Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: Some detailed questions about WEP cracking

  1. #11
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by jemenake View Post
    Uhh... the BT2 hardware compatibility list at backtrack.offensive-security.com/index.php?title=HCL:Wireless#Wireless_Cards_And_Dr ivers says that the Atheros (aka MadWifi-ng), Prism54 (which I forgot to list earlier) and ipw2200 have been patched for injection on the BT2 disc. It doesn't say if the other drivers already supported iinjection (and so didn't need patching), but the information section for the RT73 lists specific instructions for enabling injection.

    So... ummm... what was that you said about I should use a card that's listed as having support?
    There is a difference, albeit slight, in what I suggested and what you are saying. I understand full and well that the drivers listed are patched. However, I'm not talking about drivers, I'm talking about specific cards. What I am suggesting is to try a specific card that is listed or is known to work. Some cards, for whatever reason, even if they are using a compatible chipset, may not work with the listed drivers. Or maybe they will. My idea was to try to narrow down the problem.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  2. #12
    Just burned his ISO
    Join Date
    Apr 2007
    Posts
    7

    Default

    Quote Originally Posted by theprez98 View Post
    ...I'm not talking about drivers, I'm talking about specific cards. What I am suggesting is to try a specific card that is listed or is known to work.
    Well, I looked at the "Which card should I buy" thread on this forum, but it's not nearly as helpful as the title suggests. Most of the posts are "I'm planning to buy a ...", which doesn't tell you anything about whether that card works.

    The only ones that I saw mentioned in the forum as "working 100% right out of the box" are the Alfa 500mW and the Senao 2511CD, but I had figured they're everyone's favorite not because they're the only ones that work, but because the Alfa has such a high power output and the Senao is a PCMCIA with diversity.

    So, I decided not to get either of those because I didn't want to drop $70-$130 for a single card (since I hadn't found a single page that said that different cards using the same chipset will have different injection abilities). Also, I wasn't a big fan of the Senao (diversity or not) since it had MMCX connectors and I wanted to avoid the dB loss of using the tiny LMR-100 (or even smaller) on a pigtail. I like to stay at LMR-195 or above, so RP-SMA is about as small of a connector I want to go.

    To *further* complicate things, I'd like to get a card that can work in my laptop (meaning not PCI) or on a PC (meaning no PCMCIA). That leaves mini-PCI (because I have a PCI-to-mini-PCI converter) or USB. You can't change mini-PCI on the fly, so USB is very, very much preferred.

    So, is there someplace I should be looking to find the USB, RP-SMA, capable of injection with BT2 interface that I need.

    - Joe

  3. #13
    Just burned his ISO
    Join Date
    Apr 2007
    Posts
    7

    Default

    Quote Originally Posted by jemenake View Post
    Well, I looked at the "Which card should I buy" thread on this forum, but it's not nearly as helpful as the title suggests. Most of the posts are "I'm planning to buy a ...", which doesn't tell you anything about whether that card works.

    The only ones that I saw mentioned in the forum as "working 100% right out of the box" are the Alfa 500mW and the Senao 2511CD, but I had figured they're everyone's favorite not because they're the only ones that work, but because the Alfa has such a high power output and the Senao is a PCMCIA with diversity.

    So, I decided not to get either of those because I didn't want to drop $70-$130 for a single card (since I hadn't found a single page that said that different cards using the same chipset will have different injection abilities). Also, I wasn't a big fan of the Senao (diversity or not) since it had MMCX connectors and I wanted to avoid the dB loss of using the tiny LMR-100 (or even smaller) on a pigtail. I like to stay at LMR-195 or above, so RP-SMA is about as small of a connector I want to go.

    To *further* complicate things, I'd like to get a card that can work in my laptop (meaning not PCI) or on a PC (meaning no PCMCIA). That leaves mini-PCI (because I have a PCI-to-mini-PCI converter) or USB. You can't change mini-PCI on the fly, so USB is very, very much preferred.

    So, is there someplace I should be looking to find the USB, RP-SMA, capable of injection with BT2 interface that I need.

    - Joe
    h*t*t*p*://cgi.ebay.com/Atheros-AR5006-SUPER-G-A-wireless-mini-PCI-card-108Mbps_W0QQitemZ290110519301QQihZ019QQcategoryZ45 000QQrdZ1QQcmdZViewItem

    check that card it, im using the PCI-E version, although ive yet to even try a fragmentation attack i seemed to have figured out other attacks successfully

  4. #14
    Just burned his ISO
    Join Date
    Apr 2007
    Posts
    7

    Default

    Quote Originally Posted by specv View Post
    h*t*t*p*://cgi.ebay.com/Atheros-AR5006-SUPER-G-A-wireless-mini-PCI-card-108Mbps_W0QQitemZ290110519301QQihZ019QQcategoryZ45 000QQrdZ1QQcmdZViewItem

    check that card it, im using the PCI-E version, although ive yet to even try a fragmentation attack i seemed to have figured out other attacks successfully
    I'll take a look.

    Incidentally, I went to the Aircrack forums and asked if there's any utility to test if injection is even working at all (so you can tell if your problem is: A) Unsupported card, unpatched drivers, not setting up the card right, or B) Immune access point, bad antenna, too far from AP, etc.). Within a few hours, they had altered their Wiki page on aireplay-ng to include an injection test.

    - Joe

  5. #15
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Lightbulb

    ok lets start over. Im using a netgear 511t with a atherous chipset . The reason Im using this card is because I did my Homework. Im sorry if I came of Rude its just that the"which card issue" has been exausted in these forums. As far as i know if you have a card with atheros chipset the madwifi drivers should work.
    Now then lets look at your problem of the fragment attack. how many times did you try the attack?somtimes it can take a few tries. how far are you from the ap? its been my experiance that with apower reading of less than ten in airodump that the attack will fail. Have you tried the chop-chop attack? this seem s to work for me i some situations. the end resulting arp request is the same as in the frag attack. and lastly since im assuming this is your ap or you have permision did you try to assoisiate with another laptop and then do a aireplay -3 attack from close by to see if you were injecting? and last have you tried another laptop? these are all questions you should have answered before you say nothing works. If all else fails maby you should reburn your iso i recomend doing it a x2 speed. Im not being a asshole really Its just that most of the problems I have with bt2 are user error {that being me} and not enough testing. and finnaly did you read the part in the aircrack instuctions were it says somtimes this doesnt work. tough shit move on to your next target.

  6. #16
    Just burned his ISO
    Join Date
    Apr 2007
    Posts
    7

    Default

    Quote Originally Posted by purehate View Post
    ok lets start over. Im using a netgear 511t with a atherous chipset . The reason Im using this card is because I did my Homework. Im sorry if I came of Rude its just that the"which card issue" has been exausted in these forums.
    I grant that. There's a lot of "which card" confusion. I think it stems from the fact that some of these attack methods will fail if any of a dozen factors are just a little less than optimal (like the fact that a frag attack requires that 100% of your injected packets are seen by the AP). I think that there are many people who come to these forums when they're just flabbergasted. "I bought about 3-4 different cards with different chipsets (all of which are blessed on the BT2 wiki and on the Aircrack wiki), I've tried a bunch of different antennas, I've carefully checked my MAC addresses, I've unrolled the prayer rug, I've burned the incense, I've waved the yak horn over my head, I've made sure that the humidity is just right and I did it all while facing Mecca.... jesus )@&$@* christ!!! Why the hell isn't it working?"

