Let me record the steps here so that I won’t forget in the near future. This is my second try after the first try where Ser Yoong logged into the wifi and let me used his MAC Address to spam ARP replay packets and manage to get the IVs flowing like water. This time managed to do it without any clients, and partly referred to Corelan.be, very useful.
- Airmon-ng the interface, turn on the monitor mode.
- Airodump-ng with the mon0 argument to get all the access points MAC and channel, choose one (WEP)
- Airodump-ng again with –channel and –bssid set
- Aireplay-ng –test (test injection)
- Aireplay-ng replay ARP, -5 using the -h fake associated hosts MAC
- Do fake authentication with Aireplay-ng
- Flowing incoming ivs