BT4 problem with aircrack-ng!!Injection works but..

[venelino]

Hello guys.Im running BT4 on my hdd.I have Intel 5100 AGN and RT73 usb.With both have absolutely same problem....Injection works on both, but when i try start capture IV's, just dont catch anything..I tried same thing even with my neighbours wifi, the same problem..take a look whats happening

This is my wifi, strange is that first time injection took only 4/30, and with every next injection packet are getting more...the wifi is 5 meters next to me, strength signal is 93%
The 40packets u see captured are after i started attack, which successfully authenticated only first 2 times.. I've posted down also whats showing the attack..other strange is that when i start again the injection test after airodump-ng dont show results, the injection is not working...the only difference between the 5100AGN and the rt73 is that on rt73 there is no problem with the injection after that...

Code:

root@bt:~# airmon-ng stop wlan0
root@bt:~# iwconfig wlan0 mode monitor
root@bt:~# iwconfig
lo        no wireless extensions.

eth0      no wireless extensions.

wmaster0  no wireless extensions.

wlan0     IEEE 802.11abgn  Mode:Monitor  Frequency:2.412 GHz  Tx-Power=15 dBm
          Retry min limit:7   RTS thr:off   Fragment thr=2352 B
          Encryption key:off
          Power Management:off
          Link Quality:0  Signal level:0  Noise level:0
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

root@bt:~# aireplay-ng -9 -e wrt -a 00:22:6B:70:82:0A wlan0
For information, no action required: Using gettimeofday() instead of /dev/rtc
03:24:43  Waiting for beacon frame (BSSID: 00:22:6B:70:82:0A) on channel 1
03:24:43  Trying broadcast probe requests...
03:24:43  Injection is working!
03:24:45  Found 1 AP

03:24:45  Trying directed probe requests...
03:24:45  00:22:6B:70:82:0A - channel: 1 - 'wrt'
03:24:51  Ping (min/avg/max): 7.994ms/129.042ms/200.000ms Power: -28.75
03:24:51   4/30:  13%

root@bt:~# aireplay-ng -9 -e wrt -a 00:22:6B:70:82:0A wlan0
For information, no action required: Using gettimeofday() instead of /dev/rtc
03:24:57  Waiting for beacon frame (BSSID: 00:22:6B:70:82:0A) on channel 1
03:24:57  Trying broadcast probe requests...
03:24:57  Injection is working!
03:24:59  Found 1 AP

03:24:59  Trying directed probe requests...
03:24:59  00:22:6B:70:82:0A - channel: 1 - 'wrt'
03:25:05  Ping (min/avg/max): 3.985ms/131.136ms/192.011ms Power: -29.33
03:25:05   9/30:  30%

root@bt:~# aireplay-ng -9 -e wrt -a 00:22:6B:70:82:0A wlan0
For information, no action required: Using gettimeofday() instead of /dev/rtc
03:25:08  Waiting for beacon frame (BSSID: 00:22:6B:70:82:0A) on channel 1
03:25:08  Trying broadcast probe requests...
03:25:08  Injection is working!
03:25:09  Found 1 AP

03:25:09  Trying directed probe requests...
03:25:09  00:22:6B:70:82:0A - channel: 1 - 'wrt'
03:25:14  Ping (min/avg/max): 4.003ms/148.445ms/199.750ms Power: -30.26
03:25:14  27/30:  90%

root@bt:~# airodump-ng -c 1 --bssid 00:22:6B:70:82:0A -w output wlan0

CH  1 ][ Elapsed: 2 mins ][ 2009-03-15 03:29

 BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID

 00:22:6B:70:82:0A  -32 100     2272      149    0   1  54e  WEP  WEP    OPN  WRT

 BSSID              STATION            PWR   Rate    Lost  Packets  Probes

 00:22:6B:70:82:0A  00:16:EA:B7:B8:74    0    0 - 1      0       40

Those packets are catched when i started in Shell 2!!Before i start it, nothing is catched.Intresting is when i stop airodump-ng because of no results i tried  test injection again and then nothing....

root@bt:~# aireplay-ng -9 -e wrt -a 00:22:6B:70:82:0A wlan0
For information, no action required: Using gettimeofday() instead of /dev/rtc
03:29:27  Waiting for beacon frame (BSSID: 00:22:6B:70:82:0A) on channel 1
03:29:27  Trying broadcast probe requests...
03:29:29  No Answer...
03:29:29  Found 1 AP

03:29:29  Trying directed probe requests...
03:29:29  00:22:6B:70:82:0A - channel: 1 - 'wrt'
03:29:36   0/30:   0%



root@bt:~# aireplay-ng -1 0 -e wrt -a 00:22:6B:70:82:0A -h 00-16-EA-B7-B8-74 wlan0
03:28:01  Waiting for beacon frame (BSSID: 00:22:6B:70:82:0A) on channel 1

03:28:01  Sending Authentication Request (Open System) [ACK]
03:28:01  Authentication successful
03:28:01  Sending Association Request

03:28:06  Sending Authentication Request (Open System) [ACK]
03:28:06  Authentication successful
03:28:06  Sending Association Request

03:28:11  Sending Authentication Request (Open System) [ACK]
03:28:11  Authentication successful
03:28:11  Sending Association Request

03:28:16  Sending Authentication Request (Open System) [ACK]
03:28:16  Authentication successful
03:28:16  Sending Association Request

03:28:21  Sending Authentication Request (Open System) [ACK]
03:28:21  Authentication successful
03:28:21  Sending Association Request

03:28:26  Sending Authentication Request (Open System) [ACK]
03:28:26  Authentication successful
03:28:26  Sending Association Request

03:29:01  Sending Authentication Request (Open System)      - Gave me this 17 times(cutted it) then this - 
Attack was unsuccessful. Possible reasons:

    * Perhaps MAC address filtering is enabled.
    * Check that the BSSID (-a option) is correct.
    * Try to change the number of packets (-o option).
    * The driver/card doesn't support injection.
    * This attack sometimes fails against some APs.
    * The card is not on the same channel as the AP.
    * You're too far from the AP. Get closer, or lower
      the transmit rate.

And a log from my neighbours wifi, I've used little different way for monitor mode, cuz its on channel 11, same shit.

Code:

root@bt:~# airmon-ng stop wlan0


Interface       Chipset         Driver

wlan0           Unknown         iwlagn - [phy0]
                                (monitor mode disabled)

root@bt:~# airmon-ng start wlan0 11


Interface       Chipset         Driver

wlan0           Unknown         iwlagn - [phy0]
                                (monitor mode enabled on mon0)

root@bt:~# aireplay-ng -9 -e "CUP Baikonur" -a 00:0E:2E:3A:87:FD mon0
For information, no action required: Using gettimeofday() instead of /dev/rtc
03:38:48  Waiting for beacon frame (BSSID: 00:0E:2E:3A:87:FD) on channel 11
03:38:48  Trying broadcast probe requests...
03:38:49  Injection is working!
03:38:50  Found 1 AP

03:38:50  Trying directed probe requests...
03:38:50  00:0E:2E:3A:87:FD - channel: 11 - 'CUP Baikonur'
03:38:54  Ping (min/avg/max): 0.008ms/45.318ms/168.008ms Power: -82.00
03:38:54  18/30:  60%

root@bt:~# airodump-ng -c 11 --bssid 00:0E:2E:3A:87:FD -w output mon0

CH 11 ][ Elapsed: 56 s ][ 2009-03-15 03:40

 BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID

 00:0E:2E:3A:87:FD  -75 100      573        1    0  11  54 . WEP  WEP    OPN  CUP Baikonur

 BSSID              STATION            PWR   Rate    Lost  Packets  Probes

 00:0E:2E:3A:87:FD  00:16:EA:B7:B8:74    0    0 - 0      0       12

Here again nothing catched until i started injection in Shell 2. This time injection gave me different result error.

^C
root@bt:~# aireplay-ng -9 -e "CUP Baikonur" -a 00:0E:2E:3A:87:FD mon0
For information, no action required: Using gettimeofday() instead of /dev/rtc
03:40:54  Waiting for beacon frame (BSSID: 00:0E:2E:3A:87:FD) on channel 11
03:40:54  Trying broadcast probe requests...
03:40:56  No Answer...
03:40:56  Found 1 AP

03:40:56  Trying directed probe requests...
03:40:56  00:0E:2E:3A:87:FD - channel: 11 - 'CUP Baikonur'
03:41:02   0/30:   0%

oot@bt:~# aireplay-ng -1 0 -e "CUP Baikonur" -a 00:0E:2E:3A:87:FD -h 00-16-EA-B7-B8-74 wlan0
03:40:17  Waiting for beacon frame (BSSID: 00:0E:2E:3A:87:FD) on channel 11

03:40:17  Sending Authentication Request (Open System) [ACK]
03:40:17  Authentication successful
03:40:17  Sending Association Request
03:40:17  Got a deauthentication packet! (Waiting 3 seconds)

03:40:20  Sending Authentication Request (Open System) [ACK]
03:40:20  Authentication failed (code 12)

03:40:23  Sending Authentication Request (Open System) [ACK]
03:40:23  Authentication failed (code 12)

03:40:26  Sending Authentication Request (Open System)

03:40:28  Sending Authentication Request (Open System) [ACK]
03:40:28  Authentication failed (code 12)

03:40:31  Sending Authentication Request (Open System)

03:40:33  Sending Authentication Request (Open System) [ACK]
03:40:33  Authentication failed (code 12)

03:40:36  Sending Authentication Request (Open System) [ACK]
03:40:36  Authentication failed (code 12)

03:40:39  Sending Authentication Request (Open System)

03:40:41  Sending Authentication Request (Open System) [ACK]
03:40:41  Authentication failed (code 12)

03:40:44  Sending Authentication Request (Open System) [ACK]
03:40:44  Authentication failed (code 12)

03:40:47  Sending Authentication Request (Open System)    -  Gave me this 12  more times (i've cutted it) then  this -

Attack was unsuccessful. Possible reasons:

    * Perhaps MAC address filtering is enabled.
    * Check that the BSSID (-a option) is correct.
    * Try to change the number of packets (-o option).
    * The driver/card doesn't support injection.
    * This attack sometimes fails against some APs.
    * The card is not on the same channel as the AP.
    * You're too far from the AP. Get closer, or lower
      the transmit rate.

I don't know what I'm doing wrong guys....help please with my noobs situation here, im sure there is some explanation for this strange thing!Thank you very much


P.S. I'm not interested in my neighbours wifi!!!Used it only for experimental needs I wanted to be sure that the problem doesn't came from my network!!!Thanks for understanding!

[ShadowKill]

Hello guys.Im running BT4 on my hdd.I have Intel 5100 AGN and RT73 usb.With both have absolutely same problem....Injection works on both, but when i try start capture IV's, just dont catch anything..I tried same thing even with my neighbours wifi, the same problem..take a look whats happening

This is my wifi, strange is that first time injection took only 4/30, and with every next injection packet are getting more...the wifi is 5 meters next to me, strength signal is 93%
The 40packets u see captured are after i started attack, which successfully authenticated only first 2 times.. I've posted down also whats showing the attack..other strange is that when i start again the injection test after airodump-ng dont show results, the injection is not working...the only difference between the 5100AGN and the rt73 is that on rt73 there is no problem with the injection after that...

blah blah blah



And a log from my neighbours wifi, I've used little different way for monitor mode, cuz its on channel 11, same shit.

blah blah blah

I don't know what I'm doing wrong guys....help please with my noobs situation here, im sure there is some explanation for this strange thing!Thank you very much

Well that's easy, you're performing and admitting to, on a public forum full of security/LOE type people no less, an illegal activity. Your neighbor's net is not yours so back off and keep it to your own equipment. Maybe after you see the err of your ways you will get some help. Not likely though, at all....