    Today... some progress. I *finally* found a way to (supposedly) verify that injection is working. To my relief, it turns out that the cards that I've tested (my RT73 and my RT2500 USB cards) *do* actually perform the injection. Also, to follow up on the recommended card versus recommended chipset issue, I remembered that one of the ones I got (the WUSB54G v4) is actually a recommended *card*. So, anyway, the good news is that I know that it's something *else* that's going wrong. (And I got immediate feedback from the aircrack people indicating that the ability to verify injection would be a valuable feature)

    Now then lets look at your problem of the fragment attack. how many times did you try the attack? somtimes it can take a few tries.
    I probably try about 5-6 different packets per attack "session". Averaging about 1 session per day, for the past 3-4 weeks. So... around 75-100 different times.
    how far are you from the ap?
    About 50-75 feet and probably about 2-3 walls.
    its been my experiance that with apower reading of less than ten in airodump that the attack will fail.
    Okay... now THAT is good to know! All of the tutorials and videos I've seen just show you what it looks like when it works, and they never mention the necessary conditions. Same thing goes for fakeauth. Everyone says to do a fakeauth, and they all show it *succeeding*. Nobody seems to say whether or not it's worthwhile to continue if the fakeauth fails. I've never come across any page that says "The whole operation depends upon a fakeauth so, if you can't get it to succeed, then you're SOL and you might as well pack up and go home", although I'm getting the impression that that's the case.
    Have you tried the chop-chop attack?
    Tried everything. I used airoscript and went right down the list (clientless ARP replay, clientless frag, clientless chopchop, cliented ARP, cliented frag, cliented chopchop) dozens of times. I got ARP replay to work against two different AP's which had clients. Other than that... zippo.
    and lastly since im assuming this is your ap or you have permision did you try to assoisiate with another laptop and then do a aireplay -3 attack from close by to see if you were injecting? and last have you tried another laptop?
    I've tried 3 different PC's and 1 laptop. In one case, I had a PC associated and was running bittorrent to generate an ass-load of traffic. I could launch a deauth from the laptop and see the throughput on bittorrent hiccup as the PC reauth'd. I don't recall seeing any ARP's, and none of the frag/chop attacks did anything. This wasn't even against some fancy secure AP, either. This was against a rickety old Netgear MR314.

    As an aside, seeing the associated PC hiccup, I took that as proof that "injection" was working. Today, I come to find out that, depending upon the card, *some* types of packet injection might work while others won't. (Ugh... it never ends!). Fortunately, the "aireplay-ng -9" option in the SVN version can test for all of the injection types that it could need. Hopefully, once it makes it to a release, we'll see a wiki page where people can start posting Yes/No answers for all of the types of injections for a variety of cards.
    these are all questions you should have answered before you say nothing works.
    Okay. I've answered them. Now can I say it? :P
    If all else fails maby you should reburn your iso i recomend doing it a x2 speed.
    I've burned 4 different ISO's and even copied BT2 to 3 different 1GB and 2GB USB thumb drives. Hey, I'm nothing if not thorough.
    finnaly did you read the part in the aircrack instuctions were it says somtimes this doesnt work. tough shit move on to your next target.
    Just came across this today, where they describe the in's/out's of each attack.

  7. #17
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    well sounds like all the bases have been covered the only other real problem ive had wit bt is that when running leetmode after a while there is a process which i can't identify which causes a huge drag on the cpu and thus causes the rate of injection to slow dramaticly which in turn seems as if the arp replay is not working. do you have leetmode running? If it was me i would a-try a differant lap top against the same ap with your card or b- i would set up the second laptop with another copy of thelive cd and card and just run airodump to compare the results in the .cap files to see if they have similar outputs or -c try another ap [with permision of course}. what i dont understand {which again Im assuming its your ap} is why you dont connect with a laptop simulating a victim doing a torrent download or whatever and test your shit .with a victim engaged it should be no problem to capture a arp a reinject . it seems to me if that works than you have a distance problem. I didnt realize this early on but one of the senior member elightened me that just because you may have a supper dooper long ass range antenna and can listen and reach a ap doesnt mean the ap can return. when i am to far from a ap i will always get back a death pACKET and when i move closer it works so I'm afraid distance is the biggest issue for me. are your pcs wireless as well? can you deauth? otherwise your problem may be over my head or maby you should have prayed west.!!!!!!!!!!!!!

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •