Problem with cracking WEP password

[xraven13]

Hi everyone...

So I am trying to crack WEP password with Realtek RTL8178B USB 2.0 , using BackTrack 4.

Here is complete description what's going on. I bolded stuff that seems like important to notice, but there might be also mistake somewhere else so please check it out.

1) ifconfig wlan0 up
2) airmon-ng start wlan0 ( i am sure that realtek is set to wlan0 because I first list all cards with airmon-ng )
3) airodump-ng mon0
4) i open new terminal because i can't type new commands anymore
5 ) airodump-ng -c 1 --bssid 00:1f:9f:cc:07:ad ( this is 100% correct address, same as channel ) -w wep mon0

Here I noticed that number next to "fixed channel mon0" is changing all the time randomly ! Not sure is that okay ?

6) again new terminal

7) aireplay-ng -1 1 -a ( xx:xx...... ) mon0

Here I got message mon0 is on channel X, but the AP uses channel Y !
Note that X keeps changing like I mentioned before. So I just enter the same command all the time until X and Y matches.
Then it keeps forever with sending authentication requests. Sometimes it doesn't return anything, sometimes its succesful. Few times it even stopped, and allowed me to type next command, but the end result was the same.

8) So I open new terminal again...

9) aireplay-ng -3 -b (Xx:xx.....) mon0

It reads packets and ACKS number increases, but I didn't get any ARP request... So I leave it like that and after some time it says that network is down and then it suddenly shows that it did send some packets and pps number is bigger then 0 also.
In my last testing it was like this : read 7000 packes, got 445 ACKS, sent 315 packets, 499 pps. But 0 ARP requests...

10) aircrack-ng wep01.cap

In total I received 16 IVS which was obviously not enough. I think that I would get so many even if I wouldn't type aireplay-ng commands...

So, anyway, can someone tell me what I am doing wrong ? Or is the problem in Realtek RTL8178b ? I think it should support injection ?
Is there any chance that WEP encryption is too good and Backtrack can't crack it ?


Thanks in advance !

[LHYX1]

Are you sure you are close enough to the acces point ?
Also wep encryption is the weakest form of wireless encryption, so normally in a couple of minutes you should be able to crack the wep key.

[christ044]

My guess would be the third step, you start airodump-ng and its just checking all channels, then you open a second screen and run airodump-ng telling it to just look at channel 1 but it cant because you have the other airodump-ng running.

What you should do is use the first airodump screen to find the ap, then use control c to stop airodump running, then use your fifth command to start airodump on the correct channel. Hopefully that should sort it out.

[msr1hjr]

My guess would be the third step, you start airodump-ng and its just checking all channels, then you open a second screen and run airodump-ng telling it to just look at channel 1 but it cant because you have the other airodump-ng running.

What you should do is use the first airodump screen to find the ap, then use control c to stop airodump running, then use your fifth command to start airodump on the correct channel. Hopefully that should sort it out.

that is the reason for the messages (fix channel number)

[xraven13]

Yes, that was it ! I can't believe it ... Thanks a lot man...

Anyway, so I got correct password and I connected, but I don't have internet access while I am sure the host have it...

So is there any way that I get internet access ? On 1 other access point I can get internet access...

I tried using windows troubleshooting and this is what I got :

"The connection between your access point, router or cable modem and the Internet is broken."
"The network gateway is accessible, but Windows couldn't receive network traffic from the Internet."

It also says that I restart broadband modem...

[xraven13]

And 1 more question.

In Windows I get good signal from 1 access point while inside of Backtrack I don't see that BSSID at all ?
Antenna is on the same position in both cases...

Anyway, it seems that IPV6 and IPV4 are not giving me access. I tried changing my MAC address to match MAC address of the network to which I connected, and IPV4 then worked, but IPV6 not so I still wasn't able to connect to internet even under name of that network it said "Internet access" .

Oh, and I also cracked other network. Same problem. .x

[skinnypuppy]

Is this YOUR network that you are attacking?? Because if it is and you knew what you were doing, you should have no problems getting on the net.

[0pcode]

What you could do is sniff some network traffic for a while and then change your MAC to the MAC of a different associated client. Generally speaking, if you change your MAC to that of the access point, the access point will think it's connecting to itself so yeah...

Another thing, is it that you can't go to a website? Have you tried going to a straight IP address?
Try typing http://209.85.225.104 into a web browser. If google pops up, then it's a DNS Server problem. I had the same problem at home and had to change my DNS servers on my PC to the ones that were listed in my router. No idea why I had to, but it worked.

[AlexDaGr8est]

With WEP encryption I found all I needed to do to attack a test AP in my home network

was start airmon-ng (airmon-ng start "wlan0" - where "wlan0" is your WNIC)
assuming you have the right wirelessNIC (Wireless Network Interface Card) to enable "monitoring" mode

and instead of using aircrack, aireplay etc
I just used Grim WEPer (it has an easy gui for WEP attacks) and utilises aircrack, aireplay, etc. and will crack an AP's password providing it is WEP

But if you are asking for help with this to get your "aircrackin" skills up with aireplay,aircrack etc for all types of AP attacks I would not recommend using it, as it is as I would say, the lazy way to crack an AP.
Just thought I would let everyone know to keep it in mind as an easytool in your pentesting arsenal for education purposes only.

[xraven13]

Hi everyone, thanks for answers...

Anyway, I tried changing MAC address of network adapters with SMAC, but its not working..
It only works for ethernet adapter...!

Its not my network that I am attacking, and I am only doing it because I want to do it if that have any sense.