Notices

hi guyz,

im sorry if this i a repeat question but i cant find the solution to this problem. today i received the bleeding edge wifi driver so i installed that.. this means i can now use the injection mode. i then installed aircrack-ng from the repository but when i try to use it to crack wireless password (my router - just for fun), i get the following problems:

1) airmon-ng comman does not put wlan0 to monitor mode. To solve this problem i used iwconfig wlan0 mode monitor and it works. but i want to find out why i cant get it in monitor mode.

2) when i use airodump-ng command, i get no handshakes i have tried a lot but i cant get that. i have no clue how to get the handshake working

please someone help! i need urgent help!

seriously no one?

It's just these answers exist on this forum... So people aren't motivated to help.

I'll answer the first one for you. (I can't help you with the second for three reasons: 1 you didn't list enough details about what is and isn't working and what you're doing, and what happens when you try; 2 I'm an Aircrack-NG newb myself; 3 you're better off taking the time to learn everything you can about aircrack-ng and wifi networks gradually, from the ground up. Don't rush into "Oh I want to crack this WPA network, gotta catch some handshakes" - fiddle with injection, with capturing packets, read up on whatever aspects of WiFi communication you feel excited about learning a given day... etc.)

Anyway, airmon-ng uses iw(something) as a backend. The aircrack-ng in the repositories, for some reason, conflicts with "iw". So if you try to "apt-get install iw", it'll throw a fit about conflicts, or something like that.

What you do to get around this, if you're not up for waiting until someone takes over aircrack-ng maintenance and ports a later version and removes that conflict, is uninstall aircrack-ng, run the above command to install "iw" (as root, like all apt-get commands typically have to be run), and then compile the latest Aircrack-NG suite yourself from the source code available in the SVN database on their site. It's pretty easy, though rather time consuming. Either you do it on your computer if you're running Linux, or you install a Linux virtual machine (I recommend Debian), then use the wiki link on this site to download the installer with which you install Scratchbox, run the /scratchbox/login command, change target to ARMEL instead of x86, use SVN to get the aircrack-ng code, and compile, then copy the binaries it produces out into the N900.

thanks man!

for the monitor mode dont you think the following will work?:

ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up

it does put wlan0 in monitor mode by then when i try:
=> airodump-ng -c 1 --bssid (whatever it is e.g. 00:14:6C:7E:40:80) -w key wlan0

it doesnt give me any handshake. sometimes i get "interface wlan0 down" which actually it isnt lol.

What you posted does work. I was just saying that if you don't want to deal with having to type those three commands in quick succession, one of the above solutions was necessary.

If I understand correctly, handshakes only happen when clients try to communicate with the access point. So if you're the only one there, and no one else is connecting to your test wifi point, you're not going to get handshakes.

Good monitor mode tests would be aireplay-ng -9 wlan0, or, say, airodump-ng (but without any options, so that it just shows you a terminal with a bunch of outputs). If you can detect traffic, and injection reports itself working (and actually seems to work), monitor mode is fine, and it's just something about catching handshakes that's wrong.

For testing purposes, you can also set up a WEP access point instead of WPA, and then see if you can capture IVs.

so you are saying that inorder to crack wpa key, while i run the airodump-ng command, someone needs to connect to that access point? what if someone is already connected to it?

As far as I know, yes, someone needs to connect, or at least try to connect.

If someone's already connected, that's what the deauthentication attack is for. "aireplay-ng -0" (with the MAC address or essid of the network you're targetting, and if you know the MAC address of the client, you can target the connected client(s) specifically one by one).

By sending deauth packets, you're basically telling the client "you've been deauthenticated from the network", at which point they assume they have to reauthenticate, so they restart the authentication/handshake process with the access point.