Infiltrator

I agree airodump-ng is certainly a very good utility for monitoring the wireless traffic around you. You should also check out Kismet, as airodump-ng somethings doesn't show hidden SSID of the network, but If you know the MAC address of the access point in question, after sometime of monitoring airodump-ng will reveal the hidden SSID, of the network.

Yeah, I've known hak5 and have been in the forums for a long time. And Digip is one of the very few members that I know of that has ethics, knows his shit and is always willilng to help others. Congratulations, for your great work and commitment to the community.

To get your payload to connect back to your attacker machine, you definitely need to enable port fordwarding in your router. Also since you are using a dynamic IP address, I would recommend you to look into dyndns.org or no-ip.com, you need to find out which of the two your router supports. When logging into your router, there should be an option called DDNS or something similar. In there, you will need to supply your no-ip.com or dyndns.org account details. So that, whenever your external IP address, changes it gets synched with the URL.

I think it should be the other way around, instead of spoofing the mon0 interface, the wlan0 interface should be spoofed instead. I use one of the popular Alfa adapters, and I noticed that whenever I spoof the Wlan0 MAC address it automatically spoofs the MAC address of the mon0 interface too.

That just made me chucke! And in fact, the other day I had a similar occurance. I was doing a bit of airodumping around my network and notice a device authenticated to my wireless AP. At first I was like, wait a sec, there are only two people using the wifi, at this time of the night, myself and my dad, so who might the third one be. Logged into the router, went to the DHCP lease and under hostname, I saw a bunch of garbish, the MAC address wasn't recognizable, so I was like, how's this possible, my WPA2 key is over 35 characters, with random characters. Then I carefully, re-read the hostname and at the end of the hostname I read "SONY". I then, asked myself, who is SONY and I realized that is was my 55 inches plasma TV downstairs.

Just adding to what Digip suggested, if bringing the interfaces down and then up, doesn't clear the ARP cache. Run the following commands. ipconfig /flushdns[/CODE] Then, [CODE] netsh->interface->ip delete arpcache [/CODE] The netsh command requires elevated priveleges, so make sure you run CMD as administrator.

This is just a suggestion, it may or may not work but have you tried putting your wireless card mode into monitor, instead of managed? if you type iwconfig at the terminal, it should say if the card is in managed or monitor mode. Typing this command at the terminal will temporary change your card current mode into the chosen one. iwconfig wlan0 mode monitor [/CODE]

I don't know if you've tried these options, but it would be worth a shot. --osscan-limit --osscan-guess; --fuzzy --max-os-tries Here's the official link, if you need to know more details about these switches. http://nmap.org/book...-detection.html I'd also recommend, buying those books Digip suggested they are very good and will tell you a little bit more about Nmap.

Within DOS you can also use the "runas" command, not sure if that will be very effective in your case though. http://www.pcreview.co.uk/forums/can-use-command-run-dos-mode-t1731164.html

To deauth every client from the AP, use the following command. Aireplay-ng -0 10 -a <mac of access point> name interface [/CODE] To deauth a client only [CODE] aireplay-ng -0 1 -a <mac address of access point> -c <mac address of client> name of interface [/CODE] If you need more information, I suggest reading the aireplay-ng documentation. http://www.aircrack-...eauthentication

yeah, I know that sucks, you could use a Live USB or CD to boot Backtrack off that computer. That way, you don't have to install or update anything on that computer.

is this going to be a permanent thing, or only temporary?

I've been reading the pen-testing survey results, at the Digininja website and it does answer a lot of the questions. people are always asking and I highly recommend it.

I don't know if the pineapple A/C adapter has a voltage switch, or if it automatically switches between 110 or 240 volts. But if there are no lights coming on, it could be fried.

What wireless adapter are you using? Also, are you using VM or just a physical machine?

I think the OP is bluffing. With all the tight security around, the only thing that you can pay online is for your phone or internet bill. But I would like very much to know the exact process you followed. Unless, where you live there is no restrictions at all on how you renew your driver's license, which sounds a bit fishy.

Have you tried updating it?

Oh yeah, I remember that tool, I was pretty hooked into it, when I first heard about it. Then I heard about Cain and Abel, through a friend in high school.

Its called hackforums.net

In some cases, if the attack fails, is because the AP has MAC filtering enabled. As stated, in the aircrack-ng website. A way to bypass this restriction is to spoof your MAC address. http://www.aircrack-ng.org/doku.php?id=arp-request_reinjection

Most consumer routers will generally be in the range of 192.168.1.x,[/CODE] [CODE]192.168.0.x[/CODE] or [CODE]10.0.0.x.[/CODE] But to be certain, just head over to CMD and type ipconfig.

I have an Alfa awus036h with a 9dbi antenna and the signals are all hovering around -38 to -68. You might want to consider upgrading that antenna of yours.

There is a command in Windows, called Tasklist, it lists all the processes running on the background. If you want to display all the current processes running on a remote machine, I would recommend you to use PSexec + tasklist.

If you want to protect yourself against, arp poisoning I would recommend you to look into ArpON. It not only detects arp poiosing but it also blocks.

First off, when cracking WEP, you don't have to be authenticated to the AP. All you have to do is capture enough IVs, before attempting to crack the WEP key. In order to crack the WEP key more efficiently and fast, you can use aireplay-ng to generate traffic.