Jump to content

Aireplay-ng

nore

By nore
in Security

 Share

Recommended Posts

nore Newbie

nore

Posted
Posted

just had a quick question. When I run aireplay-ng it sends auth request to the target ap, but in some cases its unsuccessful. I'm wondering is the distance really a big issue? since its worked in the past with my usb wifi card. also is there another option over using aireplay? thanks.

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

You've not given us much to work on here. Distance is definitely an issue, take it to an extreme, you are 10 miles from the AP you won't be able to talk to it. You also need consider reflection and refraction between you and the AP.

What are you trying to do with aireplay? It has 8 modes, I'd guess you were using fakeauth as you are talking about sending auth requests, is that right?

Link to comment
Share on other sites
nore Newbie

nore

Posted
  • Author
Posted

You've not given us much to work on here. Distance is definitely an issue, take it to an extreme, you are 10 miles from the AP you won't be able to talk to it. You also need consider reflection and refraction between you and the AP.

What are you trying to do with aireplay? It has 8 modes, I'd guess you were using fakeauth as you are talking about sending auth requests, is that right?

yea I was using the -1 0 -a from aireplay-ng. I had 3 out of the 5 bars from the target AP, and it still failed. what could be the issue here? I thought it was the distance but I don't think so, soo what else can it be?

Link to comment
Share on other sites
nore Newbie

nore

Posted
  • Author
Posted (edited)

oh ok soo basically I use Macchanger to set a valid Mac address for the fake Auth atk. is that correct?

oh sorry about the double post... also technically speaking aireplay-ng should always work then right?

Edited by nore
Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted

oh ok soo basically I use Macchanger to set a valid Mac address for the fake Auth atk. is that correct?

oh sorry about the double post... also technically speaking aireplay-ng should always work then right?

Found this tutorial on MacAddressChanger, it should help you out a bit.

http://www.securitytube.net/Macchanger-video.aspx

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

If you look at the replay options you've got

-h smac : set Source MAC address

This is the MAC address you are sending the authentication from. This needs to be a MAC address that is allowed to talk to the AP.

Don't know if macchanger will work or if aireplay will override the MAC and put it back to the original.

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

If you can open airmon-ng to watch specific channels your AP is on, you will be able to see what Client MAC addresses are associated with what AP's. The top section shows the access points, but at the bottom you will see the associated nodes, if any, and the same MAC as the AP you want to access. If there are none, its kind of difficult to then fake a valid MAC address without knowing a valid one first.

You can however check captured packets from the access point, sometimes having an arp packet in there showing one of the desktop machines doing an arp and vice versa, where they say "who has x.x.x.x" address. Using wireshark while airmon is running will show you arp packets over the air but I'm not 100% sure you will see them on a WPA connected setup, as they will/should be encrypted.

Link to comment
Share on other sites
nore Newbie

nore

Posted
  • Author
Posted

ohhh ok I get what your saying. so basically look at connected Mac address's to see which ones are allowed, and then connect using one of the allowed Mac address's. also would I have to wait for them to get out, or using the fake auth atk with one of the connected mac address's work?

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

ohhh ok I get what your saying. so basically look at connected Mac address's to see which ones are allowed, and then connect using one of the allowed Mac address's. also would I have to wait for them to get out, or using the fake auth atk with one of the connected mac address's work?

Again, read up on Aircrack and the entire suite of tools, ask questions when you get stumped or need help understanding something. In the Aireplay tool there is a deauth setting, that will bounce the user off the router.

Whatever you do, don't be a dick about it. Attacking other peoples routers is against the law in nearly every part of the world and don't think you can't get caught because it goes both ways when doing these sorts of things.

If you have your own wireless router, then by all means, play all day long and learn all you can. Its great fun and will only help you build your skills. We enjoy discussions on hacking and try to keep an open dialog, but we don't condone abusing other peoples networks, machines, etc. We all started somewhere and all want to learn, and while we like to share what we know, use what you learn for a good purpose, and not to run around attacking other people's networks. Use at your own risk.

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted

ohhh ok I get what your saying. so basically look at connected Mac address's to see which ones are allowed, and then connect using one of the allowed Mac address's. also would I have to wait for them to get out, or using the fake auth atk with one of the connected mac address's work?

I hope you are not trying to break into someone else wireless. Just practice it with your own wireless rather than messing with other people's wireless.

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

I was also going to point out that if it were an AP you were allowed to connect to then you should know the MACs that are allowed. If you are on a legit pen-test then you need to learn your tools before selling it as a service.

Link to comment
Share on other sites
  • 5 weeks later...
digininja Grand Master

digininja

Posted
Posted

This will change the device to channel 1

sudo iwconfig mon0 channel 1

but I've seen this before with cards that are being used for other jobs at the same time, such as channel hopping in airodump and also some cards where the drivers don't work correctly and which means aireplay won't work for that card.

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted (edited)

Just set airodump-ng to a specific channel first with -c 1 where 1 is the channel you want.

ex: airomon-ng -w dump -c 1 mon0

Where dump is the pcap file to save to and 1 is the channel you want to monitor and mon0 is your wireless nic.

Then aireplay-ng should automatically use the same channel set by airomon-ng. Try not to use channel hopping in airomon-ng when capturing except for when doing initial scans to see what is out there. Then restart it on a specific channel once you see your router and what channel its on.

Edited by digip
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...