Results 1 to 2 of 2

Thread: WEP SKA and ZERO Clients?

  1. #1
    Just burned his ISO
    Join Date
    Jun 2009

    Arrow WEP SKA and ZERO Clients?

    Hello world! I was wondering if anyone might be able help here. First of all, although I like to think I'm not a total newbie to backtrack, I've still got a long way to go I think. Therefore if at any time I seem confused or downright mistaken in my grasp of concepts or terminology... then feel free to set me straight, lol.

    Anyway, onto the "problem".

    I recently just signed up for another 18 month contract with my ISP and for some bizzare reason they have sent me another free Wireless ADSL Modem-Router (BThomeHub) as a customer loyalty "thank you" even though I already use a far more substantial 3rd party modem/router.

    I'm interested in using this new router as a guinea pig practice AP for WiFi pen testing. It won't be connected to the internet, nor will there ever be any other Clients using it. So it's just a lone sitting duck on my desk.

    I'm fairly sure (I think) it's set to: WEP Shared Key Authentication (SKA, Not OPEN / or enterprise whatever) and it also has NO clients as I say.

    I've looked over the many good tutorials on the net for cracking WEP, but I've noticed that most seem to silently assume that there is to already be some reasonable amount of WiFi activity going on between "legit" clients and the AP in order to capture sufficient IVs etc.

    The tutorials that I've found that DO cover clientless attacks sadly don't ALSO cover SKA I think, only Open or whatever. Perhaps I've not looked well enough, but I have yet to find one that covers both factors being present.

    Could anyone be kind enough to point me in the right direction or guides that specifically focus on cracking a WEP key of an AP that is SKA, AND has ZERO CLIENTS?

    I'm also planning to try the more usual scenarios too but I'm curious to really get a result for this specific test if I can, just because it's perhaps the road less travelled.

    I'll be using a Linksys WUSB54GC USB dongle in VMware and probably BT3 unless anyone thinks earlier version might be better for this for some reason.

    Thanks for reading!

  2. #2
    Junior Member mRM3e's Avatar
    Join Date
    Oct 2008


    There are many threads on the topic, however because you so eligantly posted the thread, I shall give you a somewhat eligent answer.

    First of all you need to obtain the PRGA (xor file) that will allow you to send an association request to the AP. However the only method I know of doing this is to de-auth a host while dumping the traffic of the network. You can use the xor from a chop chop or frag attack but they must be over 144 bytes I believe.

    So in short, you probably cant do it. Get a client hooked up and go for it.
    I feel sorry for them - those who take authority as the truth and not truth as the authority -- Zeitgeist

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts