Results 1 to 10 of 18

Thread: Airpwn 1.4 injection

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    16

    Default Airpwn 1.4 injection

    I have a Acert 10.1 Aspire One Netbook

    I decided to try out the BackTrack 4 Pre Finale and discovered it had Airpwn-1.4 build in. So I copied the conf & content folders from a Airpwn-1.3 file I had to the desktop and decided to run

    "airpwn -c conf/greet_html -d ath5k -i mon0 -vvvv"

    It starts scrolling mad crazy a bunch of stuff such as

    ....
    data packet len: 166, flags: 66 <-- DS
    probe response (MPCS-Open)
    probe response (MPCS-Open)
    beacon frame (MPCS-Open)
    data packet len: 145, flags: 66 <-- DS
    null function
    acknowledgement
    data packet len: 134, flags: 66 <--DS

    So I go to another computer and go to google for example and it does nothing. In fact the other computer gets disconnected from the MPCS-Open network.

    When I do just ifconfig I get

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scrope:Host
    UP LOOPBACK RUNNING MTU 16436 METRIC:1
    RX packets:208 errors:0 dropped:0 overruns:0 frame:0
    TX packets:208 errors:0 dropped:0 overruns:0 frame:0
    collisions:0 txqueuelen:0
    RX bytes:12704 (12.7 KB) TX bytes:12704 (12.7 KB)

    mon0 Link ecnap:UNSPEC HWaddr 00-24-2B-85-70-8B-30-30-00-00-00-00-00-00-00-00
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets: 141895 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    coallisions:0 txqueuelen:1000
    RX bytes:3162753 (31.6 MB) TX bytes:0 (0.0 B)

    wlan0 Link ecnap:UNSPEC HWaddr AA-BB-CC-DD-EE-FF-00-00-00-00-00-00-00-00-00-00
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets: 294497 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    coallisions:0 txqueuelen:1000
    RX bytes:57683186 (57.6 MB) TX bytes:0 (0.0 B)

    wmaster0 Link ecnap:UNSPEC HWaddr AA-BB-CC-DD-EE-FF-00-00-00-00-00-00-00-00-00-00
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets: 0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    coallisions:0 txqueuelen:1000
    RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

    and when I do iwconfig I get

    lo no wireless extensions.

    eth0 no wireless extensions.

    wlan0 IEE 802.11bg Mode:Monitor Frequency:2.437GHz Tx-Power=27 dBm
    Retry min limit:7 RTS thrff Fragment thr=2352 B
    Encryption keyff
    Power Management: off
    Link Quality:0 Signal Level: 0 Noise level:0
    Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
    Tx excessive retries:0 invalid misc:0 Missed beacon:0

    mon0 IEE 802.11bg Mode:Monitor Frequency:2.437GHz Tx-Power=27 dBm
    Retry min limit:7 RTS thrff Fragment thr=2352 B
    Encryption keyff
    Power Management: off
    Link Quality:0 Signal Level: 0 Noise level:0
    Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
    Tx excessive retries:0 invalid misc:0 Missed beacon:0

    What am I doing wrong??

  2. #2
    Junior Member
    Join Date
    May 2009
    Posts
    61

    Default

    I didnt do much with airpwn but,
    First your option -d is not ath5k if you have atheros chipset i dont know which chipset you have it is madwifing or madwifiold. where did you see driver you type at the bootom of list when you type airpwn in console.

    Second at the end of code put option -F.

    Also if you want your attack to be better you can start airodump and your interface on channell of your victim you will fix then your interface on the channel of your victim [ap].

    If victim is on the channell 1 then just do airodump-ng mon0 -c 1 for example then stop it with ctrl-c.

    this will fix your interface on channel of your victim.

    This works for me but i didint do much with airpwn but it is nice little weapon.

    Post if this help you.

  3. #3
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    16

    Default

    Quote Originally Posted by Handsome-geek View Post
    I didnt do much with airpwn but,
    First your option -d is not ath5k if you have atheros chipset i dont know which chipset you have it is madwifing or madwifiold. where did you see driver you type at the bootom of list when you type airpwn in console.

    Second at the end of code put option -F.

    Also if you want your attack to be better you can start airodump and your interface on channell of your victim you will fix then your interface on the channel of your victim [ap].

    If victim is on the channell 1 then just do airodump-ng mon0 -c 1 for example then stop it with ctrl-c.

    this will fix your interface on channel of your victim.

    This works for me but i didint do much with airpwn but it is nice little weapon.

    Post if this help you.
    Well before I was using madwifing but no results. I read in a post somewhere that someone switched madwifing to ath5k and when I type out "airmon-ng start wlan0" it says

    Interface Chipset Driver
    wlan0 Atheros ath5k - [phy0]
    (monitor mode enabled on mon0)

    So I just thought maybe it'd be better to use ath5k instead of madwifing

  4. #4
    Junior Member
    Join Date
    May 2009
    Posts
    61

    Default

    But as i can see from list this is not supported driver.

    Did you try option -F at the end?

  5. #5
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    16

    Default

    Quote Originally Posted by Handsome-geek View Post
    But as i can see from list this is not supported driver.

    Did you try option -F at the end?
    airpwn -c conf/greet_html -d madwifing -i mon0 -F -vvvv


    in another terminal i run airodump-ng -c 6 mon0 to lock onto chan 6

    Airpwn starts to scroll all its usual stuff but when I open a browser on my victim computer nothing still happens

    here is what I get from airpwn

    airpwn-c conf/greet_html -d madwifing -i mon0 -F -vvvv
    parsing configuration file ..
    Opening command socket ..
    Opening monitor socket ..
    Opening injection socket ..
    Error setting monitor mode for interface mon0.
    Listening for packets ...
    channel changing threat starting ..
    beacon frame (MPCS)
    beacon frame (MPCS-open)
    beacon frame (MPCS)
    beacon frame (MPCS-open)
    beacon frame (MPCS)
    beacon frame (MPCS-open)
    beacon frame (MPCS)
    data packet len: 151, flags: 66 <-- DS
    beacon frame (MPCS-open)
    beacon frame (MPCS)
    beacon frame (MPCS-open)
    beacon frame (MPCS)
    beacon frame (MPCS-open)
    beacon frame (MPCS)
    beacon frame (MPCS-open)
    beacon frame (MPCS)
    beacon frame (MPCS-open)
    beacon frame (MPCS)
    beacon frame (MPCS-open)
    beacon frame (MPCS)
    beacon frame (MPCS-open)
    etc.....

    When I first fire up BackTrack i type airmon-ng start wlan0 to get my mon0 interface.

    Am I just stupid? I'm thinking whatever i'm doing wrong is so very easy to fix and i'm just not seeing it. On top of that i'll try aireplay-ng --test mon0 and it wont do injection unless I fire up airodump-ng then injection works.

  6. #6
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    16

    Default

    randomly just cuz I don't know what the hell i'm doing I tried the following

    root@bt:~#airmon-ng start mon0

    wlan0 Atheros ath5k - [phy0]
    mon0 Atheros ath5k - [phy0]
    (monitor mode enabled on mon1)

    root@bt:~# airpwn -c conf/greet_html -d madwifing -I mon0 -C mon1 -M mon1 -F -vvvv
    Parsing configuration file ..
    Opening command socket ..
    Opening monitor socket ..
    Opening injection socket ..
    Error setting monitor mode for interface mon1.
    Listening for packets ...
    Channel changing thread starting ..
    beacon frame (MPCS-Open)
    beacon frame (MPCS)
    beacon frame (MPCS-Open)
    beacon frame (MPCS)
    beacon frame (MPCS-Open)
    beacon frame (MPCS)
    beacon frame (MPCS-Open)
    beacon frame (MPCS)
    and then when I open Google on the vic computer
    beacon frame (MPCS-Open)
    beacon frame (MPCS)
    data packet len:1013, flags: 1 --> DS
    Matched pattern for conf 'greet_html'
    packet length:221, mtu: 1460, seq: 2879906302
    Unable to transmit packet.tx80211_txpacket: Operation not supported
    [9:35:40] injecting data for conf 'greet_html'
    acknowledgement
    beacon frame (MPCS-Open)
    beacon frame (MPCS)
    beacon frame (MPCS-Open)
    beacon frame (MPCS)
    but nothing ever popped up in the web browser except of course the Google home page

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •