Jump to content

Wep Ska Help :)


qriocity
 Share

Recommended Posts

To give some background I have successfully crack WEP Open, WPA, and WPS but I seem to be a noob when it comes to WEP SKA.

The problem I am encountering is when I capture the auth packet.

In airpodump-ng once the client authenticates I receive: Broken SKA instead of handshake Captured.

I looked it up some and it said to prevent broken ska packages to spoof the client mac address.

I have done that and am still receiving broken ska. I'm including output from airodump-ng and ifconfig.

airodump-ng -c 1 --bssid 00:21:2F:39:C4:0C -w keyfile mon0:

<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE detection-run SYSTEM "http://kismetwireless.net/kismet-3.1.0.dtd">

<detection-run kismet-version="airodump-ng-1.0" start-time="Sun Apr 1 18:48:38 2012">

<wireless-network number="1" type="infrastructure" first-time="Sun Apr 1 18:48:38 2012" last-time="Sun Apr 1 18:53:17 2012">

<SSID first-time="Sun Apr 1 18:48:38 2012" last-time="Sun Apr 1 18:53:17 2012">

<type>Beacon</type>

<max-rate>54.000000</max-rate>

<packets>2498</packets>

<beaconrate>10</beaconrate>

<encryption>WEP </encryption>

<essid cloaked="false">airlink101</essid>

</SSID>

<BSSID>00:21:2F:39:C4:0C</BSSID>

<manuf>Phoebe Micro Inc.</manuf>

<channel>1</channel>

<freqmhz>2412 6034</freqmhz>

<maxseenrate>54000</maxseenrate>

<packets>

<LLC>2498</LLC>

<data>760</data>

<crypt>0</crypt>

<total>6034</total>

<fragments>0</fragments>

<retries>0</retries>

</packets>

<datasize>0</datasize>

<wireless-client number="1" type="established" first-time="Sun Apr 1 18:48:42 2012" last-time="Sun Apr 1 18:53:11 2012">

<client-mac>E0:B9:BA:5B:44:E0</client-mac>

<client-manuf>Apple, Inc.</client-manuf>

<channel>1</channel>

<maxseenrate>54.000000</maxseenrate>

<packets>

<LLC>0</LLC>

<data>0</data>

<crypt>0</crypt>

<total>821</total>

<fragments>0</fragments>

<retries>0</retries>

</packets>

<snr-info>

<last_signal_dbm>-23</last_signal_dbm>

<last_noise_dbm>0</last_noise_dbm>

<last_signal_rssi>-23</last_signal_rssi>

<last_noise_rssi>0</last_noise_rssi>

<min_signal_dbm>-23</min_signal_dbm>

<min_noise_dbm>0</min_noise_dbm>

<min_signal_rssi>1024</min_signal_rssi>

<min_noise_rssi>1024</min_noise_rssi>

<max_signal_dbm>-23</max_signal_dbm>

<max_noise_dbm>0</max_noise_dbm>

<max_signal_rssi>-23</max_signal_rssi>

<max_noise_rssi>0</max_noise_rssi>

</snr-info>

<cdp-device></cdp-device>

<cdp-portid></cdp-portid>

</wireless-client>

<snr-info>

<last_signal_dbm>-3</last_signal_dbm>

<last_noise_dbm>0</last_noise_dbm>

<last_signal_rssi>-3</last_signal_rssi>

<last_noise_rssi>0</last_noise_rssi>

<min_signal_dbm>-3</min_signal_dbm>

<min_noise_dbm>0</min_noise_dbm>

<min_signal_rssi>1024</min_signal_rssi>

<min_noise_rssi>1024</min_noise_rssi>

<max_signal_dbm>-3</max_signal_dbm>

<max_noise_dbm>0</max_noise_dbm>

<max_signal_rssi>-3</max_signal_rssi>

<max_noise_rssi>0</max_noise_rssi>

</snr-info>

<bsstimestamp>0</bsstimestamp>

<cdp-device></cdp-device>

<cdp-portid></cdp-portid>

</wireless-network>

</detection-run>

ifconfig mon0:

mon0 Link encap:UNSPEC HWaddr E0-B9-BA-5B-44-E0-00-00-00-00-00-00-00-00-00-00

UP BROADCAST NOTRAILERS RUNNING PROMISC ALLMULTI MTU:1500 Metric:1

RX packets:294562 errors:0 dropped:23075 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:18673664 (18.6 MB) TX bytes:0 (0.0 B)

Any help would be greatly appreciated!

Thanks

PS

One thing I have just noticed is that I neglected to run the arp replay attack before de-authing the client.

Would not performing the arp replay first affect my ability to capture the handshake?

Any input is greatly appreciated!

Link to comment
Share on other sites

I've cracked WEP before, but never personally came across SKA with wep before. This link might help though

youtube.com/watch?v=KvyRR2NLoGs

Don't have any idea how safe the PDF is linked with the video, so read at your own peril.

Link to comment
Share on other sites

I never heard of WEP-SKA before, unless its a new security implementation to bring the old WEP back to life.

I found this youtube video, that might be helpful

http://www.youtube.com/watch?v=KvyRR2NLoGs

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...