Help with aireplay -ng (Packet Injection)

[F4RR4R]

I'm following the instructions from abitaz's blog (awesome so far!). I'm running a linksys router - I set the encryption down to WEP. I've got a second laptop downloading all kinds of stuff and generating lots of traffic.

I've got airodump-ng monitoring the channel (and it's working correctly). Now, I'm trying to use aireplay-ng to inject packets (I don't understand this very well yet).

The command abitaz suggets using is: aireplay-ng -3 -e 07B402920894 rausb0

-3 Is the kind of attack (but I'm not sure what kind of attack that is) and -e (according to the help file) lets me specify the SSID of the target AP.

So, the BSSID of my target AP is 00:0F:66:00:6A:1D. (As displayed by airodump-ng, however aireplay asks me to enter it without the colons)

So, when I enter the command, I see the following happen:

bt ~ # aireplay-ng -3 -e 000F66006A1D rausb0
No source MAC (-h) specified. Using the device MAC (00:0E:3B:09:C2:A1)
22:35:14 Waiting for beacon frame (ESSID: 000F66006A1D) on channel 6
22:35:24 No such BSSID available.
Please specify a BSSID (-a).
bt ~ #


However, this is what I see in airodump:
00:0F:66:00:6A:1D 101 100 18836 41088 10 6 48 WEP WEP Anarchia

There are tons of beacons! So, I'm lost. Help? Thanks

[abitaz]

Hi. -e is for the ESSID, or the name of the network, not the BSSID, which is the MAC address of the AP

[abitaz]

BTW, the main point of injection is if there isn't lots of traffic, or even no traffic at all. If you are trying to test it, try without generating any traffic. That's the cool thing about aireplay injection.

I've got a second laptop downloading all kinds of stuff and generating lots of traffic.

[thegreo]

when runiing aireplay try the following

aireplay-ng -3 -b BSSID-OF-AP -h YOUR_DEVICE_MAC rausb0

so the attack is -3
-b is th BSSID of you AP (Typed in lik a MAC ADDRESS! (NOT THE BROADCAST NAME I.e LINKSYS (ESSID))

-h is your DEVICE MAC! (not sure if you are spoofing it or not)

so the command would look like

aireplay-ng -3 -b 1f:2f:3f:4f:5f:6f -h 00:11:22:33:44:55:66 rausb0


---------------------------------------------------------------

I assume you are associate with the Access point before you try this command..........(as you said so far so good)
If you are not or unsure what i mean, please dont side track from your original question... thanks

[abitaz]

As I mentioned on my blog, to keep the commands at the simplest level, in most cases you can leave out the -h parameter, and it will use your MAC address by default. You also have a choice of using one of either the BSSID or the ESSID.

when runiing aireplay try the following

aireplay-ng -3 -b BSSID-OF-AP -h YOUR_DEVICE_MAC rausb0

so the attack is -3
-b is th BSSID of you AP (Typed in lik a MAC ADDRESS! (NOT THE BROADCAST NAME I.e LINKSYS (ESSID))

-h is your DEVICE MAC! (not sure if you are spoofing it or not)

so the command would look like

aireplay-ng -3 -b 1f:2f:3f:4f:5f:6f -h 00:11:22:33:44:55:66 rausb0


---------------------------------------------------------------

I assume you are associate with the Access point before you try this command..........(as you said so far so good)
If you are not or unsure what i mean, please dont side track from your original question... thanks

[thegreo]

i didnt mean to trod on your shoes with my post fella

I perfectly agree with you, and to be honest there is no right or wrong way, if it works, you have suceeded, but i do agree with you keeping things simple, short & sweet, it will speed up your process and make learning easier.

Sorry again fella

[imported_spankdidly]

Man, use the fragmentation attack. It works every time for me. I dont care about clients or lack of clients or anything on my AP. I just hose it down with fragmentation!

[abitaz]

Correct me if I'm wrong, as I may very well be. Fragmentation will not work if there is no activity at all on the AP. Is that true?

Man, use the fragmentation attack. It works every time for me. I dont care about clients or lack of clients or anything on my AP. I just hose it down with fragmentation!

You didn't trod on my shoes the least bit. We're all here to learn and that's only gonna happen with some give and take.

i didnt mean to trod on your shoes with my post fella

I perfectly agree with you, and to be honest there is no right or wrong way, if it works, you have suceeded, but i do agree with you keeping things simple, short & sweet, it will speed up your process and make learning easier.

Sorry again fella

[F4RR4R]

Hi. -e is for the ESSID, or the name of the network, not the BSSID, which is the MAC address of the AP

Ah-HAH! That was my mistake. In your blog, your target AP's ESSID is also it's BSSID. I got confused with the terminology. Thanks!

BTW, the main point of injection is if there isn't lots of traffic, or even no traffic at all. If you are trying to test it, try without generating any traffic. That's the cool thing about aireplay injection.

Gotcha. I will try that tonight.

Man, use the fragmentation attack. It works every time for me. I dont care about clients or lack of clients or anything on my AP. I just hose it down with fragmentation!

Awesome. As soon as I'm done learning about this type of attack (No idea what it's even called) I'll try out a fragmentation attack (hopefully tonight!) Thanks!

[imported_spankdidly]

Correct me if I'm wrong, as I may very well be. Fragmentation will not work if there is no activity at all on the AP. Is that true?

No This Attack is for Routers with no clients. It requires a few more settings, but it's great.