I've been avoiding to start a new thread but I think it's time, I have many doubts about many things and I can't find my answers. I think I'm having an overdose of information and I'm messing it all up. Need help. I will tell you my story and ask questions along the way.
First, tried BT3 with no positive results, had problems with madwifi drivers.
Then, tried BT4. Success. Installed it into an external HD of 40 Gb. I'm using 6gb for ext3 and 2gb for swap. The rest is FAT32. (Now I can see that i should have done a bigger partition for ext3, i use the desktop a lot...). Is there anyway to make a bigger partition of ext3 without erasing any data?
The first and very ridiculous problem is that i think i messed up the winVista MBR file because if I reboot my laptop without the external HD plugged in i can't get to Windows. It gives me some grub error, so i guess i messed up when installing BT4. The only way to go to windows is via the grub boot menu (only works with HD plugged in). How can i recover my normal boot?
Ok, this wasn't enough to keep me away from BT4. It was time to start doing something. I've set my router to WEP Encryption. Injection worked perfectly (ath9 here), collected a lot of data, AP cracked. Beautiful. Tried again this time clientless with chopchop and fragmentation attacks. Once again it worked perfect. Question: Is there a way to make a data packet appear from nowhere? (when clientless, using -4 or -5)
Next step was setting the router to WPA. This is where problems begin.
Sometimes i can capture the handshakes and sometimes i can't. I have one laptop connected to the AP and another one trying to DeAuth but sometimes i can't get association. I can see a lot of packets beeing lost but no DeAuth happens. The question: What can i do to have more success capturing Handshakes? (i use #aireplay-ng -1 0 ..... and the "picky" version)
And so I cheated. I connected to the AP via Wicd, with my passphrase. I started Ettercap, scanned for hosts, saw the other laptop, added to target 2, and the router to target 1, now the question: Do i have allways to use the 2 targets?
Started mitm with arp-poisoning with success. I went to the "target" laptop and started surfing a bit. This surfing session was very suspicious. Very slow. I got some passwords and usernames in ettercap but the surfing in the "target" laptop was really really bad. So here's another question: Is there a way for sniffing with ettercap without causing this bad connection?
I had unfinished business with WPA so tried it again. This time i searched for rainbow tables, airolib and cowpatty (what a world!). What have i done, this made me more confuse. I want to use rainbow tables, i have a wordlist and have a specific essid. From scratch, how can i do that? (am i asking too much spoonfeeding here? i kinda feel that, i've red "=Xploitz= & friends" related posts but i still can't do it).
I think this post is already too big so i will stop now. There are more questions that I'll ask if this gets any answers.
Just 2 more things, I wasn't sure where to post this but since i feel like i am a completely noob i posted it here in the newbie section.
Last, sorry for my bad english.