So every once and awhile my room-mate and I like to have little contests. One of our favorites is a penetration contest on our home AP after the other makes some administration changes to the AP.
The only rule we have is:
It has to be breakable. IE: no turning off WPS etc.
Either way, this time I'm up. I've been beating my head against it for a few days now and can't seem to break-into whatever he changed.
Reaver will fail to associate with the AP 100% of the time. Good power rating, poor power rating, does not matter.
So the next thing I tried was to associate using aireplay-ng. However aireplay will just spam the following:
"Association Denied (Code 18)"
There is not a whole lot of info on the above code (Code 18) that google turned up, however after some more digging it seems to occur when the AP is broadcasting in a mode that the requesting station can't understand.
If I'm right about this, I would guess that he switched the wireless-mode to 802.11ac only. I might be way off with that hypothesis, so anyone can feel free to correct me, but from what I understand of the above error that seems to be a reasonable suspicion. Unfortunately, my wireless card is 802.11n (Qualcomm atheros AR9285 - ath9k driver) and therefore can't associate with a network that is sending only ac signal.
The only card I have that is 802.11ac compatible is the card in my other laptop, a 2015 Macbook Pro. A Broadcom BCM43xx card that as far as I am aware can't be configured for monitor mode/injection anyway. (?)
Desperately looking for some wisdom and advice here! Am I on the completely wrong track? Are there any (preferably inexpensive) 802.11ac cards that are compatible with aircrack/reaver? Is it possible to use my internal Broadcom card in my Macbook?
Cheers!
EDIT:
Doh - 802.11ac can only exist on the 5gz band. Which means no matter what is being broadcast on the 2,4ghz band I should be able to connect! Completely at a loss here. Is Mac Filtering a possible cause of this? I have been using airodump-ng to scan the target bssid for any stations but haven't had any turn up for me to spoof the MAC of.
EDIT 2:
Perhaps (?) the AP is broadcasting only 802.11n and is doing so over the 5gz band? But if that was the case, I don't think I'd see the router in airodump-ng (which I do).