Results 1 to 7 of 7

Thread: WPA2 Aireplay Authentication?

  1. #1
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520

    WPA2 Aireplay Authentication?

    Hey guys.
    I have a Western Digital test router set with WPA2 AES encryption. But, when I run aireplay-ng, I get this:

    Code:
    aireplay-ng -1 0 -a xx:xx:xx:xx:xx:CB -h xx:xx:xx:x:xx:ad mon0
    21:22:04  Waiting for beacon frame (BSSID: 00:90:A9:10:B9:CB) on channel 6
    
    21:22:05  Sending Authentication Request (Open System)
    
    21:22:07  Sending Authentication Request (Open System) [ACK]
    21:22:07  Authentication successful
    21:22:07  Sending Association Request [ACK]
    21:22:07  Association successful :-) (AID: 1)
    And this is what I get from airodump just so I can prove its WPA2:

    Code:
     CH  6 ][ Elapsed: 24 s ][ 2013-11-30 21:26                                    
                                                                                   
     BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH E
                                                                                   
     xx:xx:xx:xx:xx:CB  -36  97      150        7    0   6  54e. WPA2 CCMP   PSK  xxxxxxxx
                                                                                   
     BSSID              STATION            PWR   Rate    Lost    Frames  Probe     
                                                                                   
     xx:xx:xx:xx:xx:CB  xx:xx:xx:xx:xx:AD    0    0 - 1      0       12
    So if I'm technically authenticated, does this mean I have access to the network? (theres no password transfer so idk...)

    Thanks!

  2. #2
    Join Date
    2013-Mar
    Location
    West Virginia
    Posts
    98
    The fake authentication attack allows you to perform the two types of WEP authentication (Open System and Shared Key) plus associate with the access point (AP). This is only useful when you need an associated MAC address in various aireplay-ng attacks and there is currently no associated client. It should be noted that the fake authentication attack does NOT generate any ARP packets. Fake authentication cannot be used to authenticate/associate with WPA/WPA2 Access Points.
    Smile while you can for in the future there my be nothing to smile about.
    申し訳ありませんが、これは翻訳することができませんでした。

  3. #3
    Join Date
    2013-Nov
    Posts
    24
    Yea this is only for WEP attacks, but maybe can be used to beat MAC filters down the road (extremely miniscule probability though; assuming the network owner decides to apply a MAC filter after you are associated)

  4. #4
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Yeah I know it's only used for attacking WEP, but I set the encryption to WPA2 and was still able to associate?

    -Thanks for the answers though!

  5. #5
    Join Date
    2013-Mar
    Location
    http://rastamouse.me
    Posts
    86
    There is an association request/response phase for WPA before the actual 4-way handshake takes place. Without actually trying this and analysing the packets I cannot say for certain, but it's not beyond the realms of possibility that this is what aireplay-ng is doing.

  6. #6
    Join Date
    2013-Jul
    Posts
    841
    May we suggest that you cross reference your question in the aircrack-ng forums as well. For example the aireplay-ng -1 association is used in the preliminary stages of a aireplay-ng -8 attack migration mode attack which is technically a WPA attack. Furthermore, the responses you get to an aireplay-ng -1 when associating to a WPA encrypted router depend on which WPA type is being used. In the WPA TKIP and WPA2-TKIP you are told the router is WPA and no association is allowed. However if it is WPA-CCMP, association is possible.

  7. #7
    Join Date
    2013-Aug
    Posts
    19
    Quote Originally Posted by mmusket33 View Post
    May we suggest that you cross reference your question in the aircrack-ng forums as well. For example the aireplay-ng -1 association is used in the preliminary stages of a aireplay-ng -8 attack migration mode attack which is technically a WPA attack. Furthermore, the responses you get to an aireplay-ng -1 when associating to a WPA encrypted router depend on which WPA type is being used. In the WPA TKIP and WPA2-TKIP you are told the router is WPA and no association is allowed. However if it is WPA-CCMP, association is possible.
    so if i got

    WPA2-CCMP thats is to no possible
    Last edited by OsBinHD; 2014-03-24 at 15:06.

Similar Threads

  1. Replies: 1
    Last Post: 2017-10-13, 23:23
  2. Replies: 1
    Last Post: 2017-09-09, 12:48
  3. Authentication faliure
    By noseeum2 in forum TroubleShooting Archive
    Replies: 5
    Last Post: 2014-02-22, 16:49

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •