qriocity Posted April 1, 2012 Share Posted April 1, 2012 To give some background I have successfully crack WEP Open, WPA, and WPS but I seem to be a noob when it comes to WEP SKA. The problem I am encountering is when I capture the auth packet. In airpodump-ng once the client authenticates I receive: Broken SKA instead of handshake Captured. I looked it up some and it said to prevent broken ska packages to spoof the client mac address. I have done that and am still receiving broken ska. I'm including output from airodump-ng and ifconfig. airodump-ng -c 1 --bssid 00:21:2F:39:C4:0C -w keyfile mon0: <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE detection-run SYSTEM "http://kismetwireless.net/kismet-3.1.0.dtd"> <detection-run kismet-version="airodump-ng-1.0" start-time="Sun Apr 1 18:48:38 2012"> <wireless-network number="1" type="infrastructure" first-time="Sun Apr 1 18:48:38 2012" last-time="Sun Apr 1 18:53:17 2012"> <SSID first-time="Sun Apr 1 18:48:38 2012" last-time="Sun Apr 1 18:53:17 2012"> <type>Beacon</type> <max-rate>54.000000</max-rate> <packets>2498</packets> <beaconrate>10</beaconrate> <encryption>WEP </encryption> <essid cloaked="false">airlink101</essid> </SSID> <BSSID>00:21:2F:39:C4:0C</BSSID> <manuf>Phoebe Micro Inc.</manuf> <channel>1</channel> <freqmhz>2412 6034</freqmhz> <maxseenrate>54000</maxseenrate> <packets> <LLC>2498</LLC> <data>760</data> <crypt>0</crypt> <total>6034</total> <fragments>0</fragments> <retries>0</retries> </packets> <datasize>0</datasize> <wireless-client number="1" type="established" first-time="Sun Apr 1 18:48:42 2012" last-time="Sun Apr 1 18:53:11 2012"> <client-mac>E0:B9:BA:5B:44:E0</client-mac> <client-manuf>Apple, Inc.</client-manuf> <channel>1</channel> <maxseenrate>54.000000</maxseenrate> <packets> <LLC>0</LLC> <data>0</data> <crypt>0</crypt> <total>821</total> <fragments>0</fragments> <retries>0</retries> </packets> <snr-info> <last_signal_dbm>-23</last_signal_dbm> <last_noise_dbm>0</last_noise_dbm> <last_signal_rssi>-23</last_signal_rssi> <last_noise_rssi>0</last_noise_rssi> <min_signal_dbm>-23</min_signal_dbm> <min_noise_dbm>0</min_noise_dbm> <min_signal_rssi>1024</min_signal_rssi> <min_noise_rssi>1024</min_noise_rssi> <max_signal_dbm>-23</max_signal_dbm> <max_noise_dbm>0</max_noise_dbm> <max_signal_rssi>-23</max_signal_rssi> <max_noise_rssi>0</max_noise_rssi> </snr-info> <cdp-device></cdp-device> <cdp-portid></cdp-portid> </wireless-client> <snr-info> <last_signal_dbm>-3</last_signal_dbm> <last_noise_dbm>0</last_noise_dbm> <last_signal_rssi>-3</last_signal_rssi> <last_noise_rssi>0</last_noise_rssi> <min_signal_dbm>-3</min_signal_dbm> <min_noise_dbm>0</min_noise_dbm> <min_signal_rssi>1024</min_signal_rssi> <min_noise_rssi>1024</min_noise_rssi> <max_signal_dbm>-3</max_signal_dbm> <max_noise_dbm>0</max_noise_dbm> <max_signal_rssi>-3</max_signal_rssi> <max_noise_rssi>0</max_noise_rssi> </snr-info> <bsstimestamp>0</bsstimestamp> <cdp-device></cdp-device> <cdp-portid></cdp-portid> </wireless-network> </detection-run> ifconfig mon0: mon0 Link encap:UNSPEC HWaddr E0-B9-BA-5B-44-E0-00-00-00-00-00-00-00-00-00-00 UP BROADCAST NOTRAILERS RUNNING PROMISC ALLMULTI MTU:1500 Metric:1 RX packets:294562 errors:0 dropped:23075 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:18673664 (18.6 MB) TX bytes:0 (0.0 B) Any help would be greatly appreciated! Thanks PS One thing I have just noticed is that I neglected to run the arp replay attack before de-authing the client. Would not performing the arp replay first affect my ability to capture the handshake? Any input is greatly appreciated! Quote Link to comment Share on other sites More sharing options...
digip Posted April 2, 2012 Share Posted April 2, 2012 I've cracked WEP before, but never personally came across SKA with wep before. This link might help though youtube.com/watch?v=KvyRR2NLoGs Don't have any idea how safe the PDF is linked with the video, so read at your own peril. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted April 2, 2012 Share Posted April 2, 2012 I never heard of WEP-SKA before, unless its a new security implementation to bring the old WEP back to life. I found this youtube video, that might be helpful http://www.youtube.com/watch?v=KvyRR2NLoGs Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.