4965 agn

[Zermelo]

Zermelo,

Aireplay-ng attacks (except -1 and -9) still not working for me (no #/s activity). Could you describe what kernel and patches you used? I want to try and duplicate your success.

Thanks,

A

Well, the above screen shot is not from BT4, but Ubuntu Intrepid. However, since BT4 is ubuntu based, I can't image that it would be much different.

I am on kernel 2.6.27-12. It's actually Ubuntu Ultimate Edition 2.1. If you read this post, you will see that the older versions of compact wireless are more successful than the current versions:

http://forum.aircrack-ng.org/index.p...26642#msg26642

Hence, I used compat-wireless 2008-10-31.tar.bz2 found here in the archive:

http://www.orbit-lab.org/kernel/comp...s-2.6/2008/10/

Direct Download here: http://www.orbit-lab.org/kernel/comp...-10-31.tar.bz2

And then I simply upgraded my version of aircrack-ng to the latest svn > 1531.

No patching or anything else. Good Luck.

[alacrityathome]

Thanks, Zermelo, for taking the time to post your configuration. I am getting closer but still no cigar yet. BT4 is 2.6.28 and I also have Ubuntu with a 2.6.26-5 kernel ... probably too different from your 2.6.27 kernel for the compat version to work....so may upgrade the Ubuntu kernel and give your combo a shot.

With the BT4 and the new svn aircrack-ng 5232 version, it looks so close. Had all five aireplay-ng attacks going at once (-1,2,3,4,5) and all of a sudden, the airodump-ng burst into 300#/s......so this must be close but not smooth at all.

But, what the heck, that's the fun of it! Testing.

[ochlocracy]

No go for me with the SVN.

-1 produces a few [ACK] and shows the client connection in airodump-ng, but injection after that seems to lock something up and I lose the AP becon after a little bit. tried in BT4 and ubuntu.

Will work on it more later.

[Zermelo]

I have not tried Jaunty yet as I tend to leave working configurations unless there it's a significant upgrade. However, I have a removable HD that I use for testing, I'll install Jaunty and with this configuration and see what the results are.

I'll post my results when complete.

[alacrityathome]

Zermelo,

I just tried Jaunty Ubuntu as well. If you try it, don't forget to apt-get install libssl-dev and iw. Using aircrack-ng r1533 with and without compat wireless 2009-05-17, I get the same results.

Aireplay-ng -9 injection test works fine.

But with fake authentication aireplay-ng -1, i get the same results:

19:41:42 Sending Authentication Request (Open System) [ACK]
19:41:42 Authentication successful
19:41:42 Sending Association Request

19:41:48 Sending Authentication Request (Open System)

19:41:51 Sending Authentication Request (Open System)

19:41:54 Sending Authentication Request (Open System)

19:41:56 Sending Authentication Request (Open System) [ACK]

19:41:59 Sending Authentication Request (Open System)

19:42:02 Sending Authentication Request (Open System)

19:42:05 Sending Authentication Request (Open System)

19:42:08 Sending Authentication Request (Open System)

19:42:11 Sending Authentication Request (Open System)

19:42:14 Sending Authentication Request (Open System)

19:42:17 Sending Authentication Request (Open System)

19:42:20 Sending Authentication Request (Open System)

19:42:23 Sending Authentication Request (Open System)

19:42:26 Sending Authentication Request (Open System)

19:42:29 Sending Authentication Request (Open System)

19:42:32 Sending Authentication Request (Open System)
Attack was unsuccessful. Possible reasons:

* Perhaps MAC address filtering is enabled.
* Check that the BSSID (-a option) is correct.
* Try to change the number of packets (-o option).
* The driver/card doesn't support injection.
* This attack sometimes fails against some APs.
* The card is not on the same channel as the AP.
* You're too far from the AP. Get closer, or lower
the transmit rate.


So.....not very good authentication.

Perhaps you will fare better!

I didn't use yet your recommended compat wireless ... maybe that will do better.

