Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: BT4 problem with aircrack-ng!!Injection works but..

  1. #1
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    8

    Default BT4 problem with aircrack-ng!!Injection works but..

    Hello guys.Im running BT4 on my hdd.I have Intel 5100 AGN and RT73 usb.With both have absolutely same problem....Injection works on both, but when i try start capture IV's, just dont catch anything..I tried same thing even with my neighbours wifi, the same problem..take a look whats happening

    This is my wifi, strange is that first time injection took only 4/30, and with every next injection packet are getting more...the wifi is 5 meters next to me, strength signal is 93%
    The 40packets u see captured are after i started attack, which successfully authenticated only first 2 times.. I've posted down also whats showing the attack..other strange is that when i start again the injection test after airodump-ng dont show results, the injection is not working...the only difference between the 5100AGN and the rt73 is that on rt73 there is no problem with the injection after that...

    Code:
    root@bt:~# airmon-ng stop wlan0
    root@bt:~# iwconfig wlan0 mode monitor
    root@bt:~# iwconfig
    lo        no wireless extensions.
    
    eth0      no wireless extensions.
    
    wmaster0  no wireless extensions.
    
    wlan0     IEEE 802.11abgn  Mode:Monitor  Frequency:2.412 GHz  Tx-Power=15 dBm
              Retry min limit:7   RTS thr:off   Fragment thr=2352 B
              Encryption key:off
              Power Management:off
              Link Quality:0  Signal level:0  Noise level:0
              Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
              Tx excessive retries:0  Invalid misc:0   Missed beacon:0
    
    root@bt:~# aireplay-ng -9 -e wrt -a 00:22:6B:70:82:0A wlan0
    For information, no action required: Using gettimeofday() instead of /dev/rtc
    03:24:43  Waiting for beacon frame (BSSID: 00:22:6B:70:82:0A) on channel 1
    03:24:43  Trying broadcast probe requests...
    03:24:43  Injection is working!
    03:24:45  Found 1 AP
    
    03:24:45  Trying directed probe requests...
    03:24:45  00:22:6B:70:82:0A - channel: 1 - 'wrt'
    03:24:51  Ping (min/avg/max): 7.994ms/129.042ms/200.000ms Power: -28.75
    03:24:51   4/30:  13%
    
    root@bt:~# aireplay-ng -9 -e wrt -a 00:22:6B:70:82:0A wlan0
    For information, no action required: Using gettimeofday() instead of /dev/rtc
    03:24:57  Waiting for beacon frame (BSSID: 00:22:6B:70:82:0A) on channel 1
    03:24:57  Trying broadcast probe requests...
    03:24:57  Injection is working!
    03:24:59  Found 1 AP
    
    03:24:59  Trying directed probe requests...
    03:24:59  00:22:6B:70:82:0A - channel: 1 - 'wrt'
    03:25:05  Ping (min/avg/max): 3.985ms/131.136ms/192.011ms Power: -29.33
    03:25:05   9/30:  30%
    
    root@bt:~# aireplay-ng -9 -e wrt -a 00:22:6B:70:82:0A wlan0
    For information, no action required: Using gettimeofday() instead of /dev/rtc
    03:25:08  Waiting for beacon frame (BSSID: 00:22:6B:70:82:0A) on channel 1
    03:25:08  Trying broadcast probe requests...
    03:25:08  Injection is working!
    03:25:09  Found 1 AP
    
    03:25:09  Trying directed probe requests...
    03:25:09  00:22:6B:70:82:0A - channel: 1 - 'wrt'
    03:25:14  Ping (min/avg/max): 4.003ms/148.445ms/199.750ms Power: -30.26
    03:25:14  27/30:  90%
    
    root@bt:~# airodump-ng -c 1 --bssid 00:22:6B:70:82:0A -w output wlan0
    
    CH  1 ][ Elapsed: 2 mins ][ 2009-03-15 03:29
    
     BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID
    
     00:22:6B:70:82:0A  -32 100     2272      149    0   1  54e  WEP  WEP    OPN  WRT
    
     BSSID              STATION            PWR   Rate    Lost  Packets  Probes
    
     00:22:6B:70:82:0A  00:16:EA:B7:B8:74    0    0 - 1      0       40
    
    Those packets are catched when i started in Shell 2!!Before i start it, nothing is catched.Intresting is when i stop airodump-ng because of no results i tried  test injection again and then nothing....
    
    root@bt:~# aireplay-ng -9 -e wrt -a 00:22:6B:70:82:0A wlan0
    For information, no action required: Using gettimeofday() instead of /dev/rtc
    03:29:27  Waiting for beacon frame (BSSID: 00:22:6B:70:82:0A) on channel 1
    03:29:27  Trying broadcast probe requests...
    03:29:29  No Answer...
    03:29:29  Found 1 AP
    
    03:29:29  Trying directed probe requests...
    03:29:29  00:22:6B:70:82:0A - channel: 1 - 'wrt'
    03:29:36   0/30:   0%
    
    
    
    root@bt:~# aireplay-ng -1 0 -e wrt -a 00:22:6B:70:82:0A -h 00-16-EA-B7-B8-74 wlan0
    03:28:01  Waiting for beacon frame (BSSID: 00:22:6B:70:82:0A) on channel 1
    
    03:28:01  Sending Authentication Request (Open System) [ACK]
    03:28:01  Authentication successful
    03:28:01  Sending Association Request
    
    03:28:06  Sending Authentication Request (Open System) [ACK]
    03:28:06  Authentication successful
    03:28:06  Sending Association Request
    
    03:28:11  Sending Authentication Request (Open System) [ACK]
    03:28:11  Authentication successful
    03:28:11  Sending Association Request
    
    03:28:16  Sending Authentication Request (Open System) [ACK]
    03:28:16  Authentication successful
    03:28:16  Sending Association Request
    
    03:28:21  Sending Authentication Request (Open System) [ACK]
    03:28:21  Authentication successful
    03:28:21  Sending Association Request
    
    03:28:26  Sending Authentication Request (Open System) [ACK]
    03:28:26  Authentication successful
    03:28:26  Sending Association Request
    
    03:29:01  Sending Authentication Request (Open System)      - Gave me this 17 times(cutted it) then this - 
    Attack was unsuccessful. Possible reasons:
    
        * Perhaps MAC address filtering is enabled.
        * Check that the BSSID (-a option) is correct.
        * Try to change the number of packets (-o option).
        * The driver/card doesn't support injection.
        * This attack sometimes fails against some APs.
        * The card is not on the same channel as the AP.
        * You're too far from the AP. Get closer, or lower
          the transmit rate.

    And a log from my neighbours wifi, I've used little different way for monitor mode, cuz its on channel 11, same shit.

    Code:
    root@bt:~# airmon-ng stop wlan0
    
    
    Interface       Chipset         Driver
    
    wlan0           Unknown         iwlagn - [phy0]
                                    (monitor mode disabled)
    
    root@bt:~# airmon-ng start wlan0 11
    
    
    Interface       Chipset         Driver
    
    wlan0           Unknown         iwlagn - [phy0]
                                    (monitor mode enabled on mon0)
    
    root@bt:~# aireplay-ng -9 -e "CUP Baikonur" -a 00:0E:2E:3A:87:FD mon0
    For information, no action required: Using gettimeofday() instead of /dev/rtc
    03:38:48  Waiting for beacon frame (BSSID: 00:0E:2E:3A:87:FD) on channel 11
    03:38:48  Trying broadcast probe requests...
    03:38:49  Injection is working!
    03:38:50  Found 1 AP
    
    03:38:50  Trying directed probe requests...
    03:38:50  00:0E:2E:3A:87:FD - channel: 11 - 'CUP Baikonur'
    03:38:54  Ping (min/avg/max): 0.008ms/45.318ms/168.008ms Power: -82.00
    03:38:54  18/30:  60%
    
    root@bt:~# airodump-ng -c 11 --bssid 00:0E:2E:3A:87:FD -w output mon0
    
    CH 11 ][ Elapsed: 56 s ][ 2009-03-15 03:40
    
     BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID
    
     00:0E:2E:3A:87:FD  -75 100      573        1    0  11  54 . WEP  WEP    OPN  CUP Baikonur
    
     BSSID              STATION            PWR   Rate    Lost  Packets  Probes
    
     00:0E:2E:3A:87:FD  00:16:EA:B7:B8:74    0    0 - 0      0       12
    
    Here again nothing catched until i started injection in Shell 2. This time injection gave me different result error.
    
