nore Posted January 8, 2011 Share Posted January 8, 2011 just had a quick question. When I run aireplay-ng it sends auth request to the target ap, but in some cases its unsuccessful. I'm wondering is the distance really a big issue? since its worked in the past with my usb wifi card. also is there another option over using aireplay? thanks. Quote Link to comment Share on other sites More sharing options...
digininja Posted January 8, 2011 Share Posted January 8, 2011 You've not given us much to work on here. Distance is definitely an issue, take it to an extreme, you are 10 miles from the AP you won't be able to talk to it. You also need consider reflection and refraction between you and the AP. What are you trying to do with aireplay? It has 8 modes, I'd guess you were using fakeauth as you are talking about sending auth requests, is that right? Quote Link to comment Share on other sites More sharing options...
nore Posted January 8, 2011 Author Share Posted January 8, 2011 You've not given us much to work on here. Distance is definitely an issue, take it to an extreme, you are 10 miles from the AP you won't be able to talk to it. You also need consider reflection and refraction between you and the AP. What are you trying to do with aireplay? It has 8 modes, I'd guess you were using fakeauth as you are talking about sending auth requests, is that right? yea I was using the -1 0 -a from aireplay-ng. I had 3 out of the 5 bars from the target AP, and it still failed. what could be the issue here? I thought it was the distance but I don't think so, soo what else can it be? Quote Link to comment Share on other sites More sharing options...
digininja Posted January 8, 2011 Share Posted January 8, 2011 MAC address filtering? Quote Link to comment Share on other sites More sharing options...
nore Posted January 9, 2011 Author Share Posted January 9, 2011 is there a way around that? Quote Link to comment Share on other sites More sharing options...
digininja Posted January 9, 2011 Share Posted January 9, 2011 ye, one of the parameters is the mac address for the packets to come from, just set that to a valid MAC address Quote Link to comment Share on other sites More sharing options...
nore Posted January 9, 2011 Author Share Posted January 9, 2011 ummm im not getting it? maybe I need to research more Aircrack suite, but so what command would I type in Backtrack 4 then? Quote Link to comment Share on other sites More sharing options...
digininja Posted January 9, 2011 Share Posted January 9, 2011 Do some research on MAC address filtering and read up on Aircrack, it will explain all you need to know Quote Link to comment Share on other sites More sharing options...
nore Posted January 9, 2011 Author Share Posted January 9, 2011 alright cool. expect a lot of questions from me lol I wanna learn as much as possible. Quote Link to comment Share on other sites More sharing options...
nore Posted January 9, 2011 Author Share Posted January 9, 2011 (edited) oh ok soo basically I use Macchanger to set a valid Mac address for the fake Auth atk. is that correct? oh sorry about the double post... also technically speaking aireplay-ng should always work then right? Edited January 9, 2011 by nore Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted January 9, 2011 Share Posted January 9, 2011 oh ok soo basically I use Macchanger to set a valid Mac address for the fake Auth atk. is that correct? oh sorry about the double post... also technically speaking aireplay-ng should always work then right? Found this tutorial on MacAddressChanger, it should help you out a bit. http://www.securitytube.net/Macchanger-video.aspx Quote Link to comment Share on other sites More sharing options...
digininja Posted January 9, 2011 Share Posted January 9, 2011 If you look at the replay options you've got -h smac : set Source MAC address This is the MAC address you are sending the authentication from. This needs to be a MAC address that is allowed to talk to the AP. Don't know if macchanger will work or if aireplay will override the MAC and put it back to the original. Quote Link to comment Share on other sites More sharing options...
digip Posted January 9, 2011 Share Posted January 9, 2011 If you can open airmon-ng to watch specific channels your AP is on, you will be able to see what Client MAC addresses are associated with what AP's. The top section shows the access points, but at the bottom you will see the associated nodes, if any, and the same MAC as the AP you want to access. If there are none, its kind of difficult to then fake a valid MAC address without knowing a valid one first. You can however check captured packets from the access point, sometimes having an arp packet in there showing one of the desktop machines doing an arp and vice versa, where they say "who has x.x.x.x" address. Using wireshark while airmon is running will show you arp packets over the air but I'm not 100% sure you will see them on a WPA connected setup, as they will/should be encrypted. Quote Link to comment Share on other sites More sharing options...
nore Posted January 10, 2011 Author Share Posted January 10, 2011 ohhh ok I get what your saying. so basically look at connected Mac address's to see which ones are allowed, and then connect using one of the allowed Mac address's. also would I have to wait for them to get out, or using the fake auth atk with one of the connected mac address's work? Quote Link to comment Share on other sites More sharing options...
digip Posted January 10, 2011 Share Posted January 10, 2011 ohhh ok I get what your saying. so basically look at connected Mac address's to see which ones are allowed, and then connect using one of the allowed Mac address's. also would I have to wait for them to get out, or using the fake auth atk with one of the connected mac address's work? Again, read up on Aircrack and the entire suite of tools, ask questions when you get stumped or need help understanding something. In the Aireplay tool there is a deauth setting, that will bounce the user off the router. Whatever you do, don't be a dick about it. Attacking other peoples routers is against the law in nearly every part of the world and don't think you can't get caught because it goes both ways when doing these sorts of things. If you have your own wireless router, then by all means, play all day long and learn all you can. Its great fun and will only help you build your skills. We enjoy discussions on hacking and try to keep an open dialog, but we don't condone abusing other peoples networks, machines, etc. We all started somewhere and all want to learn, and while we like to share what we know, use what you learn for a good purpose, and not to run around attacking other people's networks. Use at your own risk. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted January 10, 2011 Share Posted January 10, 2011 ohhh ok I get what your saying. so basically look at connected Mac address's to see which ones are allowed, and then connect using one of the allowed Mac address's. also would I have to wait for them to get out, or using the fake auth atk with one of the connected mac address's work? I hope you are not trying to break into someone else wireless. Just practice it with your own wireless rather than messing with other people's wireless. Quote Link to comment Share on other sites More sharing options...
digininja Posted January 10, 2011 Share Posted January 10, 2011 I was also going to point out that if it were an AP you were allowed to connect to then you should know the MACs that are allowed. If you are on a legit pen-test then you need to learn your tools before selling it as a service. Quote Link to comment Share on other sites More sharing options...
Haryer Posted February 10, 2011 Share Posted February 10, 2011 Hello Guys , I have a big problem. When I typing "sudo aireplay-ng -0 8 -a AP Mac -c Client Mac mon0" then it picture me " mon0 is on channel -1, but the AP uses channel 1" How can I solve the problem? PLEASE HELP Quote Link to comment Share on other sites More sharing options...
digininja Posted February 10, 2011 Share Posted February 10, 2011 This will change the device to channel 1 sudo iwconfig mon0 channel 1 but I've seen this before with cards that are being used for other jobs at the same time, such as channel hopping in airodump and also some cards where the drivers don't work correctly and which means aireplay won't work for that card. Quote Link to comment Share on other sites More sharing options...
digip Posted February 10, 2011 Share Posted February 10, 2011 (edited) Just set airodump-ng to a specific channel first with -c 1 where 1 is the channel you want. ex: airomon-ng -w dump -c 1 mon0 Where dump is the pcap file to save to and 1 is the channel you want to monitor and mon0 is your wireless nic. Then aireplay-ng should automatically use the same channel set by airomon-ng. Try not to use channel hopping in airomon-ng when capturing except for when doing initial scans to see what is out there. Then restart it on a specific channel once you see your router and what channel its on. Edited February 10, 2011 by digip Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.