attack with no clients connected ?

[divide]

ARP replays works great, but only if a client is connected to the AP... I tested aireplay-ng on my AP, nothing happened until I switched on wifi on my PDA and connected to my AP.

So... is there any other kind of attack which doesn't require clients connected ?

[alberion]

arp attack does not need clients connected, you just need to get autenticated and associated to the AP, and dont forget to change the bssid on sys/class/net/wifi0/device to the mac adress of the AP, thsi way, YOU will be the client "connnected" to the ap reinyecting traffic

cheers!

[divide]

thanks for this clarification ! 

[maderman]

you are using the ipw3945?? Because if you don´t use this wireless card you only have to write :

Código:

aireplay-ng -1 10 -e "essid" -a "bssid" -h "your mac" interface

It is te  fake association and it use to create traffic when there aren´t any client connected to te ap. Greetings!

[the_often]

Hi!!

You should also keep in mind that the injection proccess without clients doesnt work always at the first time.  Also, is a process that usually needs long time to begin. Sometimes maybe 10 minutes, but many other times maybe 1 hour o maybe 2.

In other words, the injection wihtout clients (ataks 1 and 3) depends on diferent factors. The most important are the quality of signal (good signal could be required) and the model of the AP.

Normally newest APs are alredy fixed against this ataks without clients. 


All this things should be cheked to make sure you can have success.

And after that, the best way to do the injection without clients is to try and to try,  several times until you get success.  And may be helpful to stop all the atacks and to lauch them again, each 30 minutes for example.

I say all this to you according with my experiences.


Good luck!

Bye


P.S:  Also you have cheked you are doing correcty the ataks 1 & 3, without any mistake with the commands, right???

[cosypanther]

I've got the same problem, because I'm not able to be autenticated
with "aireplay-ng -1 0 -e ESSID -a BSSID -h STATION wifi0, because I need a
Station.

[pianista]

With this "aireplay-ng -1 0 -e ESSID -a BSSID -h STATION wifi0" you don't need any station, put in STATION for example, 00:11:22:33:44:55
If aireplay-ng -1 isn't successful you can try an aireplay-ng -3 with a real station...
If airepla....-1 is succesful, you have to do a aireplay-ng -3 -b BSSID -h 00:11:22:33:44:55 or the mac you have introduced on STATION in A1
 

[the_often]

As Pianista said, you dont need any real station to use that attack (aireplay -1..... , which is the 'fake association atack').

You can try with any MAC as station, but make sure you change the MAC interface of your Wifi CARD, to match the MAC you will use as false station with the aireplay -1....

If you want it easier, you dont have to change the MAC of your card. Just do  'macchanger -s wifi0' and copy that mac (your own MAC) and use it in the A1 (aireplay -1 ...).

That way you will be sure the MACs match.


Anyway remember that attacks without clients dont work with all AP or routers.


Good luck

[haohamaru]

i don't think so ,you can do a fake auth if the wep is used open system auth,but can't do a fake auth if the wep is used psk auth,you need a xor file genertate by airodump to do a fake auth,airodump need a real client mac to catch handsnake ,sorry for my english

[pianista]

Yes, we talked about WEP open, but with the xor you can do the attack for a shared key

[haohamaru]

in shared key wep ,if there no have real station ,you can't got a xor by airodump,is it?
if the wep is shared key,can you crack it without a real client?if you can ,please tell me how to do it?thank you very much!
sorry for my english ,i m chinese,i can only read simple english

[haohamaru]

anybody can help me?thanks very much!

[indio99]

in shared key wep ,if there no have real station ,you can't got a xor by airodump,is it?
if the wep is shared key,can you crack it without a real client?if you can ,please tell me how to do it?thank you very much!
sorry for my english ,i m chinese,i can only read simple english

you excuse my english, but is very very bad.

i don't know your porpuse, but you try to crack wep, and this network not is your property, this action is illegal.

and this site no support this action.

sorry

[haohamaru]

No! i only test it in my home! sorry for my english!
i have interest in this ,can you help me?

[indio99]

the process is very simply, but the result with this metod, not operate always.

you use a ipw3945, or other interface


the metod is

A3+A1


aireplay-ng -3 -b <MAC.AP> -h <MAC.FALSE> <interface>

aireplay-ng -1 10 -a <MAC.AP> -h <MAC.FALSE> -e <ESSID.AP> -x 1024 <interface>

and wait ......

may not operate, this metod not operate always.

bye

[jano-68]

You can try with any MAC as station, but make sure you change the MAC interface of your Wifi CARD, to match the MAC you will use as false station with the aireplay -1....

If you want it easier, you dont have to change the MAC of your card. Just do  'macchanger -s wifi0' and copy that mac (your own MAC) and use it in the A1 (aireplay -1 ...).

That way you will be sure the MACs match.


Anyway remember that attacks without clients dont work with all AP or routers.


Good luck

For change the mac address with "macchanger":

Código:

macchanger -m XX:XX:XX:XX:XX wifi0

(XX is: copy and paste of MAC client)

Ciao, Jano