2
I'm pretty new to penetration testing and I'm trying to learn how to correctly use airodump-ng with aireplay-ng to break through wep encryption on my AP.
I have managed to get the password with clients attached to the AP by reinjecting ARP packets to collect IVs. I read an article on aircrack-ng.org about how to crack WEP with no wireless clients but it doesn't seem to work for me. I have tried to listen for any packets to reinject, but with no clients connected the AP seems to be silent. Is there any way to force the AP to send a packet without connecting a client to the network or is there any other way to break through the encryption?
I have also noted that some networks that are listed with airodump-ng is reported with signal strength -1. I assume this means that it is too far away. Am I correct in my assumption?
I am using the aircrack-ng suite on Arch Linux and the essid is broadcasted.
Commands I'm using:
airomon-ng start [wlan interface]
airodump-ng -w outputfile -c [channel] --bssid [mac_of_ap] [monitor interface]
Fake auth: aireplay-ng -1 0 -a [BSSID of AP] -h [Mac of wireless card]
or to continuously reassociate with AP:
aireplay-ng -1 6000 -o 1 -q 10 -e [Essid] -a [mac_of_ap] -h [Mac of wireless card] [monitor interface]
This command was supposed to take the first packet the AP sends and then reinject it: aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b [BSSID of AP] -h [Mac of WIC] mon0
Can you post the exact command that you are trying to run? – tlng05 – 2015-05-04T01:16:27.750