Notices

WPA/WAP2 capture works via airbase-ng: http://www.youtube.com/watch?v=3Zoxx2hnIK0

Hirte and Cafe Latte attack don't work however.

But still only channel 6, so useless

Yes, I hope it gets fixed. However in the case of the attack in the video the channel doesn't matter since the client will try to connect to the AP regardless of the channel.

Hey gang,

Did I do something wrong here? It appears I can only collect management and control frames. I'm not seeing data frames at all. I used both aircrack-ng and tcpdump (at different times).

Interface is obviously in monitor mode as I can see multiple probe requests/responses and beacon frames. But when I force data over the connections I see, I'm not seeing the data frames at all. The network I used was my own, open and visible by both aircrack-ng and tcpdump.

Anyone else experience this? Am I crazy??

Thanks!

Geezer

Hi Guys aircrack works only with 6 channell? And the other command airodump-ng, aireplay-ng and aircrack work?
I want to understand. can I use the same procedure that work with Ubuntu to crack Wep or Wpa ????

In this video http://www.youtube.com/watch?v=3Zoxx2hnIK0 he use the command airmode-ng.....

Haven't finished experimenting, but it seems the wl12xx driver does perform injection to some extent. I hackishly installed airpwn (and dependencies: lorcon, libnet, libpcap, libpcre) on my n900 and though spoofing didn't work, I fired up aireplay-ng -9 just after and bingo: high rates of injection success. airodump-ng also worked way better and on other channel besides the 6. Seems that airpwn succeeded in tickling the driver into an appropriate mode for injection.

wow, thats great! i don't get success to compile airpwn, i've compilet lorcon, installed deps, etc. can you post any binaris? have you made in SDK? or in a debian chroot?

http://rapidshare.com/files/327701899/airpwn.bz2.html

The following is a hack, use at your own risk.

Above files are the debs I created, most of them by their original source tarballs - not debian packages as there were always dependency issues when trying to compile. (libnet, libpcap, lorcon, pcre)

Install them on the n900. Warnings will be generated because they were compiled against a different libc or something -> ignore, they will install nonetheless.

The ugly part:
- ln -s /opt/lib/libpcre.so.0 /usr/lib/
- ln -s /opt/lib/libnet.so.1 /usr/lib/

And finally, supreme ugliness (faking the 2.4 python lib):

- ln -s /usr/lib/libpython2.5.so.1.0 /usr/lib/libpython2.4.so.1.0

airpwn is installed in /sbin/airpwn. It should run now. Fire it up, ctrl-c to shut it down. Then run aireplay-ng -9 wlan0. Injection should work. airodump-ng works like a charm now as well.

Oh, but I did not tell you: I used my custom compiled aircrack suite (0.9.3) - don't know if this has an influence.

http://rapidshare.com/files/32770797...ck-ng.bz2.html (should work out of the box)

As you see a lot more to explore when time is available...

Thanks for taking the time to post this freakyflint.

It did not work for me however. I tried both your aircrack-ng and the one from extra-devel.

I get 0/30 trying "aireplay-ng -9 wlan0" and I can't see anything other than channel 6.

Anything else you did other than airpwn?

By the way when using your debs airpwn was install in /opt/sbin/ not /usr/sbin.

Sorry can't really provide more for the moment. All I have is proof that somehow injection is possible by 1) associating with a network, 2) running airpwn then 3) injecting with aireplay-ng. One would have to explore some more to know what's happening (not me at this time).