Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 32

Thread: ALFA WIFI USB ISSUES IN VMWARE & Solution

  1. #11
    Member
    Join Date
    Mar 2007
    Posts
    204

    Default

    I've had this result when have mac filtering is enabled, change your mac to match a client mac, or a mac that you know is allowed.

    What model AP is it your trying to crack?

    Try running; aireplay-ng -1 30 -q 1 -a APMAC -h WIFIMAC wlan0

    Do you get any de-asociation packets when you start the frag attack?

  2. #12
    Junior Member Headshot's Avatar
    Join Date
    Dec 2007
    Posts
    61

    Default

    Quote Originally Posted by pureh@te View Post
    I didn't see you post the result of a -9 injection test. Headshot.

    Also try the -4 attack
    ------Test (-9) Output--------
    Code:
    bt ~ # aireplay-ng -9 wlan0
    10:10:45  Trying broadcast probe requests...
    10:10:45  Injection is working!
    10:10:47  Found 1 AP
    
    10:10:47  Trying directed probe requests...
    10:10:47  00:18:39:21:D2:** - channel: 4 - 'Wifi | Network' 
    10:10:50  Ping (min/avg/max): 0.451ms/99.206ms/155.316ms Power: 47.93
    10:10:50  30/30: 100%
    -----Output -4 Attack-------

    Code:
    aireplay-ng -4 -b 00:18:39:21:D2:** -h 00:1D:4F:41:2A:** wlan0
    10:29:06  Waiting for beacon frame (BSSID: 00:18:39:21:D2:**) on channel 4
    Read 74 packets...
    
            Size: 92, FromDS: 1, ToDS: 0 (WEP)
    
                  BSSID  =  00:18:39:21:D2:**
              Dest. MAC  =  00:1D:4F:41:2A:**
             Source MAC  =  00:18:39:21:D2:**
    
            0x0000:  0842 7b00 001d 4f41 2af1 0018 3921 d268  .B{...OA*...9!.h
            0x0010:  0018 3921 d268 202a 3fa1 2500 7520 feed  ..9!.h *?.%.u ..
            0x0020:  52f7 d19d 5085 4ebc 3b12 11d8 8602 16ea  R...P.N.;.......
            0x0030:  3b49 4a52 3470 4491 f6c7 24d7 9d5d e388  ;IJR4pD...$..]..
            0x0040:  2728 ac0f 64ed 26fa 4dc4 95cd 9822 eeb5  '(..d.&.M...."..
            0x0050:  cdf6 9f6a 05e6 898e 4035 f323            ...j....@5.#
    
    Use this packet ? y
    
    Saving chosen packet in replay_src-0104-102912.cap
    
    Sent 9853 packets, current guess: 56...
    
    The chopchop attack appears to have failed. Possible reasons:
    
        * You're trying to inject with an unsupported chipset (Centrino?).
        * The driver source wasn't properly patched for injection support.
        * You are too far from the AP. Get closer or reduce the send rate.
        * Target is 802.11g only but you are using a Prism2 or RTL8180.
        * The wireless interface isn't setup on the correct channel.
        * The client MAC you have specified is not currently authenticated.
          Try running another aireplay-ng to fake authentication (attack "-1").
        * The AP isn't vulnerable when operating in authenticated mode.
          Try aireplay-ng in non-authenticated mode instead (no -h option).
    Quote Originally Posted by merlin051 View Post
    I've had this result when have mac filtering is enabled, change your mac to match a client mac, or a mac that you know is allowed.

    What model AP is it your trying to crack?

    Try running; aireplay-ng -1 30 -q 1 -a APMAC -h WIFIMAC wlan0

    Do you get any de-asociation packets when you start the frag attack?
    Code:
    00:1D:4F:41:2A:** = Connected Client
    00:18:39:21:D2:** = Router
    
    aireplay-ng -1 30 -q 1 -a 00:18:39:21:D2:** -h 00:1D:4F:41:2A:** wlan0
    The interface MAC (00:C0:CA:19:E1:11) doesn't match the specified MAC (-h).
            ifconfig wlan0 hw ether 00:1D:4F:41:2A:**
    10:17:46  Waiting for beacon frame (BSSID: 00:18:39:21:D2:**) on channel 4
    
    10:17:46  Sending Authentication Request (Open System) [ACK]
    10:17:46  Authentication successful
    10:17:46  Sending Association Request [ACK]
    10:17:46  Association successful :-)
    10:17:47  Sending keep-alive packet [ACK]
    10:17:48  Sending keep-alive packet [ACK]
    Keeps on going until 30 is reached

    My Router Mode: Linksys wrt300n (WEP Encryption)

    Still nothing
    01010111101001011101010101000010101010101
    10010100011010010010101010111010010111100
    ----------------
    Back|Track * Beginner :o

  3. #13
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    CHECK THE CHIPSET INSIDE THE CARD, DISASSEMBLE IT AND HAVE A LOOK
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  4. #14
    Junior Member Headshot's Avatar
    Join Date
    Dec 2007
    Posts
    61

    Default

    Quote Originally Posted by shamanvirtuel View Post
    CHECK THE CHIPSET INSIDE THE CARD, DISASSEMBLE IT AND HAVE A LOOK
    Why do have to open it up? Because when i do that, i will lose my warranty.
    If i run airmon it returns the chipset right? RTL8187

    I bought it here:
    http://www.2com.nl/0,63,Backtrack-Wardrive-Set.html

    -- they say:

    Wlan USB stick RTL8187L chipset

    I also used windows to check all hardware details, this also returns Realtek RTL8187L

    This is the box btw:


    .
    Another strange this is, that it supports 54 Mbps, but when i run a bitrate test it says 11Mbps

    EDIT

    Ok, i have send a email to the place i bought it.
    Telling them its not working with BT2 / BT3, while it SHOULD work with BT2 right away.