    ^C
    root@bt:~# aireplay-ng -9 -e "CUP Baikonur" -a 00:0E:2E:3A:87:FD mon0
    For information, no action required: Using gettimeofday() instead of /dev/rtc
    03:40:54  Waiting for beacon frame (BSSID: 00:0E:2E:3A:87:FD) on channel 11
    03:40:54  Trying broadcast probe requests...
    03:40:56  No Answer...
    03:40:56  Found 1 AP
    
    03:40:56  Trying directed probe requests...
    03:40:56  00:0E:2E:3A:87:FD - channel: 11 - 'CUP Baikonur'
    03:41:02   0/30:   0%
    
    oot@bt:~# aireplay-ng -1 0 -e "CUP Baikonur" -a 00:0E:2E:3A:87:FD -h 00-16-EA-B7-B8-74 wlan0
    03:40:17  Waiting for beacon frame (BSSID: 00:0E:2E:3A:87:FD) on channel 11
    
    03:40:17  Sending Authentication Request (Open System) [ACK]
    03:40:17  Authentication successful
    03:40:17  Sending Association Request
    03:40:17  Got a deauthentication packet! (Waiting 3 seconds)
    
    03:40:20  Sending Authentication Request (Open System) [ACK]
    03:40:20  Authentication failed (code 12)
    
    03:40:23  Sending Authentication Request (Open System) [ACK]
    03:40:23  Authentication failed (code 12)
    
    03:40:26  Sending Authentication Request (Open System)
    
    03:40:28  Sending Authentication Request (Open System) [ACK]
    03:40:28  Authentication failed (code 12)
    
    03:40:31  Sending Authentication Request (Open System)
    
    03:40:33  Sending Authentication Request (Open System) [ACK]
    03:40:33  Authentication failed (code 12)
    
    03:40:36  Sending Authentication Request (Open System) [ACK]
    03:40:36  Authentication failed (code 12)
    
    03:40:39  Sending Authentication Request (Open System)
    
    03:40:41  Sending Authentication Request (Open System) [ACK]
    03:40:41  Authentication failed (code 12)
    
    03:40:44  Sending Authentication Request (Open System) [ACK]
    03:40:44  Authentication failed (code 12)
    
    03:40:47  Sending Authentication Request (Open System)    -  Gave me this 12  more times (i've cutted it) then  this -
    
    Attack was unsuccessful. Possible reasons:
    
        * Perhaps MAC address filtering is enabled.
        * Check that the BSSID (-a option) is correct.
        * Try to change the number of packets (-o option).
        * The driver/card doesn't support injection.
        * This attack sometimes fails against some APs.
        * The card is not on the same channel as the AP.
        * You're too far from the AP. Get closer, or lower
          the transmit rate.
    I don't know what I'm doing wrong guys....help please with my noobs situation here, im sure there is some explanation for this strange thing!Thank you very much


    P.S. I'm not interested in my neighbours wifi!!!Used it only for experimental needs I wanted to be sure that the problem doesn't came from my network!!!Thanks for understanding!

  2. #2
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by venelino View Post
    Hello guys.Im running BT4 on my hdd.I have Intel 5100 AGN and RT73 usb.With both have absolutely same problem....Injection works on both, but when i try start capture IV's, just dont catch anything..I tried same thing even with my neighbours wifi, the same problem..take a look whats happening

    This is my wifi, strange is that first time injection took only 4/30, and with every next injection packet are getting more...the wifi is 5 meters next to me, strength signal is 93%
    The 40packets u see captured are after i started attack, which successfully authenticated only first 2 times.. I've posted down also whats showing the attack..other strange is that when i start again the injection test after airodump-ng dont show results, the injection is not working...the only difference between the 5100AGN and the rt73 is that on rt73 there is no problem with the injection after that...

    blah blah blah



    And a log from my neighbours wifi, I've used little different way for monitor mode, cuz its on channel 11, same shit.

    blah blah blah

    I don't know what I'm doing wrong guys....help please with my noobs situation here, im sure there is some explanation for this strange thing!Thank you very much
    Well that's easy, you're performing and admitting to, on a public forum full of security/LOE type people no less, an illegal activity. Your neighbor's net is not yours so back off and keep it to your own equipment. Maybe after you see the err of your ways you will get some help. Not likely though, at all....



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

  3. #3
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    8

    Exclamation

    Quote Originally Posted by ShadowKill View Post
    Well that's easy, you're performing and admitting to, on a public forum full of security/LOE type people no less, an illegal activity. Your neighbor's net is not yours so back off and keep it to your own equipment. Maybe after you see the err of your ways you will get some help. Not likely though, at all....
    Listen....I'm not interested at all in my neighbour wifi!!! I'm using it only with experimental purpose, because I wanted to be sure that the problem is not in mine!!!

  4. #4
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by venelino View Post
    Listen....I'm not interested at all in my neighbour wifi!!! I'm using it only with experimental purpose, because I wanted to be sure that the problem is not in mine!!!
    The law doesn't care about intent, only the fact that you've intruded upon a network that is not yours.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  5. #5
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Leave your neighbor alone! I believe a re read of the forum rules is in order while you are in time out.

  6. #6
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    1

    Default

    I am having the same issue with the 5100 agn on my gateway. It seems like injection only works some of the time, and it's suuuuuuuper slow collecting IVs from my linksys 54g here at home.

    Did everything I could think of with my router to see what the deal was, but no matter what settings I change (unless I just make it opn not wep) I still get the same problem.

    I've looked all over the forums here, if anyone has a suggestion I'm all ears, obviously I've missed something somewhere.

  7. #7
    Member
    Join Date
    Feb 2010
    Location
    Root
    Posts
    121

    Default

    The injection with the Intel 5100 is buggy. I found a nice article on the web the other night, but haven't had a chance to try it out yet. Ill see if I can find where I wrote the link down and post it...

    And yes, whether or not you are experimenting with your neighbor's wifi, without they're permission, its illegal.

  8. #8
    Just burned his ISO
    Join Date
    Mar 2009
    Posts
    9

    Default

    I too have had a similar issue. I'm new to BT and am only just getting aquainted with the many tools that it offers. When first loading BT nothing worked, neither wired nor wireless internet. After getting the internet up and running i found some tutorials on how to patch the driver. I got all the way to patching the kernel when i realized the kernel i had was newer then the one in the tut. looked back at it, and sure enough, injection was there all along. After knocking down all the network apps there were messing it up i had it up and running no problem. Since then however I haven't been able to get my lan to work at all and I'm not really sure what i could have changed in order to fix it.

    What programs/commands do i need to run to get it back up? I'd also like to know if it's possible to have the lan running so i can browse internet, while i'm using my wireless to monitor.

    On a final note, I had an off-topic type question. When/where is the boundary in matters of penetration? I haven't done anything beyond my own network yet, in fact I finally got a successful crack on my router just this evening. My question is this. is it a no no to simply crack a neighbor's pass, as long as you don't enter? (best analogy I can think of is picking a locking but never opening the door). I'm curious as my router is limited in the encryption I can use with it, however there's a local network that uses WPA2, and another using WPA2 enterprise.

    I'm a CS student and have been fairly set on getting into the network security side of the house ever since I made up my mind to go back to school. That's what finally got me to find BT. just curious as to where learning and experimentation MUST end and gray/black area begins.

    Thanks for any input on all the above questions/scenarios

    T.

  9. #9
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Quote Originally Posted by troegs View Post
    On a final note, I had an off-topic type question. When/where is the boundary in matters of penetration? I haven't done anything beyond my own network yet, in fact I finally got a successful crack on my router just this evening. My question is this. is it a no no to simply crack a neighbor's pass, as long as you don't enter? (best analogy I can think of is picking a locking but never opening the door). I'm curious as my router is limited in the encryption I can use with it, however there's a local network that uses WPA2, and another using WPA2 enterprise.
    Going any further than even thinking about trying that would be illegal in almost any country in the world, and would also be against the forum rules you agreed to.

    My advice is don't

    Take this as fair warning that if the moderators of this forum get a even a hint of this going on, we will wield the banhammer judiciously.

  10. #10
    Just burned his ISO
    Join Date
    Mar 2009
    Posts
    9

    Default

    Fair enough. In that case are there any suggestions as to where one could "cut their teeth" on higher levels of encryption that their router simply cannot produce?

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •