Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Injecting with "Association Failure"? (WEP)

  1. #1
    Just burned his ISO
    Join Date
    Apr 2009
    Posts
    4

    Unhappy Injecting with "Association Failure"? (WEP)

    Hi

    Thank you in advance for taking the time to help. It's my first time using BT3 LiveCD - using a Dell laptop with Broadcom BCM43xx.

    I'll ask the questions as I run the commands by you:

    bt ~ # airmon-ng stop eth1

    reply: eth1 Broadcom bcm43xx

    bt ~ # airmon-ng start eth1 8

    reply: (monitor mode enabled)

    bt ~ # aireplay-ng -9 -e target -a 00:11:22:33:44:55 eth1

    found 1 ap
    injection is working!
    30/30: 100%

    First Question: Do I know for sure here that my card can inject based on the previous reply?

    bt ~ # airodump-ng -c 8 --bssid 00:11:22:33:44:55 -w output eth1

    I see the target AP with 1 station associated with it, packets are increasing ~3000 packet in 8 mins, looks nice and healthy so far.

    Question 2: At this point, am I affecting the target AP performace at all or am I just listening and can run this for days without service interruption?

    I opened a new shell and ran:

    bt ~ # aireplay-ng -1 0 -e target -a 00:11:22:33:44:55 eth1 (-h is optional, it picked up my default MAC address)

    -sending auth req. (open sys)
    -switching to shared key auth
    -sending auth req (shared key)
    -auth 1/2 succ.
    - you should specify a xor file...
    - trying fragmented share key
    - sending encrypted challenge
    - challenge failure


    I can't go beyond this point, I've tried many APs all were rejecting me in one way or another, only time I got successful was to an open linksys (figures).

    In the manuals it says don't go beyond this point, injections wont work:

    I went anyway to the next step: part of my learning curve testing different ways and curousity.

    (new console)

    bt ~ # aireplay-ng -3 -b 00:11:22:33:44:55 -h 66:77:88:99:00 eth1

    lots of activity now both on this console and my airodump-ng (packets are increasing rapidly) -

    Question 3: Is it actually benefiting the process or is this all fake auth reqs noise and wont help me crack the wep unless I associate successfuly?

    Troubleshooting questions:
    - is the 30/30 100% tells me I'm close enough to the access point?
    - I tried faking my MAC to one of the associated stations, still auth failed.

    Where do I go from here?

    Your help is much appreciated for my learning curve and hopefully will benefit more newbies.

  2. #2
    Just burned his ISO
    Join Date
    Apr 2009
    Posts
    4

    Default ^_^

    1. You can be reasonably sure. Try setting your router to open auth and see if you can fake auth, then try ARP injection and see if the increase in #/s correlates to the number of packets you've sent.

    2. Airodump is passive. You're simply capturing packets sent by associated clients.

    3. Check tcpdump. If you see a bunch of deauth packets then you aren't gathering IVs so it's just noise.

    For packet injection to work, you're going to have to turn off your monitoring interface and set the MAC to the same as one used by an associated client.

  3. #3
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by yosinyc View Post
    I've tried many APs all were rejecting me in one way or another, only time I got successful was to an open linksys
    How many APs have you tried this on?
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  4. #4
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    first of all the yellow and red text isnt necessary

    second its rather obvious you are not pentesting on your own stuff

    third and most important search before you post TO SEE IF YOUR CARD WORKS

    fourth its pretty clear what the name airodump-ng implies and what aireplay-ng implies aswell but if you cant figure it out SEARCH!!

    now go read the RULES and pay special attention to the very first one



    Quote Originally Posted by routher View Post

    For packet injection to work, you're going to have to turn off your monitoring interface and set the MAC to the same as one used by an associated client.
    and that's simply not true sorry
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  5. #5
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by vvpalin View Post
    second its rather obvious you are not pentesting on your own stuff
    Obviously, but its much more satisfying to get them to admit this by asking probing questions. Phishing a guilty response from them if you will.

    Just pointing out the fact that they are doing this ruins all the potential fun.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  6. #6
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by lupin View Post
    Obviously, but its much more satisfying to get them to admit this by asking probing questions. Phishing a guilty response from them if you will.

    Just pointing out the fact that they are doing this ruins all the potential fun.
    Looks like some one has been studying social engineering.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  7. #7
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    Quote Originally Posted by lupin View Post
    Obviously, but its much more satisfying to get them to admit this by asking probing questions. Phishing a guilty response from them if you will.

    Just pointing out the fact that they are doing this ruins all the potential fun.
    oh i knew exactly what you where doing, lol i was even going to say something about it in my post

    from now on however i'll keep my mouth shut and not spoil the fun
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  8. #8
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by archangel.amael View Post
    Looks like some one has been studying social engineering.
    I try to never miss an opportunity to practice
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  9. #9
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by vvpalin View Post
    from now on however i'll keep my mouth shut and not spoil the fun
    First just do a bit of reading on posts in the idiot's corner. There is some good reading there. Might not be to educational but most is rather funny.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  10. #10
    Just burned his ISO
    Join Date
    Apr 2009
    Posts
    4

    Default Understood :)

    point taken, sorry for contributing to the Idiot's corner. I don't mind reading the manuals, but this "social engineering" stuff is kinda kewl and I'm new to it, so I was eager to jump on... much thanks...

    by the way: is something up with me & search or lots of people get no search results?? I get nothing on most of my searches so I turned to G.O.O.G.L.E and did: site:forums.remote-exploit.org "wahtever". -- got my answer thanks for the link vvpalin.


    Also as for the color-codes, just meant to make it easier on the readers...

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •