Results 1 to 8 of 8

Thread: WEP Cracking

  1. #1
    Member
    Join Date
    May 2011
    Location
    Portugal
    Posts
    84

    Default WEP Cracking

    Hello everyone, i've been learning about backtrack for a while and i already can do some things with it.

    Well today I was talking with a Cousin which is also a backtrack lover just like me and while i was talking to him and cracking a wep network (open system) and with a client connected, which i created just to make a tutorial, i was talking to him that it takes some time to get an arp request. Well then i got an idea. What if i try to deauth a non existent client like "aireplay-ng -0 10 -a 12:3A:5D:64:33:AB -c 00:11:22:33:44:55 mon0". The mac 00:11:22:33:44:55 is not used by the connected client. Well once the deauth packets arrive to the AP and it will forward those packets to the "owner" of that MAC since the Router doesnt know who has that MAC it will send an ARP request to get the info about who have got that MAC. Am I right? I tried it and it worked, does anyone do this or ever tried it? I wanna see if it was luck. I don't really think so since i got some ARP request every time i tried it.

    Who ever could try that reply here the result please.


    Thanks a lot.

  2. #2
    Member
    Join Date
    May 2011
    Location
    Portugal
    Posts
    84

    Default Re: WEP Cracking

    Well well i know that another way to get an ARP request it could be pinging a non existent client with the client i have connected but that would be cheating

  3. #3
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: WEP Cracking

    I thought -c option made directed deauths, both sent to victim and AP. So it doesn't make really sense. Moreover, aircrack page states :
    Of course, this attack is totally useless if there are no associated wireless client or on fake authentications.
    With that in mind, I never tried. I'm interested in others' input on this too.

    When I have the time to try I will and report back.
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  4. #4
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: WEP Cracking

    I believe it wont work. Since ARP is there to find the MAC from an IP, if it has the MAC already, it won't send an ARP.
    World Domination is such an ugly phrase. I prefer the term World Optimization.

  5. #5
    Member
    Join Date
    May 2011
    Location
    Portugal
    Posts
    84

    Default Re: WEP Cracking

    Yes but if it has the mac but not the IP the AP will make an ARP request to get the IP. I think it makes sence and it worked with me but i don't know if it is luck because i get an arp request every time i do that.

  6. #6
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: WEP Cracking

    Quote Originally Posted by ShadowMaster View Post
    I believe it wont work. Since ARP is there to find the MAC from an IP, if it has the MAC already, it won't send an ARP.
    You made me think of something I forgot to say : I believe deauths have nothing to do with IP or TCP, afaik. So, again, it doesn't make sens to me.
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  7. #7
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: WEP Cracking

    Quote Originally Posted by comaX View Post
    You made me think of something I forgot to say : I believe deauths have nothing to do with IP or TCP, afaik. So, again, it doesn't make sens to me.
    He's talking about something else. He just wants to make the AP pass along traffic to a (nonexistent) client. He doesn't need the deuath, technically he could just use aireplay-ng -2 -r (a packet for the client sent to the AP). My problem is that ARP is part of ICMP? The header for IP,TCP,ICMP, and so on all need a sender and receiver IP. To send a directing deauth, the AP already has the client's IP in his ARP table. The only way I can think of this working is if the ARP is broadcasted. Try using wireshark to see what type of ARP is generated then please tell us. If this actually works, then it's really cool.
    World Domination is such an ugly phrase. I prefer the term World Optimization.

  8. #8
    Member
    Join Date
    May 2011
    Location
    Portugal
    Posts
    84

    Default Re: WEP Cracking

    I tried it again and it was a coincidence. Possibly that ARP Request came from the wired side of the network. So it doesn't work.

Similar Threads

  1. Replies: 0
    Last Post: 12-30-2010, 12:00 PM
  2. Please Help - WPA Cracking
    By prasad_tk3 in forum OLD Newbie Area
    Replies: 6
    Last Post: 03-14-2009, 07:08 PM
  3. WEP Cracking Help
    By goosed in forum OLD Newbie Area
    Replies: 7
    Last Post: 10-15-2008, 08:34 AM
  4. After cracking wpa
    By Stephen1000000 in forum OLD Newbie Area
    Replies: 0
    Last Post: 05-02-2008, 02:48 PM
  5. WEP Cracking
    By Oren1 in forum OLD Newbie Area
    Replies: 16
    Last Post: 07-27-2007, 07:04 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •