Wep Ska Help :) in Security Posted April 1, 2012 To give some background I have successfully crack WEP Open, WPA, and WPS but I seem to be a noob when it comes to WEP SKA. The problem I am encountering is when I capture the auth packet. In airpodump-ng once the client authenticates I receive: Broken SKA instead of handshake Captured. I looked it up some and it said to prevent broken ska packages to spoof the client mac address. I have done that and am still receiving broken ska. I'm including output from airodump-ng and ifconfig. airodump-ng -c 1 --bssid 00:21:2F:39:C4:0C -w keyfile mon0: <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE detection-run SYSTEM "http://kismetwireless.net/kismet-3.1.0.dtd"> <detection-run kismet-version="airodump-ng-1.0" start-time="Sun Apr 1 18:48:38 2012"> <wireless-network number="1" type="infrastructure" first-time="Sun Apr 1 18:48:38 2012" last-time="Sun Apr 1 18:53:17 2012"> <SSID first-time="Sun Apr 1 18:48:38 2012" last-time="Sun Apr 1 18:53:17 2012"> <type>Beacon</type> <max-rate>54.000000</max-rate> <packets>2498</packets> <beaconrate>10</beaconrate> <encryption>WEP </encryption> <essid cloaked="false">airlink101</essid> </SSID> <BSSID>00:21:2F:39:C4:0C</BSSID> <manuf>Phoebe Micro Inc.</manuf> <channel>1</channel> <freqmhz>2412 6034</freqmhz> <maxseenrate>54000</maxseenrate> <packets> <LLC>2498</LLC> <data>760</data> <crypt>0</crypt> <total>6034</total> <fragments>0</fragments> <retries>0</retries> </packets> <datasize>0</datasize> <wireless-client number="1" type="established" first-time="Sun Apr 1 18:48:42 2012" last-time="Sun Apr 1 18:53:11 2012"> <client-mac>E0:B9:BA:5B:44:E0</client-mac> <client-manuf>Apple, Inc.</client-manuf> <channel>1</channel> <maxseenrate>54.000000</maxseenrate> <packets> <LLC>0</LLC> <data>0</data> <crypt>0</crypt> <total>821</total> <fragments>0</fragments> <retries>0</retries> </packets> <snr-info> <last_signal_dbm>-23</last_signal_dbm> <last_noise_dbm>0</last_noise_dbm> <last_signal_rssi>-23</last_signal_rssi> <last_noise_rssi>0</last_noise_rssi> <min_signal_dbm>-23</min_signal_dbm> <min_noise_dbm>0</min_noise_dbm> <min_signal_rssi>1024</min_signal_rssi> <min_noise_rssi>1024</min_noise_rssi> <max_signal_dbm>-23</max_signal_dbm> <max_noise_dbm>0</max_noise_dbm> <max_signal_rssi>-23</max_signal_rssi> <max_noise_rssi>0</max_noise_rssi> </snr-info> <cdp-device></cdp-device> <cdp-portid></cdp-portid> </wireless-client> <snr-info> <last_signal_dbm>-3</last_signal_dbm> <last_noise_dbm>0</last_noise_dbm> <last_signal_rssi>-3</last_signal_rssi> <last_noise_rssi>0</last_noise_rssi> <min_signal_dbm>-3</min_signal_dbm> <min_noise_dbm>0</min_noise_dbm> <min_signal_rssi>1024</min_signal_rssi> <min_noise_rssi>1024</min_noise_rssi> <max_signal_dbm>-3</max_signal_dbm> <max_noise_dbm>0</max_noise_dbm> <max_signal_rssi>-3</max_signal_rssi> <max_noise_rssi>0</max_noise_rssi> </snr-info> <bsstimestamp>0</bsstimestamp> <cdp-device></cdp-device> <cdp-portid></cdp-portid> </wireless-network> </detection-run> ifconfig mon0: mon0 Link encap:UNSPEC HWaddr E0-B9-BA-5B-44-E0-00-00-00-00-00-00-00-00-00-00 UP BROADCAST NOTRAILERS RUNNING PROMISC ALLMULTI MTU:1500 Metric:1 RX packets:294562 errors:0 dropped:23075 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:18673664 (18.6 MB) TX bytes:0 (0.0 B) Any help would be greatly appreciated! Thanks PS One thing I have just noticed is that I neglected to run the arp replay attack before de-authing the client. Would not performing the arp replay first affect my ability to capture the handshake? Any input is greatly appreciated!
Wep Ska Help :)
in Security
Posted
To give some background I have successfully crack WEP Open, WPA, and WPS but I seem to be a noob when it comes to WEP SKA.
The problem I am encountering is when I capture the auth packet.
In airpodump-ng once the client authenticates I receive: Broken SKA instead of handshake Captured.
I looked it up some and it said to prevent broken ska packages to spoof the client mac address.
I have done that and am still receiving broken ska. I'm including output from airodump-ng and ifconfig.
airodump-ng -c 1 --bssid 00:21:2F:39:C4:0C -w keyfile mon0:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE detection-run SYSTEM "http://kismetwireless.net/kismet-3.1.0.dtd">
<detection-run kismet-version="airodump-ng-1.0" start-time="Sun Apr 1 18:48:38 2012">
<wireless-network number="1" type="infrastructure" first-time="Sun Apr 1 18:48:38 2012" last-time="Sun Apr 1 18:53:17 2012">
<SSID first-time="Sun Apr 1 18:48:38 2012" last-time="Sun Apr 1 18:53:17 2012">
<type>Beacon</type>
<max-rate>54.000000</max-rate>
<packets>2498</packets>
<beaconrate>10</beaconrate>
<encryption>WEP </encryption>
<essid cloaked="false">airlink101</essid>
</SSID>
<BSSID>00:21:2F:39:C4:0C</BSSID>
<manuf>Phoebe Micro Inc.</manuf>
<channel>1</channel>
<freqmhz>2412 6034</freqmhz>
<maxseenrate>54000</maxseenrate>
<packets>
<LLC>2498</LLC>
<data>760</data>
<crypt>0</crypt>
<total>6034</total>
<fragments>0</fragments>
<retries>0</retries>
</packets>
<datasize>0</datasize>
<wireless-client number="1" type="established" first-time="Sun Apr 1 18:48:42 2012" last-time="Sun Apr 1 18:53:11 2012">
<client-mac>E0:B9:BA:5B:44:E0</client-mac>
<client-manuf>Apple, Inc.</client-manuf>
<channel>1</channel>
<maxseenrate>54.000000</maxseenrate>
<packets>
<LLC>0</LLC>
<data>0</data>
<crypt>0</crypt>
<total>821</total>
<fragments>0</fragments>
<retries>0</retries>
</packets>
<snr-info>
<last_signal_dbm>-23</last_signal_dbm>
<last_noise_dbm>0</last_noise_dbm>
<last_signal_rssi>-23</last_signal_rssi>
<last_noise_rssi>0</last_noise_rssi>
<min_signal_dbm>-23</min_signal_dbm>
<min_noise_dbm>0</min_noise_dbm>
<min_signal_rssi>1024</min_signal_rssi>
<min_noise_rssi>1024</min_noise_rssi>
<max_signal_dbm>-23</max_signal_dbm>
<max_noise_dbm>0</max_noise_dbm>
<max_signal_rssi>-23</max_signal_rssi>
<max_noise_rssi>0</max_noise_rssi>
</snr-info>
<cdp-device></cdp-device>
<cdp-portid></cdp-portid>
</wireless-client>
<snr-info>
<last_signal_dbm>-3</last_signal_dbm>
<last_noise_dbm>0</last_noise_dbm>
<last_signal_rssi>-3</last_signal_rssi>
<last_noise_rssi>0</last_noise_rssi>
<min_signal_dbm>-3</min_signal_dbm>
<min_noise_dbm>0</min_noise_dbm>
<min_signal_rssi>1024</min_signal_rssi>
<min_noise_rssi>1024</min_noise_rssi>
<max_signal_dbm>-3</max_signal_dbm>
<max_noise_dbm>0</max_noise_dbm>
<max_signal_rssi>-3</max_signal_rssi>
<max_noise_rssi>0</max_noise_rssi>
</snr-info>
<bsstimestamp>0</bsstimestamp>
<cdp-device></cdp-device>
<cdp-portid></cdp-portid>
</wireless-network>
</detection-run>
ifconfig mon0:
mon0 Link encap:UNSPEC HWaddr E0-B9-BA-5B-44-E0-00-00-00-00-00-00-00-00-00-00
UP BROADCAST NOTRAILERS RUNNING PROMISC ALLMULTI MTU:1500 Metric:1
RX packets:294562 errors:0 dropped:23075 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:18673664 (18.6 MB) TX bytes:0 (0.0 B)
Any help would be greatly appreciated!
Thanks
PS
One thing I have just noticed is that I neglected to run the arp replay attack before de-authing the client.
Would not performing the arp replay first affect my ability to capture the handshake?
Any input is greatly appreciated!