Jump to content

Wep Crack Issue


joeypesci
 Share

Recommended Posts

Messing about in my lab with my Linksys WAP54G set to WEP 128bit.

I've loaded Backtrack 4 in a VM with my Alfa sat right next to the Linksys.

I do the following once I've got the BSSID etc and done airodump-ng:

aireplay-ng -1 30 -h 00:11:22:33:44:55 -a 00:02:6F:33:BC:BE mon0

Then

aireplay-ng -3 -h 00:11:22:33:44:55 -b 00:02:6F:33:BC:BE mon0

I get this issue

13052010025750.png

Now I forgot to take the screen shot before so I've just started it again to get it.

It authenticates with the AP just fine as you can see. This gets kept alive everything 30 secs (did that because it seemed to kick up the data counter really quick, I could be imaging it having that affect).

Then with the -3 attack as you can see in the picture it appears to go up and up but no data is ever created for capturing. It appears to take ages, sometimes I have to wait till it gets to something like 20k packets or more before data starts running through it.

Is this a signal issue or something else?

Link to comment
Share on other sites

aireplay-ng -3, thats the deauth, right? Cant remember th menu o foptions, but doign a deauth when no one is associated with the router wont help your situation. If thats the case, you need to be able to inject packets(if your card can) or generate fake IV's. Theres an option in there somewhere for it. Also, you can try forgring an arp packet, at some point like every 5 or 15 minutes the router will do an arp to refresh its table, just need to be able to capture an arp, then replay that packet, or use packetforge-ng to send the same arp multiple times, which will cause the IV's to climb VERY rapidly and get you enough data to crack the wep key.

try aireplay-ng -5 -e routerName interfaceName (replace the corresponding with your setup, dont use the actual text rotuerName and interfaceName) and capture an arp to save for use in packetforge-ng, then replay it to the device using packetforge-ng :

packetforge-ng -0 -n 5 -a macofrouter -h yournicmac -k gatewayaddressofrouter -l anyvalidiprange -y fragment.xorfile -w arp interfaceName

Now we have a file called arp with all out packet data in it so we can feed it to the AP and watch our IV's skyrocket. In about 3 minutes, you should have all the IV's you need to crack the AP's Wep.

We have to send the "arp" packet we created, so run aireplay-ng again and feed it to our AP.

aireplay-ng -r arp -3 -e essidofrouter interfaceName (where arp is the name of our forged packet!)

Edited by digip
Link to comment
Share on other sites

aireplay-ng -3, thats the deauth, right? Cant remember th menu o foptions, but doign a deauth when no one is associated with the router wont help your situation. If thats the case, you need to be able to inject packets(if your card can) or generate fake IV's. Theres an option in there somewhere for it. Also, you can try forgring an arp packet, at some point like every 5 or 15 minutes the router will do an arp to refresh its table, just need to be able to capture an arp, then replay that packet, or use packetforge-ng to send the same arp multiple times, which will cause the IV's to climb VERY rapidly and get you enough data to crack the wep key.

try aireplay-ng -5 -e routerName interfaceName (replace the corresponding with your setup, dont use the actual text rotuerName and interfaceName) and capture an arp to save for use in packetforge-ng, then replay it to the device using packetforge-ng :

packetforge-ng -0 -n 5 -a macofrouter -h yournicmac -k gatewayaddressofrouter -l anyvalidiprange -y fragment.xorfile -w arp interfaceName

Now we have a file called arp with all out packet data in it so we can feed it to the AP and watch our IV's skyrocket. In about 3 minutes, you should have all the IV's you need to crack the AP's Wep.

We have to send the "arp" packet we created, so run aireplay-ng again and feed it to our AP.

aireplay-ng -r arp -3 -e essidofrouter interfaceName (where arp is the name of our forged packet!)

No I believe the -3 is the ARP request relay attack. -0 is the deauth.

Thanks for the reply though.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...