    Translated to english:
    This is pretty wierd, we sold quite a few of those, and never had any problems.
    The Alfa USB has a RTL8187 chipset, exact the same as the wel known Alfa AWUS036H, see the included datasheet.
    If you wish, we can send you the AWUS036H, if you send us the one you have right now back to us.
    Wel could also cancel the order and refund you.

    This is the datasheet of the one they could send me: (AWUS036H)
    http://bt.solutiondesigns.net/500mW USB adapter.pdf

    So the big question is, should i trade it? Or ask for refund?
    01010111101001011101010101000010101010101
    10010100011010010010101010111010010111100
    ----------------
    Back|Track * Beginner :o

  5. #15
    Junior Member Headshot's Avatar
    Join Date
    Dec 2007
    Posts
    61

    Default

    Review of the Alfa AWUS036H on BT3 beta
    http://forums.remote-exploit.org/sho...light=AWUS036H

    Seems like a better solution doesnt it?
    01010111101001011101010101000010101010101
    10010100011010010010101010111010010111100
    ----------------
    Back|Track * Beginner :o

  6. #16
    Member
    Join Date
    Mar 2007
    Posts
    204

    Default

    the AWUS036H rocks, but you might encounter the same problem, you got any friends that could grant you permission to test your card on thier AP's ??


    try all the different attacks, sometimes some work and some dont, it really depends on the AP/distance/bitrate/packets.

    Try deauthing a client while running the -3 attack, wait a while...

  7. #17
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    because without vendor specific info you need to open it to get the right chipset

    RTL8187L is not the same as RTL8187

    L need to work with a patched driver....

    Code:
    ifconfig wlan0 down     
    rmmod rtl8187
    wget http://dl.aircrack-ng.org/drivers/rtl8187_linux_26.1010.zip
    unzip rtl8187_linux_26.1010.zip
    cd rtl8187_linux_26.1010.0622.2006/
    wget http://patches.aircrack-ng.org/rtl8187_2.6.22.patch
    tar xzf drv.tar.gz
    tar xzf stack.tar.gz
    patch -Np1 -i rtl8187_2.6.22.patch
    make
    make install
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  8. #18
    Just burned his ISO
    Join Date
    Apr 2007
    Posts
    10

    Default

    i love my 036H
    injects, connects, and has a huge range.
    just my .02cents

  9. #19
    Member
    Join Date
    Mar 2007
    Posts
    204

    Default

    I'm not so sure that there is anything wrong with your card/chipset

    check this, it says this is using the 8187L also,

    I'm at work at the moment, will check mine when i get home.

    Your injection test is working, I'd definitly try it on a friends AP with permission.

  10. #20
    Junior Member Headshot's Avatar
    Join Date
    Dec 2007
    Posts
    61

    Default

    Quote Originally Posted by shamanvirtuel View Post
    because without vendor specific info you need to open it to get the right chipset

    RTL8187L is not the same as RTL8187

    L need to work with a patched driver....

    Code:
    ifconfig wlan0 down     
    rmmod rtl8187
    wget http://dl.aircrack-ng.org/drivers/rtl8187_linux_26.1010.zip
    unzip rtl8187_linux_26.1010.zip
    cd rtl8187_linux_26.1010.0622.2006/
    wget http://patches.aircrack-ng.org/rtl8187_2.6.22.patch
    tar xzf drv.tar.gz
    tar xzf stack.tar.gz
    patch -Np1 -i rtl8187_2.6.22.patch
    make
    make install
    I dont have the RTL8187L, the pdf file shows the one, the could send me if this one doesn't work.

    When running the first make command and second:

    bt rtl8187_linux_26.1010.0622.2006 # make
    rm -f ieee80211/Module.symvers 2>/dev/null
    rm -f ieee80211/Modules.symvers 2>/dev/null
    make -C ieee80211 all
    make[1]: Entering directory `/root/rtl8187_linux_26.1010.0622.2006/ieee80211'
    make -C /lib/modules/2.6.21.5/build M=/root/rtl8187_linux_26.1010.0622.2006/ieee80211 modules
    make: Entering an unknown directory
    make: *** /lib/modules/2.6.21.5/build: No such file or directory. Stop.
    make: Leaving an unknown directory
    make[1]: *** [modules] Error 2
    make[1]: Leaving directory `/root/rtl8187_linux_26.1010.0622.2006/ieee80211'
    make: *** [all] Error 2


    bt rtl8187_linux_26.1010.0622.2006 # make install
    install -d /lib/modules/2.6.21.5/kernel/drivers/net/wireless/rtl_ieee80211
    install -d /lib/modules/2.6.21.5/kernel/drivers/net/wireless/rtl8187
    install -m 644 ./ieee80211/*.ko /lib/modules/2.6.21.5/kernel/drivers/net/wireless/rtl_ieee80211
    install: cannot stat `./ieee80211/*.ko': No such file or directory
    make: *** [install] Error 1


    Btw, if most people have good experience with AWUS036H, i can just send mine back and i get AWUS036H in return
    01010111101001011101010101000010101010101
    10010100011010010010101010111010010111100
    ----------------
    Back|Track * Beginner :o

Page 2 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •