Results 1 to 10 of 15

Thread: the first ARP (never shows up)

Hybrid View

  1. #1

    Default the first ARP (never shows up)

    Hi, I have a lot of routers now at the Labs from donations/family/friends/etc.. and found that some of them aren't vulnerable to the general WEP attack with the aircrack-ng suite. The Cisco routers are, and I can Fake Authenticate, and wait for the ARP call from the router. Onece i get it I inject fine. But, I have a few netgear and some others that After I successfully Authenticate and Associate, nothing happens. The router doesn't send a single ARP.
    After a while Airodump-ng shows me (STATION) disappear and I have to reauthenticate (which works well).. any ideas on how to generate the ARP? (This is a clientless attack btw) (and I can physically generate it by unplugging a wired machine from the switch and plugging it back in after a second or two, or simply doing a dhclient call from another Ubuntu machine, but I was wondering is there a way to do it without physical access? or is that not possible? - thanks guys - Trev.

  2. #2
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Your trying what attack?? The -3 arp request? No, it doesn't work with every router or AP. Try the -5 fragmentation attack or the -4 korek chopchop attack.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  3. #3

    Default

    I did, I've treid each one. When it is reading packets and finds one to send, it doesn't work. says "Got a Deauthentication Packet!" and I'm thinking, it's not vulnerable to the attacks when there's no valid WLAN clients.

  4. #4
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Did you try the -o 1 and -q 10 options for picky access points when fake associating??
    Code:
    aireplay-ng -1 6000 -o 1 -q 10 -e NetworkNameHere -a APmacHere -h YOURcardsMAChere ath0
    Where:
    • 6000 - Reauthenticate very 6000 seconds. The long period also causes keep alive packets to be sent.
    • -o 1 - Send only one set of packets at a time. Default is multiple and this confuses some APs.
    • -q 10 - Send keep alive packets every 10 seconds.
    Success looks like:
    18:22:32 Sending Authentication Request
    18:22:32 Authentication successful
    18:22:32 Sending Association Request
    18:22:32 Association successful :-)
    18:22:42 Sending keep-alive packet
    18:22:52 Sending keep-alive packet
    # and so on.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  5. #5

    Default

    i always use the "-o" and the "-q" arguments, but for those three routers it doesnt work, says "Got a Deauthentication Packet!" right after the successful association. (the Keep alive packets are denied)

  6. #6
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Interesting dilemma you got there.

    Is MAC filtering enabled on these select routers / AP's perhaps?
    Wouldn't hurt to check just to make sure.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  7. #7
    Just burned his ISO 773451's Avatar
    Join Date
    Jan 2008
    Posts
    23

    Default

    great tip. I figured out for myself that I need to reauthorize every once in a while (some APs even 30-60 seconds), and the keep alive technique, but I had no clue about the -o 1 switch. I'm trying that tonight on a weird AP I have that won't break for me.

    773451
    We’ve heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true. –Robert Wilensky

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •