Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Still cannot send fake authentification

  1. #1
    Junior Member
    Join Date
    Sep 2007
    Posts
    37

    Default Failing to send Fake Authentification

    Using Live Backtrak CD to test my own wep security. I am following
    Xploits nice tutorial at:
    h**p://forums.remote-exploit.org/showthread.php?t=7633

    but fail to send fake authentification to my AP. I am using the Awus026s adapter, identified as rausb0 Airodump reports my BSSID correctly, all I get when I try fake authentifaction is

    aireplay-ng -1 0 -e LV-426 -a 00:19:E4:39:0A:69 -h 00:11:22:33:44:55 rausb0
    23:44:15 Sending Authentification Request
    23:44:17 Sending Authentification Request
    23:44:19 Sending Authentification Request
    23:44:21 Sending Authentification Request
    23:44:23 Sending Authentification Request

    after 6 requests, no further output on the terminal so I use ctrl-c to break out.
    I have tried increasing the delay value from 0 to 2 :-

    aireplay-ng -1 2 -e LV-426 -a 00:19:E4:39:0A:69 -h 00:11:22:33:44:55 rausb0
    but this makes no difference and still no success at authentification

    Thanks in advance for help.

  2. #2
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    have you updated your rt73 driver ?

    if not type this before

    ifconfig rausb0 up && iwconfig rausb0 mode monitor channel 10 rate 1M
    (adapt channel param)
    iwpriv rausb0 forceprism 1
    iwpriv rausb0 rfmontx 1

    airodump-ng .....

    it's the old way, since aspj 1.0.0 driver , driver support fragmentation
    since 1.1.0 supports wpa capture, with this new drivers all you need to do is

    ifconfig rausb0 up
    airmon-ng start rausb0 10
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  3. #3
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by mephisto View Post
    Using Live Backtrak CD to test my own wep security. I am following
    Xploits nice tutorial at:
    h**p://forums.remote-exploit.org/showthread.php?t=7633

    but fail to send fake authentification to my AP. I am using the Awus026s adapter, identified as rausb0 Airodump reports my BSSID correctly, all I get when I try fake authentifaction is

    aireplay-ng -1 0 -e LV-426 -a 00:19:E4:39:0A:69 -h 00:11:22:33:44:55 rausb0
    23:44:15 Sending Authentification Request
    23:44:17 Sending Authentification Request
    23:44:19 Sending Authentification Request
    23:44:21 Sending Authentification Request
    23:44:23 Sending Authentification Request

    after 6 requests, no further output on the terminal so I use ctrl-c to break out.
    I have tried increasing the delay value from 0 to 2 :-

    aireplay-ng -1 2 -e LV-426 -a 00:19:E4:39:0A:69 -h 00:11:22:33:44:55 rausb0
    but this makes no difference and still no success at authentification

    Thanks in advance for help.

    Please, next time post questions about my video in my video thread. OK??

    Your problem is common and commonly overlooked. You have a special character in your AP's name. You MUST surround your AP's name in "quotes" like this....


    aireplay-ng -1 2 -e "LV-426" -a 00:19:E4:39:0A:69 -h 00:11:22:33:44:55 rausb0

    The - sign in your AP's name...LV-426 is the problem.

    That should fix your problem. Remember in the future...if you have a space or any special characters in your AP's name...you MUST surround the AP's name with quotes.


    And @ Shaman..hes using the -3 attack not the fragmentation attack.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  4. #4
    Junior Member
    Join Date
    Sep 2007
    Posts
    37

    Default

    Damn, I'm so stupid! Thanks again for another quick result, as a newbie, I cant post in any other section until I have reached 15 posts, though at this rate it wont be long
    I knew watching too much aliens would get the better of me

  5. #5
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Sorry, I forgot about the 15 post rule.

    And no, your not stupid..just inexperienced. Patience is the essence of growth mephisto.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  6. #6
    Junior Member
    Join Date
    Sep 2007
    Posts
    37

    Default Still cannot send fake authentification

    Using BT2 live edition, have setup my labtop inuilt 3945ABG chipset to connect to my AP, the inbuilt is defined as eth1.

