ALFA WIFI USB ISSUES IN VMWARE & Solution

[merlin051]

I've had this result when have mac filtering is enabled, change your mac to match a client mac, or a mac that you know is allowed.

What model AP is it your trying to crack?

Try running; aireplay-ng -1 30 -q 1 -a APMAC -h WIFIMAC wlan0

Do you get any de-asociation packets when you start the frag attack?

[Headshot]

I didn't see you post the result of a -9 injection test. Headshot.

Also try the -4 attack

------Test (-9) Output--------

Code:

bt ~ # aireplay-ng -9 wlan0
10:10:45  Trying broadcast probe requests...
10:10:45  Injection is working!
10:10:47  Found 1 AP

10:10:47  Trying directed probe requests...
10:10:47  00:18:39:21:D2:** - channel: 4 - 'Wifi | Network' 
10:10:50  Ping (min/avg/max): 0.451ms/99.206ms/155.316ms Power: 47.93
10:10:50  30/30: 100%

-----Output -4 Attack-------

Code:

aireplay-ng -4 -b 00:18:39:21:D2:** -h 00:1D:4F:41:2A:** wlan0
10:29:06  Waiting for beacon frame (BSSID: 00:18:39:21:D2:**) on channel 4
Read 74 packets...

        Size: 92, FromDS: 1, ToDS: 0 (WEP)

              BSSID  =  00:18:39:21:D2:**
          Dest. MAC  =  00:1D:4F:41:2A:**
         Source MAC  =  00:18:39:21:D2:**

        0x0000:  0842 7b00 001d 4f41 2af1 0018 3921 d268  .B{...OA*...9!.h
        0x0010:  0018 3921 d268 202a 3fa1 2500 7520 feed  ..9!.h *?.%.u ..
        0x0020:  52f7 d19d 5085 4ebc 3b12 11d8 8602 16ea  R...P.N.;.......
        0x0030:  3b49 4a52 3470 4491 f6c7 24d7 9d5d e388  ;IJR4pD...$..]..
        0x0040:  2728 ac0f 64ed 26fa 4dc4 95cd 9822 eeb5  '(..d.&.M...."..
        0x0050:  cdf6 9f6a 05e6 898e 4035 f323            ...j....@5.#

Use this packet ? y

Saving chosen packet in replay_src-0104-102912.cap

Sent 9853 packets, current guess: 56...

The chopchop attack appears to have failed. Possible reasons:

    * You're trying to inject with an unsupported chipset (Centrino?).
    * The driver source wasn't properly patched for injection support.
    * You are too far from the AP. Get closer or reduce the send rate.
    * Target is 802.11g only but you are using a Prism2 or RTL8180.
    * The wireless interface isn't setup on the correct channel.
    * The client MAC you have specified is not currently authenticated.
      Try running another aireplay-ng to fake authentication (attack "-1").
    * The AP isn't vulnerable when operating in authenticated mode.
      Try aireplay-ng in non-authenticated mode instead (no -h option).

I've had this result when have mac filtering is enabled, change your mac to match a client mac, or a mac that you know is allowed.

What model AP is it your trying to crack?

Try running; aireplay-ng -1 30 -q 1 -a APMAC -h WIFIMAC wlan0

Do you get any de-asociation packets when you start the frag attack?

Code:

00:1D:4F:41:2A:** = Connected Client
00:18:39:21:D2:** = Router

aireplay-ng -1 30 -q 1 -a 00:18:39:21:D2:** -h 00:1D:4F:41:2A:** wlan0
The interface MAC (00:C0:CA:19:E1:11) doesn't match the specified MAC (-h).
        ifconfig wlan0 hw ether 00:1D:4F:41:2A:**
10:17:46  Waiting for beacon frame (BSSID: 00:18:39:21:D2:**) on channel 4

10:17:46  Sending Authentication Request (Open System) [ACK]
10:17:46  Authentication successful
10:17:46  Sending Association Request [ACK]
10:17:46  Association successful :-)
10:17:47  Sending keep-alive packet [ACK]
10:17:48  Sending keep-alive packet [ACK]
Keeps on going until 30 is reached

My Router Mode: Linksys wrt300n (WEP Encryption)

Still nothing

[shamanvirtuel]

CHECK THE CHIPSET INSIDE THE CARD, DISASSEMBLE IT AND HAVE A LOOK

[Headshot]

CHECK THE CHIPSET INSIDE THE CARD, DISASSEMBLE IT AND HAVE A LOOK

Why do have to open it up? Because when i do that, i will lose my warranty.
If i run airmon it returns the chipset right? RTL8187

I bought it here:
http://www.2com.nl/0,63,Backtrack-Wardrive-Set.html

-- they say:
Wlan USB stick RTL8187L chipset

I also used windows to check all hardware details, this also returns Realtek RTL8187L

This is the box btw:


.
Another strange this is, that it supports 54 Mbps, but when i run a bitrate test it says 11Mbps

EDIT
Ok, i have send a email to the place i bought it.
Telling them its not working with BT2 / BT3, while it SHOULD work with BT2 right away.

