Just Another WEP Cracking Problem :)

[efrancesco]

Hi all,
I really didn't wanted to post in this forum but I'm sorry I had no other choice
I'll try my best to provide you all the information so its easier for your to give a suggestion.

Hardware In-Use
Machine: Compaq Evo N800
Wireless Card: WG511T
Router: WGR614v6

Method of Attack

I open up 4 windows

In window 1
1) airmon-ng stop ath0
2) arimon-ng start wifi0 <--restarts ath0 in monitor mode-->
3) airodump-ng -c <channel> -w <file> ath0

In window 2
1) aireplay-ng -1 30 -e <AP Name> -a <Router Mac> -h <Fake mac> ath0

In window 3 <--make sure that the fake mac you use is listed on window 1 with the router-->
1) aireplay-ng -3 -b <Router Mac> -h <Fake mac> -x 900 ath0

In window 4
1) aireplay-ng -0 10 -a <Router Mac> -h <Fake Mac> ath0 <--you may have to use this command a couple of times to deauth the mac, but usually it works-->

once you see your data packets increasing then just wait, you don't need to use the deauth command again... now once you have the amount you think is enough you can use this command in this (window 4) same window

2) aircrack-ng -x -0 <FILE> <--this is the file you named above, realize it will add a -01 to the name. Example. In Window 1 you chose the file name to be CAPTURE, then here you would use CAPTURE-01.CAP or... just use CAPTURE*.CAP --->

failed authentication?

• In window 1, Everything works great.
• In window 2, Airplay starts and after a while displays the happy sign [:-)] with a successful authentication message and sends Keep-Alive packet. But it doesn't last too long. I mean it would go on for about a minute or two and then just stop, giving me a variety of reasons for its failure but when I try again it gives me the happy sign. Now I assume this is a failed authentication, as it should have continued sending alive packects.

What's odd is the fact that I have no MAC filtering set on my router and yet I can't successfully authenticate. Any ideas what could possibly be the reason? or should I just try a completely different method?

[PrairieFire]

What does the Aircrack-ng Documentation say?

[-=Xploitz=-]

2 things come to mind...

1.
Go to the tutorial section, I have 2 varieties of WEP cracking methods to chose from. Follow them to a T and you wont fail.

2. Are you doing clientless attack or client deauth attack?? Cause from above..." In window 4
1) aireplay-ng -0 10 -a <Router Mac> -h <Fake Mac> ath0 <--you may have to use this command a couple of times to deauth the mac, but usually it works-->

That suggest your deauthing a client with the -0 option, yet..it says -h <Fake MAC>...you don't use a faked mac address here..you use the connected clients MAC address here and the option is not -h...its -c so it would look like this...

aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:34:30:30 ath0

Follow a real tutorial...see my video in the tutorial section for clientless attacks.

[TrialAndError]

He's deauthing himself isn't he?!!!

He says he's only using one computer, and one wireless card, so presumably he is...coupled with the fact that he's deauthing his Fake MAC of course.

I like the listing about the router model though, it inspires confidence that he's legitimate anyway...if only everyone did that we'd have a clearer idea about those with illegal intentions.

Sorry to talk about you, rather than to you, efrancesco...follow Xploitz's videos and you'll be fine

[-=Xploitz=-]

He's deauthing himself isn't he?!!!

He says he's only using one computer, and one wireless card, so presumably he is...coupled with the fact that he's deauthing his Fake MAC of course.

...follow Xploitz's videos and you'll be fine

Sounds like he is deauthing himself...which is pointless in a clientless attack. If you deauth yourself using the -0 option... its defeating the purpose of a clientless attack..lol But if hes deauthing another client thats already established connection..then the -0 option is MANDATORY. Sounds like hes trying to do a clientless attack, but hes following a client connected tutorial and mixing up the attack methods...lol

[TrialAndError]

efrancesco: As I'm reasonably sure you are acting legitimately may I suggest that you follow this video tutorial by Xploitz:
http://forums.remote-exploit.org/showthread.php?t=7872
And feel free to ask any questions you need about how to achieve it here.

It's slightly different from the method you have been using but if you follow it closely then you should be successful

[efrancesco]

PrairieFire, Thanks for pointing out to the resource. Actually its through the aircrack-ng documentation that I was able to determine that its indeed a failed authentication problem but they didn't offer any help on how to resolve the issue. I tried the tcpdump method, it sort of solved it but it wasn't too long before it returned.

--=Xploitz=--, Man I've been reading so many post that you have made on this forum but its really the first time I get to say thanks for helping me out here and, indirectly, with all other problems I never posted

TrialAndError, Thanks man that video got me through
I couldn't find the links to the other video on wep cracking from Xploitz, I did however to get the WPA one. Is that video still avaliable?

Now, if I may give you this last bit of trouble, I have a good idea of Fake Deauth and KoreK method. Thanks widely to the paper written by Fluhrer, Mantin and Shamir's on cracking WEP but I'm still not sure about the clientless attack. Any good resources out there that you can point me to? and, finally, is there like a website or something that keeps track of all the wep/wpa cracking techniques or is it just scrambled all over the internet?


Once again thanks to all of you!!!

[-=Xploitz=-]

I call this "The -=Xploitz=- Masterpiece Collection."

Code:

  -=Xploitz=- VIDEO: #1 "E-Z No Client WEP Cracking Tutorial"

Code:

-=Xploitz=- HQ VIDEO: #2 "E-Z No Client Korek Chopchop Attack Tutorial"

Code:

   -=Xploitz=- VIDEO: #3 "E-Z WPA/WPA2 Cracking Tutorial"

Code:

 - =Xploitz=- VIDEO: Vol. #4 "E-Z  Cracking WPA/WPA2 With Airolib-ng Databases"

[shamanvirtuel]

i can upload the bundle on my ftp if you want

a big file AIO

or all files as you want .... but non online playing available only dl

[TrialAndError]

TrialAndError, Thanks man that video got me through

Thank Xploitz, he made it!

I'm still not sure about the clientless attack. Any good resources out there that you can point me to?

Xploitz's videos will give you all the info you'll need, for a clientless attack check out Video #2...the ChopChop attack will give you the keystream you need to forge an ARP packet, then send that to the AP to generate IVs to use in Aircrack.

finally, is there like a website or something that keeps track of all the wep/wpa cracking techniques or is it just scrambled all over the internet?

You're looking at it! It's a bit ad hoc but using the search function and the odd keyword will help you find everything you need. I prefer to use Google to search these forums as it usually gives better results than the actual forum search. Just stick "KEYWORD site:http://forums.remote-exploit.org/" into Google and it'll focus it's search solely on these forums