Hi every one i have a simple question that i didn't find an answer for it i wish this forum help me ::
when i set up the fake ap with airbase and haveing apache server configured,dnsspoof ready and the pishing page ready too
all this to hack wpa/wpa2 but there is still one *** problem when i use aireplay -0 0 - (bssid) to deauth the clients of the real ap i also deauthinticate my fake ap too as i have previosly set up the same bssid and the channel and the same essid of the real ap so no one can connect either to my fake ap or the real ap
even when i use airdrop-ng the same thing happens pleeeaaaase help
As far as i know, you do not need to use the same BSSID of real AP, but only the ESSID must be the same.
Deauth the client's MACs specifically, not the AP MAC. I think the trouble is you are not being specific enough with your command, or airdrop rule list.
This forum has helped me out before, so I'll give it my best to return the favor.
Please, somebody correct me if I'm wrong.
I'm definitely not an expert on airbase-ng, but what I've gathered from some episodes of Hak5 and other forum posts is that the only clients that you're going to net with an attack like this are clients that have previously connected to an UNSECURED network, have remembered that network, and are set to auto-connect to it: for example, a coffee shop, airport, or some public libraries.
The reason for this is that in order for the client to connect to you, your fake AP has to have the same settings as the real ap that your target would try to connect to. Same MAC, same ESSID, and most importantly, the same encryption and encryption key.
If you don't know the encryption key for the real AP, then how can you set it on your fake one? That's why this attack works for unsecured networks... It's easy to spoof an ESSID and MAC address of an open network, and you don't have to worry about the encryption key at all. Then if you net the client, you can grab their WPA or WPA2 keys with a program like Wireless Key Viewer fairly easily of you successfully exploit their box and open a session.
This way, you're not actually trying to spoof the AP that the target is currently connected to, but rather an unsecured AP that the target remembers and would send out a probe request for if deauth-ed. This easily gets around the problem of their real AP and your fake AP both getting deauth-ed because they're essentially identical.
If airbase could work by setting an encryption flag, but then get the client to connect unencrypted anyway, that would be news to me. Awesome news.
Last edited by AzraelSepultura; 01-20-2011 at 09:28 AM. Reason: Forgot to include the point I tried to make :/
Are you to close i.e. testing on the same desk.
I have intermittent problems but move fake AP to another room and things improve.
This may also be the wifi card. I have been using atheros wifi which works some of the time. The last few days I have been testing using a zidas zd1211 USB with an extenal aerial on the same desk and things seem a lot more stable.
Using g0tmi1k fakeAP127_pwn script, this script is magic.