[venelino]

Well that's easy, you're performing and admitting to, on a public forum full of security/LOE type people no less, an illegal activity. Your neighbor's net is not yours so back off and keep it to your own equipment. Maybe after you see the err of your ways you will get some help. Not likely though, at all....

Listen....I'm not interested at all in my neighbour wifi!!! I'm using it only with experimental purpose, because I wanted to be sure that the problem is not in mine!!!

[streaker69]

Listen....I'm not interested at all in my neighbour wifi!!! I'm using it only with experimental purpose, because I wanted to be sure that the problem is not in mine!!!

The law doesn't care about intent, only the fact that you've intruded upon a network that is not yours.

[purehate]

Leave your neighbor alone! I believe a re read of the forum rules is in order while you are in time out.

[TheCount]

I am having the same issue with the 5100 agn on my gateway. It seems like injection only works some of the time, and it's suuuuuuuper slow collecting IVs from my linksys 54g here at home.

Did everything I could think of with my router to see what the deal was, but no matter what settings I change (unless I just make it opn not wep) I still get the same problem.

I've looked all over the forums here, if anyone has a suggestion I'm all ears, obviously I've missed something somewhere.

[Ghost40]

The injection with the Intel 5100 is buggy. I found a nice article on the web the other night, but haven't had a chance to try it out yet. Ill see if I can find where I wrote the link down and post it...

And yes, whether or not you are experimenting with your neighbor's wifi, without they're permission, its illegal.

[troegs]

I too have had a similar issue. I'm new to BT and am only just getting aquainted with the many tools that it offers. When first loading BT nothing worked, neither wired nor wireless internet. After getting the internet up and running i found some tutorials on how to patch the driver. I got all the way to patching the kernel when i realized the kernel i had was newer then the one in the tut. looked back at it, and sure enough, injection was there all along. After knocking down all the network apps there were messing it up i had it up and running no problem. Since then however I haven't been able to get my lan to work at all and I'm not really sure what i could have changed in order to fix it.

What programs/commands do i need to run to get it back up? I'd also like to know if it's possible to have the lan running so i can browse internet, while i'm using my wireless to monitor.

On a final note, I had an off-topic type question. When/where is the boundary in matters of penetration? I haven't done anything beyond my own network yet, in fact I finally got a successful crack on my router just this evening. My question is this. is it a no no to simply crack a neighbor's pass, as long as you don't enter? (best analogy I can think of is picking a locking but never opening the door). I'm curious as my router is limited in the encryption I can use with it, however there's a local network that uses WPA2, and another using WPA2 enterprise.

I'm a CS student and have been fairly set on getting into the network security side of the house ever since I made up my mind to go back to school. That's what finally got me to find BT. just curious as to where learning and experimentation MUST end and gray/black area begins.

Thanks for any input on all the above questions/scenarios

T.

[balding_parrot]

On a final note, I had an off-topic type question. When/where is the boundary in matters of penetration? I haven't done anything beyond my own network yet, in fact I finally got a successful crack on my router just this evening. My question is this. is it a no no to simply crack a neighbor's pass, as long as you don't enter? (best analogy I can think of is picking a locking but never opening the door). I'm curious as my router is limited in the encryption I can use with it, however there's a local network that uses WPA2, and another using WPA2 enterprise.

Going any further than even thinking about trying that would be illegal in almost any country in the world, and would also be against the forum rules you agreed to.

My advice is don't

Take this as fair warning that if the moderators of this forum get a even a hint of this going on, we will wield the banhammer judiciously.

[troegs]

Fair enough. In that case are there any suggestions as to where one could "cut their teeth" on higher levels of encryption that their router simply cannot produce?