fake_authentication
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
fake_authentication [2007/03/10 17:25] – added more detail and shared key details darkaudax | fake_authentication [2010/03/14 23:12] – addresss should be address mister_x | ||
---|---|---|---|
Line 4: | Line 4: | ||
===== Description ===== | ===== Description ===== | ||
- | The fake authentication attack allows you to perform the two types of WEP authentication (Open System and Shared Key) plus associate with the access point (AP). This is useful is only useful when you need an associated MAC address in various [[aireplay-ng]] attacks and there is currently no associated client. | + | The fake authentication attack allows you to perform the two types of WEP authentication (Open System and Shared Key) plus associate with the access point (AP). This is useful is only useful when you need an associated MAC address in various [[aireplay-ng]] attacks and there is currently no associated client. |
===== Usage ===== | ===== Usage ===== | ||
Line 15: | Line 15: | ||
*-e teddy is the wireless network name | *-e teddy is the wireless network name | ||
*-a 00: | *-a 00: | ||
- | *-h 00: | + | *-h 00: |
*-y sharedkeyxor is the name of file containing the PRGA xor bits. This is only used for shared key authentication. | *-y sharedkeyxor is the name of file containing the PRGA xor bits. This is only used for shared key authentication. | ||
*ath0 is the wireless interface name | *ath0 is the wireless interface name | ||
Line 43: | Line 43: | ||
*-e teddy is the wireless network name | *-e teddy is the wireless network name | ||
*-a 00: | *-a 00: | ||
- | *-h 00: | + | *-h 00: |
*ath0 is the wireless interface name | *ath0 is the wireless interface name | ||
Line 70: | Line 70: | ||
# and so on. | # and so on. | ||
- | Here is an example of a shared key authentication. | + | Here is an example of a shared key authentication. |
| | ||
Line 95: | Line 95: | ||
===== Usage Tips ===== | ===== Usage Tips ===== | ||
- | |||
- | |||
==== Setting MAC address ==== | ==== Setting MAC address ==== | ||
- | It is good practice to set your card's MAC address to the one you specify via the " | + | It is good practice to set your card's MAC address to the one you specify via the " |
- | Detailed instructions on changing the card MAC address can be found in the FAQ: [[http:// | + | Detailed instructions on changing the card MAC address can be found in the FAQ: [[faq# |
- | Troubleshooting Tip: A normal MAC address looks like this: 00: | + | Troubleshooting Tip: A normal MAC address looks like this: 00: |
==== Injecting in Managed Mode ==== | ==== Injecting in Managed Mode ==== | ||
Line 122: | Line 120: | ||
aireplay-ng -4 -h 00: | aireplay-ng -4 -h 00: | ||
+ | |||
==== Examples of successful authentications ==== | ==== Examples of successful authentications ==== | ||
Line 130: | Line 129: | ||
* [[http:// | * [[http:// | ||
- | * [[http:// | + | * [[http:// |
Line 179: | Line 178: | ||
| | ||
- | See the [[http:// | + | See the [[shared_key|How to do shared key fake authentication]] tutorial. |
- | ==== Other problems and solutions ==== | ||
- | If fake authentication is never successful (aireplay-ng keeps sending authentication requests) then MAC address filtering may be in place. | + | ==== MAC access controls enabled on the AP ==== |
+ | |||
+ | If fake authentication is never successful (aireplay-ng keeps sending authentication requests) then MAC address filtering may be in place. | ||
+ | |||
+ | |||
+ | ==== Waiting for beacon frame ==== | ||
+ | When you enter the command, the system freezes or a line is printed with " | ||
+ | |||
+ | There are many possible root causes of this problem: | ||
+ | |||
+ | * The wireless card is set to a channel which is different then the AP. Solution: Use iwconfig and confirm the card is set to the same channel as the AP. | ||
+ | * The card is scanning channels. | ||
+ | * The ESSID is wrong. | ||
+ | * The BSSID is wrong. | ||
+ | * You are too far away from the AP and are not receiving any beacons. | ||
+ | * You are not receiving beacons for the AP: Solution: | ||
+ | |||
+ | For all of the above, running airodump-ng and the related text file should provide all the information you require identify and correct the problem. | ||
+ | |||
+ | |||
+ | ==== Airodump-ng does not show the ESSID ==== | ||
+ | |||
+ | Airodump-ng does not show the ESSID! | ||
+ | |||
+ | Answer: | ||
+ | |||
+ | |||
+ | ==== Error Message " | ||
+ | |||
+ | You get something similar to this: | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | You cannot use fake authentication with a WPA/WPA Access Point. | ||
+ | |||
+ | |||
+ | ==== Error Message " | ||
+ | |||
+ | You cannot use fake authentication with an Open AP. Open meaning there is no WEP encryption enabled. | ||
+ | |||
+ | |||
+ | ==== Error Message " | ||
+ | |||
+ | First, ensure the AP you are trying to connect to is WEP. You cannot do fake authentication to a WPA/WPA2 network. | ||
+ | |||
+ | The most likely reason to get this error message is when the ESSID specified with " | ||
+ | |||
+ | |||
+ | ==== Error message "code (XX)" ==== | ||
+ | You receive an error messages referencing a code number. | ||
+ | |||
+ | |||
+ | ==== Other problems and solutions ==== | ||
Also make sure that: | Also make sure that: | ||
- | * You are physically close enough to the access point. | + | * You are physically close enough to the access point. You can confirm that you can communicate with the specific AP by following [[injection_test# |
* Make sure you are using a real MAC address (see discussion above) | * Make sure you are using a real MAC address (see discussion above) | ||
- | * The wireless card driver is properly patched and installed. | + | * The wireless card driver is properly patched and installed. Use the [[injection_test|injection test]] to confirm your card can inject. |
- | * The card is configured on the same channel as the AP. | + | * The card is configured on the same channel as the AP. Use " |
* The BSSID and ESSID (-a / -e options) are correct. | * The BSSID and ESSID (-a / -e options) are correct. | ||
* If Prism2, make sure the firmware was updated. | * If Prism2, make sure the firmware was updated. |
fake_authentication.txt · Last modified: 2010/11/21 13:18 by sleek