (got 1 ARP and 0 ACK), sent nnnnnn".
However, if I understand correctly, the purpose of all this is to accelerate the traffic so that more data packets are captured.
Well, in the airodump windows the flow of data packets (there is another client communicating with the router) didn't accelerate a bit.
It did capture a huge lot of packets flowing between my own Mac and the router, but the number of "#Data" packets didn't accelerate its growth.
I then tried Airocrack, but the number of IVs grows is almost equal to the number of DATA packets, it is NOT influenced by the explosion of presumably reinjected packets; that is, running aireplay is not accelerating the process of cracking the key in any way. I still have to wait the number of data packet to reach some tens of thousand "naturally".
I don't know if this means that injection is not working at all.
1. This is called thread hijacking since you are not commenting on the OP's question.
2. You double posted this question here:
3. The fakeit.sh script was not mine as I mentioned in the other thread you commented on. I don't want to take credit for it, but I do not remember the author offhand.
4. Try following the post below mine in the other thread by tripkip. Also, as mentioned in this thread, make sure you're close enough to the AP.