Hermes1 injection?

**maddoggpt** · 12-03-2007, 05:21 AM

okay so im starting to get the feel for this whole Linux deal so tonight i tried to pen test my wep system and i followed the instructions off the aircrack website and i am getting through the steps just fine until i get to

Code:

bt ~ # aireplay-ng -1 0 -e Scarletnet -a 00:14:6C:3E:90:E8 -h 00:06:25:01:92:74 eth1

and instead of getting the expected outcome of

Code:

18:18:20  Sending Authentication Request
18:18:20  Authentication successful
18:18:20  Sending Association Request
18:18:20  Association successful :-)

i get .....

Code:

21:20:45  Waiting for beacon frame (BSSID: 00:14:6C:3E:90:E8) on channel 6

21:20:45  Sending Authentication Request (Open System)

21:20:47  Sending Authentication Request (Open System)

21:20:49  Sending Authentication Request (Open System)

21:20:51  Sending Authentication Request (Open System)

21:20:53  Sending Authentication Request (Open System)

21:20:55  Sending Authentication Request (Open System)

21:20:57  Sending Authentication Request (Open System)

21:20:59  Sending Authentication Request (Open System)

21:21:01  Sending Authentication Request (Open System)

21:21:03  Sending Authentication Request (Open System)

21:21:05  Sending Authentication Request (Open System)

21:21:07  Sending Authentication Request (Open System)

21:21:09  Sending Authentication Request (Open System)

21:21:11  Sending Authentication Request (Open System)

21:21:13  Sending Authentication Request (Open System)

21:21:15  Sending Authentication Request (Open System)
Attack was unsuccessful. Possible reasons:

    * Perhaps MAC address filtering is enabled.
    * Check that the BSSID (-a option) is correct.
    * Try to change the number of packets (-o option).
    * The driver/card doesn't support injection.
    * This attack sometimes fails against some APs.
    * The card is not on the same channel as the AP.
    * You're too far from the AP. Get closer, or lower
      the transmit rate.

and i even tried the other way

Code:

aireplay-ng -1 6000 -o 1 -q 10 -e teddy -a 00:14:6C:7E:40:80 -h 00:09:5B:EC:EE:F2 ath0

but i get the same error so now I'm at a loss of what to do.

i dont know if this will help but ill post what my shell looks like so if anyone can help

Code:

Interface       Chipset         Driver

eth1            HermesI         orinoco (monitor mode enabled)

bt ~ # aireplay-ng -1 0 -e Scarletnet -a 00:14:6C:3E:90:E8 -h 00:06:25:01:92:74 eth1
21:20:23  Waiting for beacon frame (BSSID: 00:14:6C:3E:90:E8) on channel 10
21:20:23  eth1 is on channel 10, but the AP uses channel 6
bt ~ # airmon-ng start eth1 6


Interface       Chipset         Driver

eth1            HermesI         orinoco (monitor mode enabled)

bt ~ # aireplay-ng -1 0 -e Scarletnet -a 00:14:6C:3E:90:E8 -h 00:06:25:01:92:74 eth1
21:20:45  Waiting for beacon frame (BSSID: 00:14:6C:3E:90:E8) on channel 6

21:20:45  Sending Authentication Request (Open System)

21:20:47  Sending Authentication Request (Open System)

21:20:49  Sending Authentication Request (Open System)

21:20:51  Sending Authentication Request (Open System)

21:20:53  Sending Authentication Request (Open System)

21:20:55  Sending Authentication Request (Open System)

21:20:57  Sending Authentication Request (Open System)

21:20:59  Sending Authentication Request (Open System)

21:21:01  Sending Authentication Request (Open System)

21:21:03  Sending Authentication Request (Open System)

21:21:05  Sending Authentication Request (Open System)

21:21:07  Sending Authentication Request (Open System)

21:21:09  Sending Authentication Request (Open System)

21:21:11  Sending Authentication Request (Open System)

21:21:13  Sending Authentication Request (Open System)

21:21:15  Sending Authentication Request (Open System)
Attack was unsuccessful. Possible reasons:

    * Perhaps MAC address filtering is enabled.
    * Check that the BSSID (-a option) is correct.
    * Try to change the number of packets (-o option).
    * The driver/card doesn't support injection.
    * This attack sometimes fails against some APs.
    * The card is not on the same channel as the AP.
    * You're too far from the AP. Get closer, or lower
      the transmit rate.

bt ~ # aireplay-ng -1 6000 -o 1 -q 10 -e teddy -a 00:14:6C:7E:40:80 -h 00:06:25:01:92:74 eth1
21:22:09  Waiting for beacon frame (BSSID: 00:14:6C:7E:40:80) on channel 6

bt ~ # aireplay-ng -1 6000 -o 1 -q 10 -e Scarletnet -a 00:14:6C:3E:90:E8  -h 00:06:25:01:92:74 eth1
21:22:57  Waiting for beacon frame (BSSID: 00:14:6C:3E:90:E8) on channel 6

21:22:57  Sending Authentication Request (Open System)

21:22:59  Sending Authentication Request (Open System)

21:23:01  Sending Authentication Request (Open System)

21:23:03  Sending Authentication Request (Open System)

21:23:05  Sending Authentication Request (Open System)

21:23:07  Sending Authentication Request (Open System)

21:23:09  Sending Authentication Request (Open System)

21:23:11  Sending Authentication Request (Open System)

21:23:13  Sending Authentication Request (Open System)

21:23:15  Sending Authentication Request (Open System)

21:23:17  Sending Authentication Request (Open System)

21:23:19  Sending Authentication Request (Open System)

21:23:21  Sending Authentication Request (Open System)

21:23:23  Sending Authentication Request (Open System)

21:23:25  Sending Authentication Request (Open System)

21:23:27  Sending Authentication Request (Open System)
Attack was unsuccessful. Possible reasons:

    * Perhaps MAC address filtering is enabled.
    * Check that the BSSID (-a option) is correct.
    * Try to change the number of packets (-o option).
    * The driver/card doesn't support injection.
    * This attack sometimes fails against some APs.
    * The card is not on the same channel as the AP.
    * You're too far from the AP. Get closer, or lower
      the transmit rate.

bt ~ #

thanks

**Archangel-Amael** · 12-03-2007, 08:59 AM

Originally Posted by maddoggpt

okay so im starting to get the feel for this whole Linux deal so tonight i tried to pen test my wep system and i followed the instructions off the aircrack website and i am getting through the steps just fine until i get to

Code:

bt ~ # aireplay-ng -1 0 -e Scarletnet -a 00:14:6C:3E:90:E8 -h 00:06:25:01:92:74 eth1

thanks

are you sure its eth1 and not ath0 ?

if you are correct with the eth1 then try
a basic injection test using

aireplay-ng -9 -e teddy -a 00:14:6C:7E:40:80 -i wlan0 ath0

Where:

*
-9 means injection test. Long form is - -test. (Double dash)
*
-e teddy is the network name (SSID). This is optional.
*
-a 00:14:6C:7E:40:80 ath0 is MAC address of the access point (BSSID). This is optional.
*
-i wlan0 is interface name of the second card if you want to determine which attacks your card supports. This is optional.
*
ath0 is the interface name or airserv-ng IP Address plus port number. For example - 127.0.0.1:666. (Mandatory)

IMPORTANT: You must set your card to the desired channel with airmon-ng prior to running any of the tests.

whereas in your case use eth1 instead of ath0
From the aircrack-ng website

**default** · 12-03-2007, 10:46 AM

Originally Posted by maddoggpt

Interface Chipset Driver

eth1 HermesI orinoco (monitor mode enabled)

I didn't know Hermes chipsets could inject?

**Re@lity** · 12-03-2007, 05:29 PM

maddoggpt: Use sensible, descriptive post titles, as per the forum rules............

Title changed.

**maddoggpt** · 12-04-2007, 11:38 PM

sorry about the non descriptive title i should have been more methodical, but to my knowledge my card is eth1 which was surprising to me too but ill try that test and post back

**Re@lity** · 12-05-2007, 01:37 AM

Your wireless card could be ethX (eth0, eth1, etc) or wlanX or athX etc, depending on the chipset/driver.

The point here is more to do with the fact that it is a Hermes1 chipset.
Like "default" already queried - I also did not know Herems1 cards were now capable of injection?

As far as I am aware is doesn't support injection at all, which is the cause of your problems

**maddoggpt** · 12-05-2007, 01:48 AM

ha i guess it would be then i didn't take the time to search for myself i just took the advice of my friend who said it was i guess i won't trust him anymore

**imported_spankdidly** · 12-05-2007, 02:35 AM

Originally Posted by maddoggpt

ha i guess it would be then i didn't take the time to search for myself i just took the advice of my friend who said it was i guess i won't trust him anymore

Did he also ask you to go camping with him? Ah nevermind. Bad Joke.

**streaker69** · 12-05-2007, 02:46 AM

Originally Posted by spankdidly

Did he also ask you to go camping with him? Ah nevermind. Bad Joke.

What's next? You gonna ask him if he's ever seen a grown man naked, or been in a turkish prison?

**imported_spankdidly** · 12-05-2007, 02:51 AM

Originally Posted by streaker69

What's next? You gonna ask him if he's ever seen a grown man naked, or been in a turkish prison?

No, I was going to ask you that Streaks. But, then again, I dont want to know.

BackTrack Linux - Penetration Testing Distribution

Thread: Hermes1 injection?

Thread Tools

Search Thread

Display

Hermes1 injection?

Posting Permissions