http://www.chris-mohan.com/2010/03/wifu-aireplay-ng-ska-attack-problem-with-linksys-wap54g/
http://trac.aircrack-ng.org/ticket/372
http://trac.aircrack-ng.org/ticket/703
http://www.backtrack-linux.org/forums/backtrack-5-experts-section/44327-wifi-ap-wrt45gl-linksys-cisco-broken-ska.html
http://forum.aircrack-ng.org
/index.php?PHPSESSID=dd18de1ba952d186cf749d7760f2643e&topic=233;prev_next=next
Of course, cracking WEP by bypassing SKA was one the last steps of the course. However, I have another access point that I could use: Dlink-655. I setup the new access point with the same ESSID and the same
Anyway, the only thing left in the lab is cracking WPA networks with the dictionary/custom wordlists. That should be fine. I also want to use a collaboration of cewl, crunch and the wordlists from Backtrack 5 R1 to use in the field. I wonder what kind of results I would get during a security assessment.
Before I forget, if people are having trouble using profile variables to make the commands shorter, I used the ".bashrc" file. The /etc/profile was not working for me like the videos illustrated. I just figured it was my fault since I am using Backtrack 5 R1. Fortunately, I was able to use the variable $ESSID by adding to the file ".bashrc" for example:
export ESSID=oswpexam
Is there any way to solve the problem of "Broken SKA." At Challenge is not possible to change the router. I need help with this.
ReplyDeleteSorry for the late response. I am not sure how much I can say. All I can say is that the OffSec team will not give you something that you cannot overcome. If you really need more help, try the IRC channel or the OffSec forum. They are always willing to help.
ReplyDeleteHello,
ReplyDeleteSorry to bump into such an old post.
I've been investigating this problem for several weeks now and I think I've got to the bottom of it.
It seems that it's a AP + aircrack combination issue. Specifically: some APs include extra proprietary info on the second auth message which the aircrack is not programmed to recognize. Seems like early AP versions (both hardware and firmware) were more standard compliant and aircrack was not updated/patched accordingly.
Thus even a pen tester has read somewhere (like in the backtack 5 book) he can crack a d-link dir-615 it will be impossible to do so with the latest versions of the hardware/firmware of that specifically AP.
I almost went nuts on this one as I followed the exact same steps and had the exact same equipment used throughout the entire .... book. Once I noticed from a picture that the hardware version of the d-link dir-615 was b2 and the firmware was 2.23 the problem became clear to me as I had d-link dir-615 h/w ver H2, f/w 8.02.
This bug is known:
http://trac.aircrack-ng.org/ticket/372#comment:6
I'll try to write a patch for but I guess my best advice until then is to ask the h/w, f/w of the victim AP and not just its model.
Although WEP is dead and almost nobody uses it anymore this info may prove helpful for researchers/investigators/programmers.
So now I hope it will be O.K. if I ask you what h/w f/w version of d-link dir-655 did you use?
No problem HellBoy. I assume that would be within the rules. Sorry it took so long to respond too. I just found it and the HW:A2 & FW:1.31. I guess the question is can you crack it with the latest version. I might want to check that later. Will probably end up being in December. Hopefully I answered your question tho.
ReplyDelete