Deauth Windows 7 on BT5

[freemyggle]

I just installed BT5 over the previous BT4 with the hope that I can deauth my Windows 7 client that is logged into my WPA2. From what I understand, this was not possible on at least BT4, and it may only be wishful thinking that it is possible on BT5. Has anyone deauthed a windows 7 client on BT5? If yes, please share the commands. TYIA

[cgelici]

To deauth a client just use aireplay-ng. It works on all Backtrack distro's as far as I know.

[freemyggle]

Click THIS link and scroll down to post #26 by g0tmi1k. Unfortunately, all wireless machines in my household run Windows 7, so if I connect one to the AP, I am unable to perform the deauth. I guess I'll have to see if I can borrow another with XP or Vista to hone the craft.

If a VM was stable enough, I'd be able to run BT5 from within a Windows enviroment on this machine, and just deauth myself, but I'd have to install Vista to do so, but it'd be worth it. However, past experience with VMs has shown that to be more trouble than it's worth.

[iliyapolak]

I just installed BT5 over the previous BT4 with the hope that I can deauth my Windows 7 client that is logged into my WPA2. From what I understand, this was not possible on at least BT4, and it may only be wishful thinking that it is possible on BT5. Has anyone deauthed a windows 7 client on BT5? If yes, please share the commands. TYIA

י
why do not you try to dissasemble NDIS.sys driver and look for auth/deauth security related custom routines maybe you should also try to reverse-engineer whole win 7 network driver stack to learn 802.11 implementation?
Why are you asking Win 7 and its network stack and ndis 6 library developer/programmer level questions on this forum?

[freemyggle]

Because I did not go to college, I am learning pentest grassroots style, i.e. on my own in my spare time.

[iliyapolak]

Because I did not go to college, I am learning pentest grassroots style, i.e. on my own in my spare time.

I'm simply encouraging you to learn the theoretical side of the hacking and pentesting there are tons of books that are teaching you the inner workings of the hacking.
I have spent countless hours trying to dissasemble windows .exe .dll and .sys files.You do not need any college to learn this stuff but you need self-discipline and strong will in order to plough through the very difficult material.
At the beginning i advice you start to learning x86 assembly.

[freemyggle]

Though I do greatly appreciate the nudge, delving that deep sounds to me like an immense amount of time in learning a lot about Windows OS construction and development. Unfortunately, my time to invest into this venue of research currently is very slim, not to mention it is far easier (for me at least) to be shown the answer to a problem, then backtrack from that point to the beginning like 4-1=3 v. 1+3=?. That is probably a very bad analogy as pentesting is far more involved than that, but the simple answer is that I don't currently have the time to invest in researching Windows OS.

Could you answer the original question to this post? Is Windows 7 behind WPA/WPA2 encryption crackable with BT5?

[2901119]

I incourage anyone to correct me if I'm wrong but I believe anything using 802.11 technology is capable of receiving a deauth packet... There are some routers that have the option to ignore deauth packets. Yes you can deauth a windows 7 client to receive a wpa/wpa2 handshake.

[iliyapolak]

Could you answer the original question to this post? Is Windows 7 behind WPA/WPA2 encryption crackable with BT5?

As i stated earlier in the other post you cannot spoof AP or other client when WPA/WPA2 is used because of replay and spoofing attack protection which is binding session tokens to the mac addresses.
It is written in the 802.11 standard.
Btw it is all left to the specific software implementation.

Though I do greatly appreciate the nudge, delving that deep sounds to me like an immense amount of time in learning a lot about Windows OS construction and development. Unfortunately, my time to invest into this venue of research currently is very slim, not to mention it is far easier (for me at least) to be shown the answer to a problem, then backtrack from that point to the beginning like 4-1=3 v. 1+3=?. That is probably a very bad analogy as pentesting is far more involved than that, but the simple answer is that I don't currently have the time to invest in researching Windows OS.

Are you going to be a professional pentester or are you simply interested in pentesting and seeing it as a hobby?

[freemyggle]

Basing this on my extreme lack of knowledge of this venue of study and research, I am interpreting one of you is saying yes, and the other is saying no. I have to be honest that both of you are using language that I do not yet comprehend, so maybe I should rescind the question until I am fluent in the language and understand what it means with regard to this particular topic, but before I do, I request that 2901119 outline what the commands that are entered into the Konsole are? I've tried several variations that were shared on the BT4 forum with no success. It was only until I failed running g0tmi1k's commands that I read his post stating that he also was unable to death a Windows 7 client, or at least he acknowledged the problem (paraphrase).

So to further pinpoint the gist of my original question, please outline the commands you've successfully used to deauth a Windows7 client from your WPA/WPA2 AP.

TYIA