Results 1 to 7 of 7

Thread: Purpose of fake auth?

  1. #1
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    10

    Default Purpose of fake auth?

    I've been running through the clientless attack on my home network as shown by offensive-security's flash video, and I understand why we're taking each step except for one. Why do we fake auth? Does it provoke some information for the fragmentation to work from, or what?

    And of course, what other uses does it have?

  2. #2
    Just burned his ISO
    Join Date
    Jul 2006
    Posts
    15

    Default

    I've been trying all day with this fragmentation with no luck either.

    The fake auth has to be done as you have to have an associated connection to the AP for framentation to work.

  3. #3
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by GMouse View Post
    I've been running through the clientless attack on my home network as shown by offensive-security's flash video, and I understand why we're taking each step except for one. Why do we fake auth? Does it provoke some information for the fragmentation to work from, or what?

    And of course, what other uses does it have?
    http://www.aircrack-ng.org/doku.php?...authentication
    Fake authentication
    Description

    The fake authentication attack allows you to perform the two types of WEP authentication (Open System and Shared Key) plus associate with the access point (AP). This is useful is only useful when you need an associated MAC address in various aireplay-ng attacks and there is currently no associated client. It should be noted that the fake authentication attack does NOT generate any ARP packets.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  4. #4
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    10

    Default

    Ok, so using it means that I'm able to use my own MAC address in the later aireplay attacks, whereas if I didn't, the packets generated would simply be ignored by the AP?

    @map777
    Actually, I got it to work, twice now. The first time, it took forever to find a suitable packet for fragmentation. The second worked right off.

  5. #5
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    18

    Default

    It does 2 things, 1 associates a MAC address for packet inject, in order for an ARP reply to work, and 2, will help generate suitable fragments for use with packetforge to create arp-reply packets to inject.

  6. #6
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    10

    Default

    Ok. I think I kinda/sorta get it. It'll probably make more sense as I get used to wifi.

    Thanks!

  7. #7
    Just burned his ISO
    Join Date
    May 2007
    Posts
    11

    Default

    If you still don't understand first try to understand wireless communications. Then read every bit of documentation on aircrack-ng. These guys do a great job of explaining the videos that people on the web put out, but you have to look for it, people aren't going to hand you the information on a silver spoon. But if you look it is there.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •