Page 12 of 15 FirstFirst ... 21011121314 ... LastLast
Results 111 to 120 of 145

Thread: 4965 agn

  1. #111
    Junior Member Zermelo's Avatar
    Join Date
    Feb 2010
    Posts
    54

    Default

    Quote Originally Posted by alacrityathome View Post
    Zermelo,

    Aireplay-ng attacks (except -1 and -9) still not working for me (no #/s activity). Could you describe what kernel and patches you used? I want to try and duplicate your success.

    Thanks,

    A
    Well, the above screen shot is not from BT4, but Ubuntu Intrepid. However, since BT4 is ubuntu based, I can't image that it would be much different.

    I am on kernel 2.6.27-12. It's actually Ubuntu Ultimate Edition 2.1. If you read this post, you will see that the older versions of compact wireless are more successful than the current versions:

    http://forum.aircrack-ng.org/index.p...26642#msg26642

    Hence, I used compat-wireless 2008-10-31.tar.bz2 found here in the archive:

    http://www.orbit-lab.org/kernel/comp...s-2.6/2008/10/

    Direct Download here: http://www.orbit-lab.org/kernel/comp...-10-31.tar.bz2

    And then I simply upgraded my version of aircrack-ng to the latest svn > 1531.

    No patching or anything else. Good Luck.

  2. #112
    Member alacrityathome's Avatar
    Join Date
    Jan 2010
    Posts
    248

    Smile Close

    Thanks, Zermelo, for taking the time to post your configuration. I am getting closer but still no cigar yet. BT4 is 2.6.28 and I also have Ubuntu with a 2.6.26-5 kernel ... probably too different from your 2.6.27 kernel for the compat version to work....so may upgrade the Ubuntu kernel and give your combo a shot.

    With the BT4 and the new svn aircrack-ng 5232 version, it looks so close. Had all five aireplay-ng attacks going at once (-1,2,3,4,5) and all of a sudden, the airodump-ng burst into 300#/s......so this must be close but not smooth at all.

    But, what the heck, that's the fun of it! Testing.

  3. #113
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    21

    Default

    No go for me with the SVN.

    -1 produces a few [ACK] and shows the client connection in airodump-ng, but injection after that seems to lock something up and I lose the AP becon after a little bit. tried in BT4 and ubuntu.

    Will work on it more later.

  4. #114
    Junior Member Zermelo's Avatar
    Join Date
    Feb 2010
    Posts
    54

    Default

    I have not tried Jaunty yet as I tend to leave working configurations unless there it's a significant upgrade. However, I have a removable HD that I use for testing, I'll install Jaunty and with this configuration and see what the results are.

    I'll post my results when complete.

  5. #115
    Member alacrityathome's Avatar
    Join Date
    Jan 2010
    Posts
    248

    Default Hmmmm......not there yet.

    Zermelo,

    I just tried Jaunty Ubuntu as well. If you try it, don't forget to apt-get install libssl-dev and iw. Using aircrack-ng r1533 with and without compat wireless 2009-05-17, I get the same results.

    Aireplay-ng -9 injection test works fine.

    But with fake authentication aireplay-ng -1, i get the same results:

    19:41:42 Sending Authentication Request (Open System) [ACK]
    19:41:42 Authentication successful
    19:41:42 Sending Association Request

    19:41:48 Sending Authentication Request (Open System)

    19:41:51 Sending Authentication Request (Open System)

    19:41:54 Sending Authentication Request (Open System)

    19:41:56 Sending Authentication Request (Open System) [ACK]

    19:41:59 Sending Authentication Request (Open System)

    19:42:02 Sending Authentication Request (Open System)

    19:42:05 Sending Authentication Request (Open System)

    19:42:08 Sending Authentication Request (Open System)

    19:42:11 Sending Authentication Request (Open System)

    19:42:14 Sending Authentication Request (Open System)

    19:42:17 Sending Authentication Request (Open System)

    19:42:20 Sending Authentication Request (Open System)

    19:42:23 Sending Authentication Request (Open System)

    19:42:26 Sending Authentication Request (Open System)

    19:42:29 Sending Authentication Request (Open System)

    19:42:32 Sending Authentication Request (Open System)
    Attack was unsuccessful. Possible reasons:

    * Perhaps MAC address filtering is enabled.
    * Check that the BSSID (-a option) is correct.
    * Try to change the number of packets (-o option).
    * The driver/card doesn't support injection.
    * This attack sometimes fails against some APs.
    * The card is not on the same channel as the AP.
    * You're too far from the AP. Get closer, or lower
    the transmit rate.


    So.....not very good authentication.

    Perhaps you will fare better!

    I didn't use yet your recommended compat wireless ... maybe that will do better.