Translated to english:
This is pretty wierd, we sold quite a few of those, and never had any problems.
The Alfa USB has a RTL8187 chipset, exact the same as the wel known Alfa AWUS036H, see the included datasheet.
If you wish, we can send you the AWUS036H, if you send us the one you have right now back to us.
Wel could also cancel the order and refund you.

This is the datasheet of the one they could send me: (AWUS036H)
http://bt.solutiondesigns.net/500mW USB adapter.pdf

So the big question is, should i trade it? Or ask for refund?

[Headshot]

Review of the Alfa AWUS036H on BT3 beta
http://forums.remote-exploit.org/sho...light=AWUS036H

Seems like a better solution doesnt it?

[merlin051]

the AWUS036H rocks, but you might encounter the same problem, you got any friends that could grant you permission to test your card on thier AP's ??


try all the different attacks, sometimes some work and some dont, it really depends on the AP/distance/bitrate/packets.

Try deauthing a client while running the -3 attack, wait a while...

[shamanvirtuel]

because without vendor specific info you need to open it to get the right chipset

RTL8187L is not the same as RTL8187

L need to work with a patched driver....

Code:

ifconfig wlan0 down     
rmmod rtl8187
wget http://dl.aircrack-ng.org/drivers/rtl8187_linux_26.1010.zip
unzip rtl8187_linux_26.1010.zip
cd rtl8187_linux_26.1010.0622.2006/
wget http://patches.aircrack-ng.org/rtl8187_2.6.22.patch
tar xzf drv.tar.gz
tar xzf stack.tar.gz
patch -Np1 -i rtl8187_2.6.22.patch
make
make install

[TheHeffNerr]

i love my 036H
injects, connects, and has a huge range.
just my .02cents

[merlin051]

I'm not so sure that there is anything wrong with your card/chipset

check this, it says this is using the 8187L also,

I'm at work at the moment, will check mine when i get home.

Your injection test is working, I'd definitly try it on a friends AP with permission.

[Headshot]

because without vendor specific info you need to open it to get the right chipset

RTL8187L is not the same as RTL8187

L need to work with a patched driver....

Code:

ifconfig wlan0 down     
rmmod rtl8187
wget http://dl.aircrack-ng.org/drivers/rtl8187_linux_26.1010.zip
unzip rtl8187_linux_26.1010.zip
cd rtl8187_linux_26.1010.0622.2006/
wget http://patches.aircrack-ng.org/rtl8187_2.6.22.patch
tar xzf drv.tar.gz
tar xzf stack.tar.gz
patch -Np1 -i rtl8187_2.6.22.patch
make
make install

I dont have the RTL8187L, the pdf file shows the one, the could send me if this one doesn't work.

When running the first make command and second:

bt rtl8187_linux_26.1010.0622.2006 # make
rm -f ieee80211/Module.symvers 2>/dev/null
rm -f ieee80211/Modules.symvers 2>/dev/null
make -C ieee80211 all
make[1]: Entering directory `/root/rtl8187_linux_26.1010.0622.2006/ieee80211'
make -C /lib/modules/2.6.21.5/build M=/root/rtl8187_linux_26.1010.0622.2006/ieee80211 modules
make: Entering an unknown directory
make: *** /lib/modules/2.6.21.5/build: No such file or directory. Stop.
make: Leaving an unknown directory
make[1]: *** [modules] Error 2
make[1]: Leaving directory `/root/rtl8187_linux_26.1010.0622.2006/ieee80211'
make: *** [all] Error 2

bt rtl8187_linux_26.1010.0622.2006 # make install
install -d /lib/modules/2.6.21.5/kernel/drivers/net/wireless/rtl_ieee80211
install -d /lib/modules/2.6.21.5/kernel/drivers/net/wireless/rtl8187
install -m 644 ./ieee80211/*.ko /lib/modules/2.6.21.5/kernel/drivers/net/wireless/rtl_ieee80211
install: cannot stat `./ieee80211/*.ko': No such file or directory
make: *** [install] Error 1


Btw, if most people have good experience with AWUS036H, i can just send mine back and i get AWUS036H in return