Javatpoint Logo
Javatpoint Logo

Fake authentication attack

In the previous section, we saw how easy it is to crack a WEP key on a busy network. In a busy network, the number of data increases very fast. One problem that we could face is if the network is not busy. If the network is not busy, the number of data will be increasing very very slowly. At that time we're going to fake as an AP that doesn't have any clients connected to it or an AP that has a client connected to it, but the client is not using the network as heavily as the client in the previous section.

Let's look at an example. We will run airodump against the target AP which is javaTpoint. We now have javaTpoint, the same AP that we used before, but the difference is that we've disconnected the clients that were connected to do this attack. As we can see, in the client area, there are no clients connected and the #Data is 0, it didn't even go to 1.

In this section, we want to be able to crack a key like this, with 0 data:

Fake authentication attack

To solve this problem, what we can do is inject packets into the traffic. When we do this, we can force the AP to create a new packet with the new IVs in them, and then capture these IVs. But we have to authenticate our device with the target AP before we can inject packets. APs have lists of all of the devices that are connected to them. They can ignore any packets that come from a device that is not connected. If a device that doesn't have the key tries to send a packet to the router, the router will just ignore the packet, and it wouldn't even try to see what's inside it. Before we can inject packets into a router, we have to authenticate ourselves with the router. To do this, we're going to use a method called fake authentication.

In the previous section, we already executed airodump. Let's see how we can use fake authentication. In the previous screenshot, we can see that AUTH have no value. Once we have done fake authentication, we will see an OPN show up there, which will mean that we have successfully falsely authenticated our device with the target AP. We will use the following command to do that:

Fake authentication attack

With aireplay-ng, we're going to use a --fakeauth attack. In this attack, we include the type of attack and the number of packets that we want to send, which is --fakeauth 0. We are going to use -a, to include the target network which is 74:DA:DA:DB:F7:67. Then we're going to use -h, to include our MAC address. To get our MAC address, we are going to run the ifconfig wlan0 command:

Fake authentication attack

Here, wlan0 is the name of our Wi-Fi card. With aireplay-ng, the type of attack that we're trying to do, we're trying to perform a fake authentication attack, to authenticate our MAC address so that we can inject packets into the target network. We will send 0 which means do it once, then -a with the MAC address of the access point(AP), then -h with the MAC address of the device that we want to perform a fake authentication to, and then wlan0, the name of the WiFi card in monitor mode. Now we hit Enter:

Fake authentication attack

In the above image, we can see that -a sent an authentication request, and it was successful. The network becomes an open network, and our client showed up as if it was a client connected to the network. We're not actually connected, but we are authenticated with the network and have an association with it so that we can inject packets into the AP. It will now receive any request that we send to it. Following is the output:

Fake authentication attack
Next TopicARP request replay attack




Youtube For Videos Join Our Youtube Channel: Join Now

Feedback

Help Others, Please Share

facebook twitter pinterest

Learn Latest Tutorials

Splunk tutorial

Splunk
SPSS tutorial

SPSS
Swagger tutorial

Swagger
T-SQL tutorial

Transact-SQL
Tumblr tutorial

Tumblr
React tutorial

ReactJS
Regex tutorial

Regex
Reinforcement learning tutorial

Reinforcement Learning
R Programming tutorial

R Programming
RxJS tutorial

RxJS
React Native tutorial

React Native
Python Design Patterns

Python Design Patterns
Python Pillow tutorial

Python Pillow
Python Turtle tutorial

Python Turtle
Keras tutorial

Keras

Preparation

Aptitude

Aptitude
Logical Reasoning

Reasoning
Verbal Ability

Verbal Ability
Interview Questions

Interview Questions
Company Interview Questions

Company Questions

Trending Technologies

Artificial Intelligence

Artificial Intelligence
AWS Tutorial

AWS
Selenium tutorial

Selenium
Cloud Computing

Cloud Computing
Hadoop tutorial

Hadoop
ReactJS Tutorial

ReactJS
Data Science Tutorial

Data Science
Angular 7 Tutorial

Angular 7
Blockchain Tutorial

Blockchain
Git Tutorial

Git
Machine Learning Tutorial

Machine Learning
DevOps Tutorial

DevOps

B.Tech / MCA

DBMS tutorial

DBMS
Data Structures tutorial

Data Structures
DAA tutorial

DAA
Operating System

Operating System
Computer Network tutorial

Computer Network
Compiler Design tutorial

Compiler Design
Computer Organization and Architecture

Computer Organization
Discrete Mathematics Tutorial

Discrete Mathematics
Ethical Hacking

Ethical Hacking
Computer Graphics Tutorial

Computer Graphics
Software Engineering

Software Engineering
html tutorial

Web Technology
Cyber Security tutorial

Cyber Security
Automata Tutorial

Automata
C Language tutorial

C Programming
C++ tutorial

C++
Java tutorial

Java
.Net Framework tutorial

.Net
Python tutorial

Python
List of Programs

Programs
Control Systems tutorial

Control System
Data Mining Tutorial

Data Mining
Data Warehouse Tutorial

Data Warehouse