WPA2 Aireplay Authentication?

[soxrok2212]

Hey guys.
I have a Western Digital test router set with WPA2 AES encryption. But, when I run aireplay-ng, I get this:

Code:

aireplay-ng -1 0 -a xx:xx:xx:xx:xx:CB -h xx:xx:xx:x:xx:ad mon0
21:22:04  Waiting for beacon frame (BSSID: 00:90:A9:10:B9:CB) on channel 6

21:22:05  Sending Authentication Request (Open System)

21:22:07  Sending Authentication Request (Open System) [ACK]
21:22:07  Authentication successful
21:22:07  Sending Association Request [ACK]
21:22:07  Association successful :-) (AID: 1)

And this is what I get from airodump just so I can prove its WPA2:

Code:

 CH  6 ][ Elapsed: 24 s ][ 2013-11-30 21:26                                    
                                                                               
 BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH E
                                                                               
 xx:xx:xx:xx:xx:CB  -36  97      150        7    0   6  54e. WPA2 CCMP   PSK  xxxxxxxx
                                                                               
 BSSID              STATION            PWR   Rate    Lost    Frames  Probe     
                                                                               
 xx:xx:xx:xx:xx:CB  xx:xx:xx:xx:xx:AD    0    0 - 1      0       12

So if I'm technically authenticated, does this mean I have access to the network? (theres no password transfer so idk...)

Thanks!

[shaberu]

The fake authentication attack allows you to perform the two types of WEP authentication (Open System and Shared Key) plus associate with the access point (AP). This is only useful when you need an associated MAC address in various aireplay-ng attacks and there is currently no associated client. It should be noted that the fake authentication attack does NOT generate any ARP packets. Fake authentication cannot be used to authenticate/associate with WPA/WPA2 Access Points.

[polyphemus]

Yea this is only for WEP attacks, but maybe can be used to beat MAC filters down the road (extremely miniscule probability though; assuming the network owner decides to apply a MAC filter after you are associated)

[soxrok2212]

Yeah I know it's only used for attacking WEP, but I set the encryption to WPA2 and was still able to associate?

-Thanks for the answers though!

[rastamouse]

There is an association request/response phase for WPA before the actual 4-way handshake takes place. Without actually trying this and analysing the packets I cannot say for certain, but it's not beyond the realms of possibility that this is what aireplay-ng is doing.

[mmusket33]

May we suggest that you cross reference your question in the aircrack-ng forums as well. For example the aireplay-ng -1 association is used in the preliminary stages of a aireplay-ng -8 attack migration mode attack which is technically a WPA attack. Furthermore, the responses you get to an aireplay-ng -1 when associating to a WPA encrypted router depend on which WPA type is being used. In the WPA TKIP and WPA2-TKIP you are told the router is WPA and no association is allowed. However if it is WPA-CCMP, association is possible.

[OsBinHD]

May we suggest that you cross reference your question in the aircrack-ng forums as well. For example the aireplay-ng -1 association is used in the preliminary stages of a aireplay-ng -8 attack migration mode attack which is technically a WPA attack. Furthermore, the responses you get to an aireplay-ng -1 when associating to a WPA encrypted router depend on which WPA type is being used. In the WPA TKIP and WPA2-TKIP you are told the router is WPA and no association is allowed. However if it is WPA-CCMP, association is possible.

so if i got

WPA2-CCMP thats is to no possible