Comments on: Hacking WEP With Fake Authentication + Video

By: BluePlum

BluePlum — Fri, 05 Sep 2008 08:02:57 +0000

Hey were do i find the second MAC address thats required?

aireplay-ng –interactive -b 00:06:25:9A:50:C8 -h ———> 00:06:25:B3:D6:E2 <——— -x 512 ath0

By: tghazali

tghazali — Fri, 05 Sep 2008 00:15:24 +0000

Hello, I’d really appreciate if you helped me out here :)

I’m trying here to crack my home wireless network WEP key with no clients connected.

I start airodump-ng, beacons keep increasing, but as soon as I associate successfully with fakeauth attack, beacons stop. After a while networks disappear from airodump, and running it again shows no networks.

Any ideas??

By: Shawn

Shawn — Sat, 19 Jul 2008 03:48:55 +0000

I get this “Failed. Next try with 5000 IVs.” by the time I get to aircrack-ng. What is it and how do I go about it?
Thanks!

By: Anthony D.

Anthony D. — Mon, 19 May 2008 17:22:31 +0000

Yes, WEP can still be broken on an AP even if clients have never been or are currently not connected. See method #2 where I discuss fake authentication and de-authentication.

By: Gordon

Gordon — Mon, 12 May 2008 01:01:10 +0000

Hello

can wireless WEP still be hacked if there have never been clients connected?

By: peter

peter — Fri, 25 Apr 2008 21:56:46 +0000

Hi there,
i need your help becase i would understand a strange case:
0) AP seems to accepts any key of 10 legnth
1) I cracked a web key and i got the key (using air..mon..dump…reply..crack )
2) i tried dhcp and nothing
3) i fixed IP used by default by this vendor and mac 255.0.0.0 and nothing neither with 192.168.0.1
4) I made ping scanning for determining router IP and nothing. i did for all IP internal addresses and changing ip when needed!!!!

This is about a wireless named: WLAN_XX, Itried the same in 3 differents wlans WLAN_XX and the same result.

I have not yet tried to change the MAC, but theoretically if MAC filtering where active the AP should reject my packets

Does someone knows what’s going on?

Tnks

By: M4

M4 — Thu, 14 Feb 2008 13:58:00 +0000

Good job!
I’m confused with -h option. Is this my card mac address or any connected client mac address obtained with Kismet?

Other questions is about interactive attack in the fist method. Sould the packet contain the AP mac address as destination and the connected client (obtained with Kismet) as source?
Thanks.

By: john

john — Thu, 03 Jan 2008 10:56:07 +0000

best beginners tut i have seen so far the only thing i would suggest is the -z option as state above although in order to do so you must not include –ivs in the first step because the ptw method will not accept the .iv only .cap

By: CG

CG — Mon, 03 Dec 2007 13:32:35 +0000

using the aircrack -z option should increase the cracking time significantly, i talked about it here:

carnal0wna...ck-ng.html

By: monomena

monomena — Tue, 06 Nov 2007 19:41:47 +0000

i have a problem, when i try to authenticate, it starts but then it just stops, and says attack was unsuccessfull, posible reasons:
and it gives me some options but i check almost everyone so, i dont know what todo, sorry for the trouble but can someone help me?

By: Allan

Allan — Thu, 18 Oct 2007 05:44:40 +0000

Any hardware required? Cause I am using an IPW2200BG, can it be done?

By: Noob

Noob — Sun, 29 Jul 2007 00:57:47 +0000

I tried it and the authentication never went through for method 2…I’m recieving packets slow as a snail and at the rate I was going…it was gonna take me at least 4 days to collect 250 packets for 1 64 bit key

can someone give me some guidance?

By: dewa_eheem

dewa_eheem — Tue, 17 Jul 2007 18:09:05 +0000

how can we know the default Gateway????
should I Ask the administrator first????

if I was an admin, I wouldn’t set my IP with class C or without subnet

By: cam

cam — Sun, 17 Jun 2007 21:14:52 +0000

I cannot seem to be able to generate enough IVs. I am trying to crack a wep from an AP that recently had a client. I was able to gather a packet from the client before it went offline. I am sending the packet and in my airodump window I see the packet number going up but the data number is going up very very slowly. I have tried a fakeauth attack and it says sending authentication request about 5 or 6 times and comes back and says there is a problem. I have tried doing a arpreplay with aireplay and I can see the packets again going up, most of them are noted as being lost, and it says that I am receiving arp requests, yet again very slowly going up as well as the data. I have been doing this for over two hours, and I notice that in my aircrack window it says its tried over 2 million keys and has got like 11,000 IVs. Am i doing something wrong, or does the AP have a mac filter or blocking some other type of requests?

Thanks for the help
Cam

By: Alan

Alan — Tue, 22 May 2007 16:49:31 +0000

Worked for me w/my linksys WUSB54GC. I used method one, but couldn’t find an appropriate packet; method two worked in about ten whole minutes. Only oddity was that iwconfig wanted my adapter UP (not down) before it would put it into monitor mode. Seemed strange to me, but maybe this was because it had already associated itself with another network? Anyway, awesome, it works, etc.