Results 1 to 7 of 7

Thread: Alfa r8187 + injection

  1. #1
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    4

    Default Alfa r8187 + injection

    First off I'm extremely happy that I found this little community here. It's been very helpful for me over the past few weeks reading all the tutorials and posts here.

    Quick question to verify this; When cracking wep.. I need to have a client online in order to generate "sent packets" during the aireplay-ng -3 sequence?

    I have the alfa 500mW adapter, so from what i've read it should support injection out of the box with no need to modprobe any drivers included with BT3.

    Anywho, look forward to discussing more topics here. I'm a IS Security major so, i'm sure i'll be back with more questions.

  2. #2
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by ice531 View Post
    Quick question to verify this; When cracking wep.. I need to have a client online in order to generate "sent packets" during the aireplay-ng -3 sequence?
    That is correct, the attack relies on intercepting an ARP-packet which will then be endlessly replayed to the AP in order to generate IVs. There are however other methods that can be used when there are not clients currently connected to the AP.

    Quote Originally Posted by ice531 View Post
    I have the alfa 500mW adapter, so from what i've read it should support injection out of the box with no need to modprobe any drivers included with BT3.
    The required driver is included with BT3F, which will recognize and support the card out of the box.
    -Monkeys are like nature's humans.

  3. #3
    Just burned his ISO rongogo's Avatar
    Join Date
    Feb 2006
    Posts
    12

    Default

    Quote Originally Posted by =Tron= View Post
    There are however other methods that can be used when there are not clients currently connected to the AP.
    Can you give a example for me, how to get arp without a client.
    I have tryed but with fake auth isn't working for me. :-(

    Aireplay-ng tells me Authentication is successfull, but i can see the association in airodum-ng.

    The last line Aireplay-ng give's, looks strange for me
    Code:
    Association successful :-) (AID: 1)
    That last (AID: 1) is strange.

    With the Netgear card i get not that message on the last, and i see the netgear successfull associated with the Apoint, in the airodump-ng screen.

    Maybe you or other alfa users can help me with this prob.

    And make the life a litle bit easyer :-)

    Regards Rongogo

  4. #4
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by rongogo View Post
    Can you give a example for me, how to get arp without a client.
    I have tryed but with fake auth isn't working for me. :-(
    Check out the following tutorial.

    Quote Originally Posted by rongogo View Post
    Aireplay-ng tells me Authentication is successfull, but i can see the association in airodum-ng.
    This is normal, the AWUS036H card will not show itself under the associated clients in airodump-ng although the attack was successful.

    Quote Originally Posted by rongogo View Post
    The last line Aireplay-ng give's, looks strange for me
    Code:
    Association successful :-) (AID: 1)
    That last (AID: 1) is strange.
    This is a perfectly valid confirmation of a successful association, AID stands for Association ID.
    -Monkeys are like nature's humans.

  5. #5
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    4

    Default

    @Tron. about the video posted above.

    I had already ran through the clientless wep tutorial on the aircrack-ng site. After watching Xploitz video though, it appears (maybe i'm just not seeing it..) that his video doesn't actually showcase a true clientless wep crack. It says he had a client connected to ping an address...which during a -3 would generate more traffic..

    Doesn't that defeat the purpose of clientless? According to what I think is supposed to happen if you don't have any clients connected to your AP...you need to run the following after you have successful association:

    packetforge-ng -0 -a BSSID -h YourMac -k 255.255.255.255 -l 255.255.255.255 -y NameOfYourFile.xor -w arp-request


    then after you get that done:

    aireplay-ng -2 -r arp-request wlan0


    Then you should begin seeing traffic on sent as well, i believe.

    Please someone let me know and explain to me if i'm incorrect in my assumptions above?

  6. #6
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    4

    Default

    Follow this step by step tutorial:
    aircrack-ng.org/doku.php?id=how_to_crack_wep_with_no_clients

  7. #7
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by ice531 View Post
    @Tron. about the video posted above.

    I had already ran through the clientless wep tutorial on the aircrack-ng site. After watching Xploitz video though, it appears (maybe i'm just not seeing it..) that his video doesn't actually showcase a true clientless wep crack. It says he had a client connected to ping an address...which during a -3 would generate more traffic..
    The very first seconds of the video in question shows the following text:
    Please note that in this tutorial, I have a client connected so that I can ping a non existant IP address to hasten the -3 attack I will be using. You don't have to ping..but if you don't you could be waiting for anywhere from seconds..up to 30 minutes..depends on how lucky you are.
    In other words, no it does not defeat the purpose of a no client attack, he only speeds up the process by "cheating" a bit. However, there are other approaches that might work better on some APs, personally I like the one documented at aircrack-ng.org as it does not rely on waiting around for an ARP packet at all. It is also more along the line of the process that you describe.
    -Monkeys are like nature's humans.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •