still learning Posted March 19, 2009 Posted March 19, 2009 Hello all, I have been playing with BT3 and keep getting this error when trying to run kismet "sudo kismet -c madwifi_g,wlan0,wlan0" (im useing a alfa ap, would that be considered a rougue ap?) Launching kismet_server: //usr/bin/kismet_server Suid priv-dropping disabled. This may not be secure. No specific sources given to be enabled, all will be enabled. Non-RFMon VAPs will be destroyed on multi-vap interfaces (ie, madwifi-ng) Enabling channel hopping. Enabling channel splitting. Source 0 (wlan0): Enabling monitor mode for madwifi_g source interface wlan0 channel 6... ERROR: Unable to create VAP: Operation not supported ERROR: Unable to create monitor-mode VAP WARNING: wlan0 appears to not accept the Madwifi-NG controls. Will attempt to configure it as a standard Madwifi-old interface. If you are using madwifi-ng, be sure to set the source interface to the wifiX control interface, NOT athX FATAL: Failed to retrieve list of private ioctls 95:Operation not supported Done. Also I tried to go into xchat with BT3 and it says not to go in as root and create a user account, but im unaware of how to do this on linux CLI, or in slackware. Any information is appriciated, thanks! Quote
dimitar Posted March 19, 2009 Posted March 19, 2009 First, in BT3, when you start Kismet it puts your interface in monitor mode automatically and it uses the madwifi drivers anyway, so you do not have to specify that. Second, you do not need to run commands with sudo. You are root in BT3 by default. So, all you have to do is type" kismet This will start Kismet, which will use the right drivers for you card, and it will put it in monitor mode. Third, from your output it looks like your wireless card might not support monitor mode and might not be supported by madwifi. Check here for compatibility: http://madwifi-project.org/wiki/Compatibility Quote
still learning Posted March 20, 2009 Author Posted March 20, 2009 Dimitar, thanks.. I tried both in ubuntu useing sudo and not useing sudo in backtrack 3, I have a windows xp laptop that I run BT3 live cd with the same usb AP and it works great. I'm trying to run it with my desktop now which runs ubuntu and BT3 useing VMplayer instead of the live cd and keep getting errors. I went into the konsole on BT3 and when i type ifconfig it shows the wlan0 w/ mac address and everything, and also detects it in Ubuntus CLI. I tried just a simple "Kismet" command to get it to run and it gave me the error. When I goto Ubuntus wifi radar GUI program it shows it as working.. Also I tried to go into xchat with BT3 and it says not to go in as root and create a user account, but im unaware of how to do this on linux CLI, or in slackware. Any information is appriciated, thanks! Quote
dimitar Posted March 20, 2009 Posted March 20, 2009 To add a user in Linux command line, you just have to type the following command: adduser username Where "username" is the name you want to give to the user. For example: adduser mike. It will prompt you to enter a password. Once it is done, it will create the user "mike", create a group called "mike" for that user and created a home directory. Now you can log in as that user. Just do: su - mike It prompts you for the password and now you have become "mike". As far as your Kismet issue... I am not surprised that it does not work in Ubuntu. In order for it to work with Ubuntu, you need to install the madwifi drivers and then load them every time the kernel starts by editing the /etc/modules file (that is what I did with my Ubuntu and it works like a charm) or you have to run this command after each reboot (I am assuming your wireless has an Atheros chipset): sudo modprobe ath_pci What happens when you boot your desktop into the BT3 live CD? Does it work then? Quote
still learning Posted March 20, 2009 Author Posted March 20, 2009 I am on BT3 live cd now on the desktop still getting an error.. it seems it works with the live cd on my laptop with windows but not my desktop with ubuntu .. this is the error i receive bt ~ # kismet Launching kismet_server: /usr/local/bin/kismet_server Suid priv-dropping disabled. This may not be secure. No specific sources given to be enabled, all will be enabled. Non-RFMon VAPs will be destroyed on multi-vap interfaces (ie, madwifi-ng) Enabling channel hopping. Enabling channel splitting. NOTICE: Disabling channel hopping, no enabled sources are able to change channel. Source 0 (addme): Opening none source interface none... FATAL: Please configure at least one packet source. Kismet will not function if no packet sources are defined in kismet.conf or on the command line. Please read the README for more information about configuring Kismet. (Where is this legendary Readme file at in linux "man kismet?") Kismet exiting. Done. it shows the ap device in ifconfig as wlan0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:3 dropped:202 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) but i had to manually find it by doing a "ifconfig wlan0 up" command my ap is a alfa usb model# awus036h.. How do i configure the config file or what do i need to do to configure it correctly? I have been useing nano editor for practice, so im guessing the command to edit would be "nano /etc/modules/kismet/kismet.conf" or something like that? What do I have to edit on every reboot? Thanks for all your help! Quote
dimitar Posted March 21, 2009 Posted March 21, 2009 You have to edit your kismet.conf file. The easiest way for you to do that is with gedit. Just run: sudo gedit /etc/kismet/kismet.conf Then you have to edit the following lines: suiduser=username Put your user name above in place of "username". #source=none,none,addme Uncomment this line and add the needed info. In my file this line looks like this: source=madwifing_g,wifi0,atheros The last value "atheros" is just the name I have given to that source interface, so it is a free text value. If you are sure that your card works with madwifi drivers, then the source line for you should look like this: source=madwifing_g,wifi0,awus036h Here is some more info... just keep in mind that your wirless card has a Realtek chipset rtl8187 (look at "12. Capture Sources") : http://www.kismetwireless.net/documentation.shtml Quote
still learning Posted March 22, 2009 Author Posted March 22, 2009 You have to edit your kismet.conf file. The easiest way for you to do that is with gedit. Just run: sudo gedit /etc/kismet/kismet.conf Then you have to edit the following lines: suiduser=username Put your user name above in place of "username". #source=none,none,addme Uncomment this line and add the needed info. In my file this line looks like this: source=madwifing_g,wifi0,atheros The last value "atheros" is just the name I have given to that source interface, so it is a free text value. If you are sure that your card works with madwifi drivers, then the source line for you should look like this: source=madwifing_g,wifi0,awus036h Here is some more info... just keep in mind that your wirless card has a Realtek chipset rtl8187 (look at "12. Capture Sources") : http://www.kismetwireless.net/documentation.shtml awesome thanks! The source for the alfa ap model awus036h is "source=rt8180,wlan0,ALFA" for the config file got it working now.. will i have to edit programs need to crack wep also? like aircrack_ng or airmon, airodump, ect..? Kismet is working but now airodump is giving me and error of ":~$ sudo airodump-ng wlan0 -w wepcrackingtest2 -c 1 ioctl(SIOCSIWMODE) failed: Device or resource busy ARP linktype is set to 1 (Ethernet) - expected ARPHRD_IEEE80211 or ARPHRD_IEEE80211_PRISM instead. Make sure RFMON is enabled: run 'ifconfig wlan0 up; iwconfig wlan0 mode Monitor channel <#>' Sysfs injection support was not found either." I allready did a ifconfig wlan0 up, but it still gave me that error, i also double checked with ifconfig and it shows it as active.. Quote
dimitar Posted March 23, 2009 Posted March 23, 2009 Your airodump command is wrong. To start airodump to find all the available APs do (you got Kismet working, so you don't need this, because you can get all that info from there): airodump-ng --band bg wlan0 To start capturing the IVs of the targeted AP in a file do: airodump-ng -i -c 6 --bssid 00:0F:66:47:1D:1F -w tocrack wlan0 * -i collect only IVs, which are used for the cracking * -c 6 is the channel for the wireless network * --bssid 00:0F:66:47:1D:1F is the access point MAC address. This eliminate extraneous traffic. * -w capture is file name prefix for the file which will contain the IVs. * wlan0 is the interface name Quote
still learning Posted March 23, 2009 Author Posted March 23, 2009 Your airodump command is wrong. To start airodump to find all the available APs do (you got Kismet working, so you don't need this, because you can get all that info from there): airodump-ng --band bg wlan0 To start capturing the IVs of the targeted AP in a file do: airodump-ng -i -c 6 --bssid 00:0F:66:47:1D:1F -w tocrack wlan0 * -i collect only IVs, which are used for the cracking * -c 6 is the channel for the wireless network * --bssid 00:0F:66:47:1D:1F is the access point MAC address. This eliminate extraneous traffic. * -w capture is file name prefix for the file which will contain the IVs. * wlan0 is the interface name so pretty much the process is to crack my own wep is.. use a program like kismet or something to get all the info i need like BSSID, ESSID, channel, mac address, ect.. then use that info with airodump-ng to gather information from the packets that are being sent over the wifi network, then save it to a file use the saved file from above with aircrack-ng to get the passphrase or wep key to access my own wifi and bypass the wep? or am i missing a step in the process? thanks man you are a great help :-) Quote
dimitar Posted March 24, 2009 Posted March 24, 2009 Yes... what you described is called the "passive" method. You can do only this, but then it might take you days even weeks to crack it, depending on how many clients are connected to the AP and how active they are. But if you want to speed up the process quite a bit... then you are missing a step. This step has to do with injecting packets to the targeted AP. In this way you can crack a WEP key of an AP that has no clients and no activity. Depending on the length of the WEP key, it takes me anywhere between 2 to 30 min. to crack it. So here is the command you need to execute after you run the airodump to capture the packets: aireplay-ng -3 -e SSID wlan0 I probably don't have to tell you that here SSID is substituted with the SSID (name) of the AP. Once you run it.... what you are looking for is for those IV packets to start climbing up fast. This might take a couple of minutes though... so you have to be patient. If the AP has no clients, then you have to run (while the above command is still running, so use different terminals): aireplay-ng -1 5 -q 10 -e SSID wlan0 which will try to create an association packet that will be picked up by the previous command and replayed over and over again until you have enough IV packets. Quote
still learning Posted March 26, 2009 Author Posted March 26, 2009 Very nice.. I have been reading more about aireplay-ng and think I will have to use this method to crack my own WEP since there is no data going over my wireless network. I tried the aireplay-ng --help command and played around with diffrent options and such but cant seem to get it to work, I also tried both of the commands you helped me with and no luck. What is a basic command, or the break down of the cli command for it?.. usage "usage: aireplay-ng <options> <replay interface>" (BTW It says I have Aireplay-ng 1.0 beta1, that cant be the newest version is it?, if not how do I update it?) so for example I put in sudo aireplay-ng then what.. I need to put in the mac address of both my AP im useing to access the Wifi router, and the wifi routers mac address along with a attack method such as -3 and at the end "wlan0" since that is how my pc reads the alfa ap? thanks again :-) Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.