A

EDIT: Initiating aireplay-ng-1 kills the injection capability. To regain injection, I have to do an airmon-ng stop and an airmon-ng start to have injection under aireplay-ng -9.

[BooFoo]

Let me ask you all this...
1.) All problems moving to BT4 have been fixed for the 4956 ONLY after changing the kernel set or do you need to set up the scripts, change kernels and run BT4???

2.) Really random question running with the 4965... I use 3 laptops all of which have been approved for BT3... I got a new M1330 with the 4965 and was able to load up BT3 from USB and it went in fine... This morning i was messing around and tried to boot up BT3 from USB on the M1330 again and it gave me a "fatal error occured - can't find executable init command"... anyone ever come across this? I can use the exact same USB stick on 3 other laptops just using it on the M1330 now it keeps giving me that stupid error...

2.1) Should i just say screw it, scrap the USB and partition BT4 on the M1330???

---Thanks for you input, i have been reading on here for a long time just my first time to post...

[alacrityathome]

BooFoo,

On some of your questions...

...I haven't seen consistency with the 4965 yet on the new svn aircrack-ng....my comments in this thread are just trying different combinations to see if I can find consistency. So, i would avoid using the 4965 for anything other than "managed" mode for the moment.

...I think BT4 is still a Beta. If so, if you do use BT.....BT3 is working fine and that's what I would recommend. Maybe when the famous Muts team finalizes BT4, it may have full 4965 capability. Neither yet works for the 4965 unless you use wpa_supplicant to give you aireplay-ng -1 capability.

A

[alacrityathome]

No luck.

As a few of the posts have commented, there are a number of start and stops (short term freezing) during the aireplay-ng attacks usually followed by a loss of association at some point.

Will take a rest from all the testing for a bit.

Wishing others better luck!

A

[iceddevilz]

#1: Did you upgrade your version of aircrack to the latest svn version?

#2: What does spoofing your mac have to do with fakeauth? (unless mac filtering is enabled).

yes I did update my aircrack-ng version (rc3) via fast-track but what I'm asking is why doesn't the command

#aireplay-ng -1 -0 -e <ESSID> -a <BSSID> mon0

work? I get the same error message as alacrityathome what I mean about spoof my mac is: what if I want to do wpa crack, I need to use this command:

#aireplay-ng -0 1 -a <BSSID> -c <Client's Mac> mon0

to fakeauth which means I can't use the fakeit.sh script.

[Zermelo]

yes I did update my aircrack-ng version (rc3) via fast-track but what I'm asking is why doesn't the command

#aireplay-ng -1 -0 -e <ESSID> -a <BSSID> mon0

work? I get the same error message as alacrityathome what I mean about spoof my mac is: what if I want to do wpa crack, I need to use this command:

#aireplay-ng -0 1 -a <BSSID> -c <Client's Mac> mon0

to fakeauth which means I can't use the fakeit.sh script.

#1: You should use subversion to update your version of aircrack. I don't use automated scripts, so I have no idea if you're on the correct version or not.

#2: You need to learn more about the basic of cracking WPA. It has nothing to do with fakeauthing. You need to capture a 4-way handshake. That is done by DEAUTHING a client, not fakeauthing with the ap. In fact, it can be done completely passively by simply turning on airodump and waiting for a client to connect. The active way is simply to open up airodump, lock on the correct bssid and channel, then deauthing a client with aireplay-ng. It doesnt require fakeauthing.

Simply:

airodump-ng -a 00:11:22:33:44:55 -c1 mon0
aireplay-ng -0 5 -a 00:11:22:33:44:55 -c aa:bb:cc:dd:ee:ff mon0

where 00:11:22:33:44:55 is the bssid of the ap and aa:bb:cc:dd:ee:ff is the mac of an associated client. But as I said you should study the guides on cracking wpa on aircrack-ng. Preferably using a card known to work.

You need to make sure the card is working on the most basic level, correct drivers, patching, etc. before you should start with different level of attacks which rely on correct working active attacks.