    A

    EDIT: Initiating aireplay-ng-1 kills the injection capability. To regain injection, I have to do an airmon-ng stop and an airmon-ng start to have injection under aireplay-ng -9.

  6. #116
    Just burned his ISO
    Join Date
    May 2009
    Posts
    1

    Default Couple O' Questions...

    Let me ask you all this...
    1.) All problems moving to BT4 have been fixed for the 4956 ONLY after changing the kernel set or do you need to set up the scripts, change kernels and run BT4???

    2.) Really random question running with the 4965... I use 3 laptops all of which have been approved for BT3... I got a new M1330 with the 4965 and was able to load up BT3 from USB and it went in fine... This morning i was messing around and tried to boot up BT3 from USB on the M1330 again and it gave me a "fatal error occured - can't find executable init command"... anyone ever come across this? I can use the exact same USB stick on 3 other laptops just using it on the M1330 now it keeps giving me that stupid error...

    2.1) Should i just say screw it, scrap the USB and partition BT4 on the M1330???

    ---Thanks for you input, i have been reading on here for a long time just my first time to post...

  7. #117
    Member alacrityathome's Avatar
    Join Date
    Jan 2010
    Posts
    248

    Default

    BooFoo,

    On some of your questions...

    ...I haven't seen consistency with the 4965 yet on the new svn aircrack-ng....my comments in this thread are just trying different combinations to see if I can find consistency. So, i would avoid using the 4965 for anything other than "managed" mode for the moment.

    ...I think BT4 is still a Beta. If so, if you do use BT.....BT3 is working fine and that's what I would recommend. Maybe when the famous Muts team finalizes BT4, it may have full 4965 capability. Neither yet works for the 4965 unless you use wpa_supplicant to give you aireplay-ng -1 capability.

    A

  8. #118
    Member alacrityathome's Avatar
    Join Date
    Jan 2010
    Posts
    248

    Default

    No luck.

    As a few of the posts have commented, there are a number of start and stops (short term freezing) during the aireplay-ng attacks usually followed by a loss of association at some point.

    Will take a rest from all the testing for a bit.

    Wishing others better luck!

    A

  9. #119
    Just burned his ISO
    Join Date
    May 2009
    Posts
    3

    Default

    Quote Originally Posted by Zermelo View Post
    #1: Did you upgrade your version of aircrack to the latest svn version?

    #2: What does spoofing your mac have to do with fakeauth? (unless mac filtering is enabled).
    yes I did update my aircrack-ng version (rc3) via fast-track but what I'm asking is why doesn't the command

    #aireplay-ng -1 -0 -e <ESSID> -a <BSSID> mon0

    work? I get the same error message as alacrityathome what I mean about spoof my mac is: what if I want to do wpa crack, I need to use this command:

    #aireplay-ng -0 1 -a <BSSID> -c <Client's Mac> mon0

    to fakeauth which means I can't use the fakeit.sh script.

  10. #120
    Junior Member Zermelo's Avatar
    Join Date
    Feb 2010
    Posts
    54

    Default

    yes I did update my aircrack-ng version (rc3) via fast-track but what I'm asking is why doesn't the command

    #aireplay-ng -1 -0 -e <ESSID> -a <BSSID> mon0

    work? I get the same error message as alacrityathome what I mean about spoof my mac is: what if I want to do wpa crack, I need to use this command:

    #aireplay-ng -0 1 -a <BSSID> -c <Client's Mac> mon0

    to fakeauth which means I can't use the fakeit.sh script.
    #1: You should use subversion to update your version of aircrack. I don't use automated scripts, so I have no idea if you're on the correct version or not.

    #2: You need to learn more about the basic of cracking WPA. It has nothing to do with fakeauthing. You need to capture a 4-way handshake. That is done by DEAUTHING a client, not fakeauthing with the ap. In fact, it can be done completely passively by simply turning on airodump and waiting for a client to connect. The active way is simply to open up airodump, lock on the correct bssid and channel, then deauthing a client with aireplay-ng. It doesnt require fakeauthing.

    Simply:

    airodump-ng -a 00:11:22:33:44:55 -c1 mon0
    aireplay-ng -0 5 -a 00:11:22:33:44:55 -c aa:bb:cc:dd:ee:ff mon0

    where 00:11:22:33:44:55 is the bssid of the ap and aa:bb:cc:dd:ee:ff is the mac of an associated client. But as I said you should study the guides on cracking wpa on aircrack-ng. Preferably using a card known to work.

    You need to make sure the card is working on the most basic level, correct drivers, patching, etc. before you should start with different level of attacks which rely on correct working active attacks.

Page 12 of 15 FirstFirst ... 21011121314 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •