barry Posted September 24, 2012 Share Posted September 24, 2012 Hi Guys, Olddddd, ancient question ;) A couple of days ago a less techy friend asked if I would show him how to hack WEP. Obviously I obliged. Interestingly though I found something I have never found before... When I fired up aireplay-ng, after about 200 data packets were generated I was de-authed. If I immediately try to re-auth, I am denied. If I leave it a short while I am allowed to re-auth but once I fire up aireplay-ng again I am de-authed. Any ideas? Is the AP defending itself you think? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted September 25, 2012 Share Posted September 25, 2012 (edited) First off, when cracking WEP, you don't have to be authenticated to the AP. All you have to do is capture enough IVs, before attempting to crack the WEP key. In order to crack the WEP key more efficiently and fast, you can use aireplay-ng to generate traffic. Edited September 25, 2012 by Infiltrator Quote Link to comment Share on other sites More sharing options...
barry Posted September 26, 2012 Author Share Posted September 26, 2012 (edited) Thanks for the reply. I believe I need to be authenticated so the aireplay-ng ARP replay attack will work. aireplay-ng -1 0 -a [bssid] -h [MAC ] -e [essid] mon0 The moment it bumps me off the aireplay attack stops working so I get about 200. aireplay-ng -3 -b [bssid] -h [MAC] mon0 I just tried it on a different older AP I had in my loft and didnt have the de-auth problem. Just wondered if anyone could shed some light on it? Edited September 26, 2012 by barry Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted September 26, 2012 Share Posted September 26, 2012 (edited) Thanks for the reply. I believe I need to be authenticated so the aireplay-ng ARP replay attack will work. aireplay-ng -1 0 -a [bssid] -h [MAC ] -e [essid] mon0 The moment it bumps me off the aireplay attack stops working so I get about 200. aireplay-ng -3 -b [bssid] -h [MAC] mon0 I just tried it on a different older AP I had in my loft and didnt have the de-auth problem. Just wondered if anyone could shed some light on it? In some cases, if the attack fails, is because the AP has MAC filtering enabled. As stated, in the aircrack-ng website. A way to bypass this restriction is to spoof your MAC address. http://www.aircrack-ng.org/doku.php?id=arp-request_reinjection Edited September 26, 2012 by Infiltrator Quote Link to comment Share on other sites More sharing options...
digip Posted September 26, 2012 Share Posted September 26, 2012 What is the router in question you are trying to attack though? Its possible it has IDS or other such protection mechanisms, or, you are just too far from the device. Try sending with your card set to slower speeds, such as 1MB vs say 54MB. I have to do this with my one Linksys card to have it work for me on some routers. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.