Differences

This shows you the differences between two versions of the page.

--- how_to_crack_wep_with_no_clients [2008/06/29 21:22] – typo mister_x
+++ how_to_crack_wep_with_no_clients [2009/08/14 19:23] – use dokuwiki internal link mister_x
@@ Line 5: / Line 5: @@
 ===== Introduction =====
-There are many times when a wireless network has no wireless clients associated with it and there are no ARP requests coming from the wired side.  This tutorial describes how to crack the WEP key when there are no wireless clients and there are no ARP requests coming from the wired side.  Although this topic has been discussed many times over in the [[http://forum.tinyshell.be/|Forum]], this tutorial is intended to address the topic in more detail and provide working examples.
+There are many times when a wireless network has no wireless clients associated with it and there are no ARP requests coming from the wired side.  This tutorial describes how to crack the WEP key when there are no wireless clients and there are no ARP requests coming from the wired side.  Although this topic has been discussed many times over in the [[http://forum.aircrack-ng.org|Forum]], this tutorial is intended to address the topic in more detail and provide working examples.
 If there ARP requests being broadcast from the wire side, then the standard [[fake authentication]] combined with [[arp-request_reinjection|ARP request replay technique]] may be used.
@@ Line 61: / Line 61: @@
 To be honest, we will not be changing the wireless card MAC address.
-This is a reminder to use your wireless card MAC address as the source MAC.  I mention this explicitly as a reminder to use the actual MAC address from your card in "Step 3 - fake authentication" if you are replaying data from another session.  Detailed instructions can be found in the FAQ: [[http://aircrack-ng.org/doku.php?id=faq&DokuWiki=7bdcc4f1dd827e3aabb3bbf0a2f93c21#how_do_i_change_my_card_s_mac_address|How do I change my card's MAC address ?]].
+This is a reminder to use your wireless card MAC address as the source MAC.  I mention this explicitly as a reminder to use the actual MAC address from your card in "Step 3 - fake authentication" if you are replaying data from another session.  Detailed instructions can be found in the FAQ: [[faq#how_do_i_change_my_card_s_mac_address|How do I change my card's MAC address ?]].
 ==== Step 2 - Start the wireless interface in monitor mode on AP channel ====
@@ Line 69: / Line 70: @@
    airmon-ng start wifi0 9
-Note: In this command we use "wifi0" instead of our wireless interface of "ath0".  This is because the madwifi-ng drivers are being used.
+Note: In this command we use "wifi0" instead of our wireless interface of "ath0".  This is because the madwifi-ng drivers are being used. For other drivers, use the actual interface name.
 The system will respond:
@@ Line 100: / Line 101: @@
              Tx excessive retries:0  Invalid misc:0   Missed beacon:0
-In the response above, you can see that ath0 is in monitor mode, on the 2.452GHz frequency which is channel 9 and the Access Point shows the MAC address of your wireless card.  So everything is good.   It is important to confirm all this information prior to proceeding, otherwise the following steps will not work properly.
+In the response above, you can see that ath0 is in monitor mode, on the 2.452GHz frequency which is channel 9 and the Access Point shows the MAC address of your wireless card.  So everything is good.   It is important to confirm all this information prior to proceeding, otherwise the following steps will not work properly. (Note: If you are using a driver other than madwifi, then the Access Point field will be either invisible or show something other than your card's MAC address. This is normal.)
 To match the frequency to the channel, check out:
@@ Line 107: / Line 108: @@
 === Troubleshooting Tips ===
-  *If another interface started other then ath0 then stop all of them first by using "airmon-ng stop athX" where X is each interface you want to stop.
+  *If another interface started other than ath0 then stop all of them first by using "airmon-ng stop athX" where X is each interface you want to stop.
+  *On mac80211-based drivers, airmon-ng will respond with something like this:
+   Interface       Chipset         Driver
+   wlan0           Broadcom 43xx   b43 - [phy0]
+                                   (monitor mode enabled on mon0)
+For such interfaces, use the interface name after "monitor mode enabled on" (here "mon0") for further commands, rather than your card's actual interface.
 ==== Step 3 - Use aireplay-ng to do a fake authentication with the access point ====
@@ Line 484: / Line 492: @@
   *Sometimes you need to try various techniques to crack the WEP key.  Try "-n" to set various key lengths.  Use "-f" and try various fudge factors.  Use "-k" and try disabling various korek methods.
 ===== Alternate Solution =====
@@ Line 500: / Line 509: @@
   *-2 means use interactive frame selection
   *-p 0841 sets the Frame Control Field such that the packet looks like it is being sent from a wireless client.
-  *c FF:FF:FF:FF:FF:FF sets the destination MAC address to be a broadcast. This is required to cause the AP to replay the packet and thus getting the new IV.
+  *-c FF:FF:FF:FF:FF:FF sets the destination MAC address to be a broadcast. This is required to cause the AP to replay the packet and thus getting the new IV.
   *-b 00:14:6C:7E:40:80 is the access point MAC address
   *-h 00:09:5B:EC:EE:F2 is the MAC address of our card and must match the MAC used in the fake authentication
@@ Line 545: / Line 554: @@
 The base tutorial assumes you are using the native MAC address of your wireless device as the source MAC.  If this is not the case, then you need to change the process used.  Since this is an advanced topic, I will provide the general guidelines and not the specific detail.
-Preferably, you should change the native MAC address of your wireless device to the MAC you will be spoofing.  This could the MAC of a client already associated with the AP or one that you make up.  See [[http://aircrack-ng.org/doku.php?id=faq#how_do_i_change_my_card_s_mac_address|this FAQ entry]] regarding how to change the MAC address of your card.
+Preferably, you should change the native MAC address of your wireless device to the MAC you will be spoofing.  This could the MAC of a client already associated with the AP or one that you make up.  See [[faq#how_do_i_change_my_card_s_mac_address|this FAQ entry]] regarding how to change the MAC address of your card.