Been having one hell of a time testing out my WEP. I can successfully crack it using an ICMP flood on a legit WEP Client. But having hard time using aireplay-ng to help create IVs. Using latest 0.7 version of aircrack-ng. Installed DWL-122 drivers are linux-wlan-ng-0.2.5 and are properly patched with the included patch with aircrack. System is an old PII-333, 320, FC5-2.6-18-1.2257 Kernel. Haven't tried newly patched drivers on older 2239. Don't know what the heck the problem would be. Took awhile to notice I needed patched drivers. Of which aircrack-ng-0.6.1 came with linux-wlan-0.2.3.packet.injection.patch. Couldn't get patched drivers to compile. Luckily enough aircrack-ng just released 0.7 version. With 0.2.5 patch. That applied and compiled with no errors. Got even more excited at this point thinking that after days of fight with packet injection not working. I thought i finally had it. I've tried every possible option 0-4 with no success. Card is put in monitor mode and works properly with airodump. Also have a zd1211 card which i use for capturing IVs. Using just the wlanng for aireplay. I've tried multiple DeAuth, FakeAuth, IPR, and ARP Inj. All with no success. The wlanng card is given a new MAC using 'ifconfig hw ether' to 00:11:22:33:44:55 for FakeAuth. I've even taken the zd1211 card installed it on a XP box to be able to have a known client on the WEP network. Using the correct MAC for that card to try and creat a DeAuth attack. Still no success! The IPR method will read and capture ARP packet and ask to use to resend but doesn't create any IVs. Lastely ARP Injection won't even recognize an ARP packet. Have no idea why. I'm out of ideas. Usually never ask for help on forums. This has been my last resort. I have read almost every README and google site I can find on this. PLEASE HELP ME!!! The commands I'm using are listed below.
**NO SUCCESS DWL-122 and aireplay**
Fedora FC5
Kernel FC5-2.6-18-1.2257 RPM
DWL-122 (00:11:22:33:44:55)
Linux Wlan-ng 0.2.5 Driver
Packet Injection Patch (included with aircrack-ng 0.7)
Registered WEP client on XP box zd1211 (00
e:98:46:a4:77)
Linksys AP using WEP on channel 11 (00:0f:66:2f:7d:e3) SSID 'penguin'
--Monitor mode wlan0--
#/modprobe prism2_usb prism2_doreset=1
#/sbin/wlanctl-ng lnxreq_ifstate ifstate=enable
#ifconfig wlan0 down
#ifconfig wlan0 hw ether 00:11:22:33:44:55
#ifconfig wlan0 up
#/sbin/
#/sbin/wlanctl-ng lnxreq_wlansniff enable=true channel 11
--aireplay-ng--
*DeAuth*
#aireplay-ng -0 5 -a 00
f:66:2f:7d:e3 -c 00
e:98:46:a4:77 wlan0
*FakeAuth*
'#aireplay-ng -1 30 -e penguin -a 00:0f:66:2f:7d:e3 -h 00:11:22:33:44:55 wlan0' #No success
*IPR*
#aireplay-ng -2 -b 00
f:66:2f:7d:e3 -h <A/B> -n 100 -p 0841 -c ff:ff:ff:ff:ff:ff wlan0 #<A>= 00
e:98:46:a4:77 <B>=00:11:22:33:44:55
#tried <B> just for shits and giggles. OK it was desperation
#Method will read, capture, recognize ARP and send. Still
#doesn't create IVs
*ARP Injection*
#aireplay-ng -3 -b 00:0f:66:2f:7d:e3 -h 00:0e:98:46:a4:77 wlan0 #Doesn't even recognize an ARP packet
*Brute Force*
#aireplay-ng -4 -r <arp.cap> #arp.cap=file captured from aireplay-ng
=============================================================================================
TyBaLt
bnelson81@msn.com 2007-1-25
=============================================================================================
