0

I was testing WEP password cracking on my router. I had set a thirteen character password ("TESTING123456") and tried these commands:

airmon-ng start wlan0

Then I started airodump-ng using this command:

airodump-ng mon0

After this I performed "fake authentication" using:

aireplay-ng -1 3 –a 98:fc:11:c9:14:22 mon0

Then I executed these commands:

airodump-ng mon0 --bssid 98:fc:11:c9:14:22 --channel 6 --write RHAWEP

aireplay-ng -3 –b 98:fc:11:c9:14:22 –h 00:c0:ca:50:f8:32 mon0

The problem is that the IV (Initialization vectors) are coming very slowly. I have collected 428000 beacon packets and only received 27000 IVs. I saw some tutorials where the ratio of beacon packet vs IV was about 2:1.

So is there any other way to grab IVs faster ? Any suggestion will be highly appreciated.

EDIT:----

Is there any other method to crack a WEP password? If there are, please suggest some other methods.

S.L. Barth
  • 5,486
  • 8
  • 38
  • 47
Snake Eyes
  • 491
  • 4
  • 11
  • Not all wireless adapters support injection; use this test to make sure yours does: http://www.aircrack-ng.org/doku.php?id=injection_test&DokuWiki=7a9c7f1d9e6c48b9f2d175e52de665f8 – tlng05 Jul 01 '15 at 11:08

2 Answers2

2

I do not know of any other methods to crack WEP as this is probably the fastest way and a technique you can be sure will end up giving you the key.

That said, you may want to check that command 

aireplay-ng -3 –b 98:fc:11:c9:14:22 –h 00:c0:ca:50:f8:32 mon0

The second mac in there is supposed to belong to a client already authenticated on the AP when you start the capture, this should not be any random one.

Other than that, as said in the comments, only thing I can see is your wireless card is badly configured, you have the wrong drivers, or it is simply not supported (which the card you seem to have should be).

If everything goes right you should get IV's very quick. With a bad wireless card i manage to get approximatively 10K each 3-5 minutes

RedPanda
  • 41
  • 2
1

This is quite an old thread but I feel still relevant especially for new comers like myself who are starting out learning to crack WEP.

I have exactly the same problem and I am using a similar wifi card (AWUS036NHA). Until I get another manufacturer such as Panda I won't know if this is a problem with the ALFA cards.

NB: If the target AP has a an active client communicating, I don't have any issue but if the target AP is quite and I need to do packet injection to generate IV's, I have the issue.

When running arpreplay I would get some ACK's but 0 ARP requests and 0 packets sent.

aireplay-ng -3 -b [BSSID-MAC] -h [CARD-MAC] wlan0mon

arreplay issue

I found running a deauth on my card while running arpreplay triggered the arpreplay attack to start sending packets. 

aireplay-ng -0 5 -a <BSSID-MAC> -c <CARD-MAC> wlan0mon

arreplay issue resolved .

Samuel Meddows
  • 111
  • 3
  • This is a comment, not an answer. You don't answer OP's question and just state that you have the same problem, and then give details about that problem. – forest Aug 03 '19 at 07:44
  • 1
    If you read my response properly I gave a solution using a deauth to trigger IV’s to be generated. I shall update to remove my further issue. – Samuel Meddows Aug 03 '19 at 07:47