    I have the Awus036s usb adapter, info from
    cat /proc/bus/usb/devices

    T: Bus=05 Lev=01 Prnt=01 Port=04 Cnt=01 Dev#= 3 Spd=480 MxCh= 0
    D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
    P: Vendor=148f ProdID=2573 Rev= 0.01
    S: Manufacturer=Ralink
    S: Product=802.11 bg WLAN
    C:* #Ifs= 1 Cfg#= 1 Atr=80 MxPwr=300mA
    I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=rt73
    E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
    E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms


    Vender and product ID are same, I hope my Revision number of 0.01 makes no difference.
    Using aircrack 0.7 on BT2 and the rt73 driver is 1.0.3.6.CVS

    I can use airmon, fake the mac address, but cannot send fake authentification to my AP. I have now changed my essid to LV426 (no extended characters). I have also used macchanger.

    My AP is on channel 6:
    CH 6 ][ Elapsed: 4 s ][ 2007-09-15 15:30

    BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

    00:19:E4:39:0A:69 -1 100 55 0 0 6 54. WEP WEP LV426


    bt ~ # aireplay-ng -1 0 -e LV426 -a 00:19:E4:39:0A:69 -h 00:11:22:33:44:55 rausb0
    15:26:44 Sending Authentication Request
    15:26:46 Sending Authentication Request
    15:26:48 Sending Authentication Request
    15:26:50 Sending Authentication Request
    15:26:52 Sending Authentication Request
    15:26:54 Sending Authentication Request

    After the last sending authentification I have to use ctrl-c to break out. I have
    tried the IPW3945 chipset and this also fails to send authentification.

    The drivers in BT2 final will be patched for injection, this has to be something I have overlooked, cannot think what.

    My router is made by 2wire, I have only changed the essid and wep key, I am not using mac filtering. I have tried with no clients connected, now trying with my laptop connected and using the Awus 036s on same laptop.

    For a laugh, it took me 3 months to learn to compile a kernel, my problem was no modules, then one day I realised I never made any modules, kept answering y and n but no m. Im pretty sure I have overlooked something basic here, once I get fake authentification, I can inject packets to speed up the key breaking process.

    Thanks in advance for any help and also to Xploit for your help yesterday
    Could it be that my AP is not compatible with the fake authentification attack?

  7. #7
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    merging with your other post. Please don't open another thread for the same problem.

    BTW..sounds like your not on the same channel as the ap...

    use airmon-ng start rausb0 6

    or whatever channel your AP is on..i used channel 6 in the above. You can change it to whatever channel your ap is on. Remember, run aireplay-ng -1 0 etc...BEFORE you run airodump. And in your airodump-ng command line include the -c 6 (for channel 6) and the --bssid (APMAC) arguments in the command line.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  8. #8
    Senior Member PrairieFire's Avatar
    Join Date
    Apr 2007
    Posts
    705

    Default

    Quote Originally Posted by mephisto View Post
    After the last sending authentification I have to use ctrl-c to break out. I have
    tried the IPW3945 chipset and this also fails to send authentification.

    The drivers in BT2 final will be patched for injection, this has to be something I have overlooked, cannot think what.
    Follow the steps listed here for IPW3945.
    Μολὼν λαβέ - Great spirits encounter heavy opposition from mediocre minds.

  9. #9
    Junior Member
    Join Date
    Sep 2007
    Posts
    37

    Default

    Still cannot authenticate...
    ok, I know my Awus036s starts on the same channel now because
    after aimon-ng start rausb0 6

    I can check the channel frequency with iwconfig.

    I have reset my router back to factory defaults, but that never worked.
    I notice that on the video the first line starts
    waiting for beacon then
    sending authentification request

    I never get waiting for beacon. I am going to try injection with the inbuilt chipset, see if I have any luck this way, thanks to everyone for help so far.

  10. #10
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    iwconfig rausb0 channel 6 rate 1M
    iwpriv rausb0 rfmontx 1
    aireplay-ng --test rausb0 -B (remove -B if not 1.0 dev )



    try this.....
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •