Jump to content

Old School Wep Hacking...

barry

By barry
in Security

 Share

Recommended Posts

barry Newbie

barry

Posted
Posted

Hi Guys,

Olddddd, ancient question ;)

A couple of days ago a less techy friend asked if I would show him how to hack WEP.

Obviously I obliged.

Interestingly though I found something I have never found before...

When I fired up aireplay-ng, after about 200 data packets were generated I was de-authed.

If I immediately try to re-auth, I am denied.

If I leave it a short while I am allowed to re-auth but once I fire up aireplay-ng again I am de-authed.

Any ideas?

Is the AP defending itself you think?

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted (edited)

First off, when cracking WEP, you don't have to be authenticated to the AP. All you have to do is capture enough IVs, before attempting to crack the WEP key.

In order to crack the WEP key more efficiently and fast, you can use aireplay-ng to generate traffic.

Edited by Infiltrator
Link to comment
Share on other sites
barry Newbie

barry

Posted
  • Author
Posted (edited)

Thanks for the reply.

I believe I need to be authenticated so the aireplay-ng ARP replay attack will work.

aireplay-ng -1 0 -a [bssid] -h [MAC ] -e [essid] mon0

The moment it bumps me off the aireplay attack stops working so I get about 200.

aireplay-ng -3 -b [bssid] -h [MAC] mon0

I just tried it on a different older AP I had in my loft and didnt have the de-auth problem.

Just wondered if anyone could shed some light on it?

Edited by barry
Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted (edited)

Thanks for the reply.

I believe I need to be authenticated so the aireplay-ng ARP replay attack will work.

aireplay-ng -1 0 -a [bssid] -h [MAC ] -e [essid] mon0

The moment it bumps me off the aireplay attack stops working so I get about 200.

aireplay-ng -3 -b [bssid] -h [MAC] mon0

I just tried it on a different older AP I had in my loft and didnt have the de-auth problem.

Just wondered if anyone could shed some light on it?

In some cases, if the attack fails, is because the AP has MAC filtering enabled. As stated, in the aircrack-ng website. A way to bypass this restriction is to spoof your MAC address.

http://www.aircrack-ng.org/doku.php?id=arp-request_reinjection

Edited by Infiltrator
Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

What is the router in question you are trying to attack though? Its possible it has IDS or other such protection mechanisms, or, you are just too far from the device. Try sending with your card set to slower speeds, such as 1MB vs say 54MB. I have to do this with my one Linksys card to have it work for me on some routers.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...