Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Airpwn

  1. #1
    Member
    Join Date
    Jan 2010
    Posts
    102

    Default Airpwn

    Has anyone used Airpwn yet? its in the backtrack radio folder in the start menu but i cant find the folder so i can change the config? Its not in the pentest directory...

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: Airpwn

    Quote Originally Posted by MassAppeal View Post
    Has anyone used Airpwn yet? its in the backtrack radio folder in the start menu but i cant find the folder so i can change the config? Its not in the pentest directory...
    Code:
    # /usr/local/sbin/airpwn
    # /usr/local/share/man/man1/airpwn.1
    # /var/lib/dpkg/info/
    In order to find "things" in linux use either the find command or the locate command.
    man for more info.
    Last edited by Archangel-Amael; 01-19-2010 at 07:13 PM.

  3. #3
    Member
    Join Date
    Jan 2010
    Posts
    102

    Default Re: Airpwn

    Thanks.

    The problem is there isnt any documentation... all the videos all the tutorials dont show were this conf/greet file is or how to make things work. just the switches to use. Im a bit lost to be honest. I understand how it works i just cant find the files :P

    Ive tried searching, but it just lags to much
    Last edited by MassAppeal; 01-20-2010 at 11:15 AM.

  4. #4
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: Airpwn

    Did you try here, because it tells me how the configuration file works.
    Documentation

  5. #5
    Member
    Join Date
    Jan 2010
    Posts
    102

    Default Re: Airpwn

    I no, Ive read that page 3 times. It still doesn't tell me were this config file is or do i just simply make my own html page?

  6. #6
    Member Mr-Protocol's Avatar
    Join Date
    Jan 2010
    Location
    Ohio
    Posts
    142

    Default Re: Airpwn

    on BT3 there were some pre-made templates to use with airpwn. There is a site that has some cool ones brico-wifi: airpwn download and how to
    A book has some info: Security Power Tools, in chapter 8. http://oreilly.com/catalog/9780596009632

    It's an old tool so google is your best friend. Lots of things out there. But essentially here is what it breaks down to.
    You have a Filter, and a response to a filter. Both of which are a file. In the config file, it is really the packet filter and has a "response" line which links to another file of whatever type to respond to the filter with.

  7. #7
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    3

    Default Re: Airpwn

    Hi,

    the version 1.4 in BT4 final, works well in open network
    with alfa awus036h

    But something wrong with mode wep key

    with -F :
    airpwn -c conf/bsod_html -d rtl8187 -i mon0 -vvv -k 8f:7d:b2:a8:b6:58:1d:8d:4c:a6:8e:c0:96 -F

    WEP encrypted packet found.
    WEP decryption failed..

    ....unsuccessfull !!! nothing injected

    without -F :
    airpwn -c conf/bsod_html -d rtl8187 -i mon0 -vvv -k 8f:7d:b2:a8:b6:58:1d:8d:4c:a6:8e:c0:96

    WEP encrypted packet found.
    WEP decryption succesful.
    Matched pattern for conf 'bsod_html'
    wrote 390 bytes to the wire(less)
    [17:39:57] injecting data for conf 'bsod_html'

    ...successfull !!! But inject only me (attack), and in network my 2nd laptop (victim) not injected, surf well

    thanks for your help
    Last edited by testairpwn; 01-22-2010 at 01:46 AM.

  8. #8
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    3

    Default Re: Airpwn

    sorry, 2 same post
    Last edited by testairpwn; 01-22-2010 at 01:37 AM.

  9. #9
    Member Mr-Protocol's Avatar
    Join Date
    Jan 2010
    Location
    Ohio
    Posts
    142

    Default Re: Airpwn

    Well, the way it works is... the airpwn device has to be able to respond faster than the actual access point. So it should be closer to the actual access point in order to respond to the unknowing client faster than the real access point they want.

    -F Assume no FCS headers at the end of the 802.11 frames. Some drivers append these and others don’t. If WEP decryption is failing when you’re positive you have the correct key, try using/not using -F.

    So using -F is dependent on your drivers.

  10. #10
    Just burned his ISO seeknet's Avatar
    Join Date
    Feb 2010
    Posts
    4

    Default Re: Airpwn

    Hi,

    today i tried to play with airpwn, but without luck. I own a Alfa AWUS036H (rtl8187), so the hardware requirements are check.
    The first thing i noticed was packet-version in Backtrack4 final, it says 1.0. Am I wrong? Is this just a joke of the packet-manager?

    Next step i disabled the encryption on my router and fired up airpwn. Now i realized that the standard config files are not included in bt4f, so i downloaded airpwn 1.4 and placed them on the desktop. (edited the conf file that the location of the html was right) I hope the style of the conf file hasn't changed since 1.0?

    airpwn -c /root/greet_html -d rtl8187 -i wlan0 -vvv

    -> Parsing configuration file..
    -> Opening command socket..
    -> Opening monitor socket..
    -> Opening injection socket..
    -> Listing for packets...
    -> Channel changing thread starting..

    Channel Number

    -> data packet len: 234, flags: 66 <-- DS
    ...
    ...
    ...

    The two laptops are right next to each other and the router is in another room.
    I tried this also with airmon-ng start wlan0 and used in the airpwn command line -i mon0, but nothing changed. I could surf the web on the target laptop normally.
    I noticed that i could write quite everything after -d without producing an error? (I tried -d rtl8081 as well, without luck)

    Thx for help!
    Last edited by seeknet; 02-20-2010 at 05:13 PM.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •