3

I have successfully being able to perform WEP key cracking attack using aircrack tool. I want to allow my students to test this in a lab environment. They will be working fro their own laptops against the lab Access Point. I have tried to perform the attack simultaneously to make sure this is not an issue that will make the lab fail, in the first test, I used two laptops concurrently performing the commands needed to perform the attack. The problem was that the two laptops' wireless cards failed to make a faked authentication. When I entered the command:

aireplay-ng -1 0 -a [MAC of AP] -h [MAC of wireless card] mon0

I get the result as:

enter image description here

While, in the successful association, I should see: enter image description here

Without seeing the line: Association successful, as in fig. 2, the experiment fail (I can not crack the password).

However, in another test, using the same two laptops concurrently, performing the commands, I could successfully do the faked authentication and associated the two wireless cards and the attack succeed.

I need to make sure that the attack must work successfully even I have several laptops each with its own wireless card trying to crack a single AP ??

Technically, is there any problem if several PCs are trying to be associated to the AP using the previous commands to do faked authentication?

What was the problem in the first test that caused the cards not being able to be associated to the AP?

UPDATE: It sounds that for unknown reasons to me some times one or both of the wireless cards works in a channel different than the AP channel that's why the fake authentication does not happen. How can I reset the card channel? It is Alpha AWUS036H.

user2192774
  • 295
  • 4
  • 8
  • So, to be clear, you did the exact same thing (same laptops, same network, etc) several times, and it only worked some of the time? Was ANYTHING different? – KnightOfNi May 08 '14 at 23:37
  • Nothing was different. But I realized the faked authentication is the stage that is unreliable in this experiment. If repeated, it may work. Some times the whole experiment work and the faked authentication work, some times it does not. – user2192774 May 09 '14 at 15:12

1 Answers1

2

There are two stages in the classic WEP attacks:

Stage 1: gathering packets. Traditionally, this is done by fake-authenticating with the target AP and then re-injecting ARP packets to get the AP to send packets quickly, but it can be done completely passively instead. Trying to do this on multiple laptops at once can actually slow things down, as they interfere with each other's re-injections or the AP's transmissions.

Stage 2: analysis. The captured packets are statistically analyzed to figure out the most likely value for the WEP key. Since this is completely client-side, the computers can't interfere with each other.

In a classroom setting, I'd pick one student to perform the re-injection part of the attack, and have the rest of the students put their laptops into passive packet-gathering mode.

Mark
  • 34,390
  • 9
  • 85
  • 134