Jump to content

Trying to get TL-WN722N working with aircrack/wifite in Ubuntu 14.04


OpenFerret
 Share

Recommended Posts

Hi all,

I'm trying to get the TL-WN722N USB device working under Ubuntu 14.04 LTS, specifically with aircrack-ng and wifite.

I can run the USB device in monitor mode, but injection seems to be a problem.

I have to use the TL-WN722N because the built in wireless card in the Dell XPS (9333) is the intel 7260 wifi + bluetooth card, doesn't support monitor mode and injection (as far as I can see.)

Can anyone help me out here, or does anyone have any experience?

Edited by OpenFerret
Link to comment
Share on other sites

I have that card, except I'm running Gentoo. Could you run me through what you're doing and where things start to go awry so I can try the same here, hopefully reproduce it and see what we can do to remedy the situation?

Link to comment
Share on other sites

I have that card, except I'm running Gentoo. Could you run me through what you're doing and where things start to go awry so I can try the same here, hopefully reproduce it and see what we can do to remedy the situation?

Hi Cooper,

Thank you for taking time to help.

If I throw you what I have, can you see what I'm going by?

openferret@ubuntu:~$ lspci
00:00.0 Host bridge: Intel Corporation Haswell-ULT DRAM Controller (rev 09)
00:02.0 VGA compatible controller: Intel Corporation Haswell-ULT Integrated Graphics Controller (rev 09)
00:03.0 Audio device: Intel Corporation Haswell-ULT HD Audio Controller (rev 09)
00:14.0 USB controller: Intel Corporation Lynx Point-LP USB xHCI HC (rev 04)
00:16.0 Communication controller: Intel Corporation Lynx Point-LP HECI #0 (rev 04)
00:1b.0 Audio device: Intel Corporation Lynx Point-LP HD Audio Controller (rev 04)
00:1c.0 PCI bridge: Intel Corporation Lynx Point-LP PCI Express Root Port 1 (rev e4)
00:1c.2 PCI bridge: Intel Corporation Lynx Point-LP PCI Express Root Port 3 (rev e4)
00:1d.0 USB controller: Intel Corporation Lynx Point-LP USB EHCI #1 (rev 04)
00:1f.0 ISA bridge: Intel Corporation Lynx Point-LP LPC Controller (rev 04)
00:1f.2 SATA controller: Intel Corporation Lynx Point-LP SATA Controller 1 [AHCI mode] (rev 04)
00:1f.3 SMBus: Intel Corporation Lynx Point-LP SMBus Controller (rev 04)
02:00.0 Network controller: Intel Corporation Wireless 7260 (rev 6b)
openferret@ubuntu:~$ iwconfig
wlan1     IEEE 802.11bgn  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Power Management:off
          
lo        no wireless extensions.

wlan0     IEEE 802.11abgn  ESSID:"VM88***mine"  
          Mode:Managed  Frequency:5.18 GHz  Access Point: 9C:D3:6D:75:E8:10   
          Bit Rate=300 Mb/s   Tx-Power=16 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Power Management:on
          Link Quality=70/70  Signal level=-31 dBm  
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:23   Missed beacon:0
root@ubuntu:~# airmon-ng start wlan1


Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!

PID	Name
684	avahi-daemon
686	avahi-daemon
998	NetworkManager
1079	wpa_supplicant
14544	dhclient
Process with PID 14544 (dhclient) is running on interface wlan0


Interface	Chipset		Driver

wlan1		Atheros 	ath9k - [phy2]
				(monitor mode enabled on mon0)
wlan0		Unknown 	iwlwifi - [phy0]

When I try to use wifite for example, I can scan using the mon0 interface that I've setup with airmon-ng, but it doesn't detect the clients detected to my AP as seen here:

NUM ESSID                 CH  ENCR  POWER  WPS?  CLIENT
   --- --------------------  --  ----  -----  ----  ------
    1  VM88***mine           11  WPA2  55db    no 
    2  VM37*******            6  WPA2  37db    no 
    3  VM37*******            1  WPA2  30db    no 
    4  virginmedia*******     1  WPA2  30db    no 
    5  virginmedia*******     6  WPA2  26db    no 
    6  VM12*******            1  WPA2  26db    no 
    7  virginmedia*******    11  WPA2  25db    no 
    8  virginmedia*******     6  WPA2  16db    no 

 [+] select target numbers (1-8) separated by commas, or 'all': 1

 [+] 1 target selected.

 [0:08:20] starting wpa handshake capture on "VM88***mine"
 [0:07:44] listening for handshake... 

It then just keeps trying to send a deuath every so often and doesn't pick up any clients of get the WPA handshake.

If I try to use airodump-ng I get the following:

 CH -1 ][ Elapsed: 1 min ][ 2014-05-31 23:37                                         
                                                                                                                           
 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID                                            
                                                                                                                           
 08:BD:43:18:DA:A8  -55     1096        0    0   1  54e  WPA2 CCMP   PSK  VM37*******                                      
 00:8E:F2:C9:1D:AC  -67     1059       18    0   1  54e  WPA2 CCMP   PSK  virginmedia*******                               
 08:BD:43:16:CD:F0  -68     1082        0    0   1  54e  WPA2 CCMP   PSK  VM12*******                                      
 9C:D3:6D:26:DB:68  -81      543        0    0   1  54e  WPA2 CCMP   PSK  VM97*******                                      
 C4:04:15:E9:A1:50  -90        4        0    0   1  54e  WPA2 CCMP   PSK  VM87*******                                      
 9C:D3:6D:21:2D:80  -89       18        0    0   1  54e  WPA2 CCMP   PSK  VM20*******                                      
 9C:D3:6D:88:7B:68  -91        9        0    0   1  54e  WPA2 CCMP   PSK*******                                            
 9C:D3:6D:2A:E8:28  -72        2        0    0   6  54e  WPA2 CCMP   PSK  betti*******                                      
 10:0D:7F:C3:8E:B1  -72        2        0    0  11  54e  WPA2 CCMP   PSK  virginmedia*******                                
 00:8E:F2:E0:79:8C  -71        2        0    0   6  54e  WPA2 CCMP   PSK  virginmedia*******                                
 10:0D:7F:CD:ED:7A  -65        3        0    0   6  54e  WPA2 CCMP   PSK  virginmedia*******                                
 9C:D3:6D:65:D6:C0  -47        0        0    0   6  54e  WPA2 CCMP   PSK  VM37*******                                       
 9C:D3:6D:84:19:F0  -46        3        0    0  11  54e  WPA2 CCMP   PSK  VM88***mine                                       
                                                                                                                            
 BSSID              STATION            PWR   Rate    Lost  Packets  Probes                                                  
                                                                                                                            
 (not associated)   C0:4A:00:1E:E9:48    0    0 - 1      0       13                                                         
 (not associated)   00:23:14:C4:F0:58  -84    0 - 1      0        3                                                         
 (not associated)   E8:2A:EA:4C:21:51  -52    0 - 1      0        2      

For some reason, it still doesn't pick up any clients associated with my AP.

The if I try to inject a deuath attack with this:

root@ubuntu:~# aireplay-ng -0 0 -a 9C:D3:6D:84:19:F0 mon0
23:41:00  Waiting for beacon frame (BSSID: 9C:D3:6D:84:19:F0) on channel -1
23:41:00  Couldn't determine current channel for mon0, you should either force the operation with --ignore-negative-one or apply a kernel patch
Please specify an ESSID (-e).
root@ubuntu:~# 


(Or with wlan1 interface)

root@ubuntu:~# aireplay-ng -0 0 -a 9C:D3:6D:84:19:F0 wlan1
ioctl(SIOCSIWMODE) failed: Device or resource busy

ARP linktype is set to 1 (Ethernet) - expected ARPHRD_IEEE80211,
ARPHRD_IEEE80211_FULL or ARPHRD_IEEE80211_PRISM instead.  Make
sure RFMON is enabled: run 'airmon-ng start wlan1 <#>'
Sysfs injection support was not found either.
Edited by OpenFerret
Link to comment
Share on other sites

Okay, so here's me:

localhost ~ # lspci
00:00.0 Host bridge: Intel Corporation Core Processor DRAM Controller (rev 02)
00:01.0 PCI bridge: Intel Corporation Core Processor PCI Express x16 Root Port (rev 02)
00:16.0 Communication controller: Intel Corporation 5 Series/3400 Series Chipset HECI Controller (rev 06)
00:16.3 Serial controller: Intel Corporation 5 Series/3400 Series Chipset KT Controller (rev 06)
00:19.0 Ethernet controller: Intel Corporation 82577LM Gigabit Network Connection (rev 05)
00:1a.0 USB controller: Intel Corporation 5 Series/3400 Series Chipset USB2 Enhanced Host Controller (rev 05)
00:1b.0 Audio device: Intel Corporation 5 Series/3400 Series Chipset High Definition Audio (rev 05)
00:1c.0 PCI bridge: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 1 (rev 05)
00:1c.1 PCI bridge: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 2 (rev 05)
00:1c.3 PCI bridge: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 4 (rev 05)
00:1c.7 PCI bridge: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 8 (rev 05)
00:1d.0 USB controller: Intel Corporation 5 Series/3400 Series Chipset USB2 Enhanced Host Controller (rev 05)
00:1e.0 PCI bridge: Intel Corporation 82801 Mobile PCI Bridge (rev a5)
00:1f.0 ISA bridge: Intel Corporation Mobile 5 Series Chipset LPC Interface Controller (rev 05)
00:1f.2 SATA controller: Intel Corporation 5 Series/3400 Series Chipset 6 port SATA AHCI Controller (rev 05)
00:1f.6 Signal processing controller: Intel Corporation 5 Series/3400 Series Chipset Thermal Subsystem (rev 05)
01:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Broadway XT [Mobility Radeon HD 5870]
01:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Juniper HDMI Audio [Radeon HD 5700 Series]
44:00.0 Network controller: Intel Corporation Centrino Advanced-N 6200 (rev 35)
45:00.0 USB controller: NEC Corporation uPD720200 USB 3.0 Host Controller (rev 03)
46:06.0 SD Host controller: Ricoh Co Ltd R5C822 SD/SDIO/MMC/MS/MSPro Host Adapter (rev 25)
46:06.1 System peripheral: Ricoh Co Ltd R5C843 MMC Host Controller (rev 14)
46:06.2 System peripheral: Ricoh Co Ltd R5C592 Memory Stick Bus Host Adapter (rev 14)
46:06.3 System peripheral: Ricoh Co Ltd xD-Picture Card Controller (rev 14)
46:06.4 CardBus bridge: Ricoh Co Ltd RL5c476 II (rev bb)
ff:00.0 Host bridge: Intel Corporation Core Processor QuickPath Architecture Generic Non-core Registers (rev 02)
ff:00.1 Host bridge: Intel Corporation Core Processor QuickPath Architecture System Address Decoder (rev 02)
ff:02.0 Host bridge: Intel Corporation Core Processor QPI Link 0 (rev 02)
ff:02.1 Host bridge: Intel Corporation Core Processor QPI Physical 0 (rev 02)
ff:02.2 Host bridge: Intel Corporation Core Processor Reserved (rev 02)
ff:02.3 Host bridge: Intel Corporation Core Processor Reserved (rev 02)
localhost ~ # lsusb
Bus 002 Device 004: ID 0cf3:9271 Atheros Communications, Inc. AR9271 802.11n
Bus 002 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 004: ID 04f2:b15e Chicony Electronics Co., Ltd
Bus 001 Device 003: ID 03f0:231d Hewlett-Packard Broadcom 2070 Bluetooth Combo
Bus 001 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

I had to compile the ath9k_htc driver and download the firmware to get it going on this laptop. I typically use that stick only for my Pineapple.

Post-insertion it got renamed to the fascinating 'wlp0s29u1u1' by udevd (what's in a name, eh?) and dhcpcd promptly took control of it and associated it with my wireless lan.

localhost ~ # iwconfig
enp0s25   no wireless extensions.
sit0      no wireless extensions.
wlo1      IEEE 802.11abgn  ESSID:"MY_SSID" 
          Mode:Managed  Frequency:2.462 GHz  Access Point: 00:21:29:DE:16:63  
          Bit Rate=54 Mb/s   Tx-Power=15 dBm  
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=40/70  Signal level=-70 dBm 
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:4  Invalid misc:548   Missed beacon:0
lo        no wireless extensions.
wlp0s29u1u1  IEEE 802.11bgn  ESSID:"MY_SSID" 
          Mode:Managed  Frequency:2.437 GHz  Access Point: 10:FE:ED:F4:13:30  
          Bit Rate=150 Mb/s   Tx-Power=20 dBm  
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=41/70  Signal level=-69 dBm 
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:22   Missed beacon:0

Note that I have 2 APs in my house to truly cover every nook and cranny. They have the same ESSID and password configured, but they have a different netmask, as can also be seen here:

localhost ~ # ifconfig
enp0s25: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 64:31:50:78:0e:c9  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 20  memory 0xd4500000-d4520000 
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 14332  bytes 4539976 (4.3 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 14332  bytes 4539976 (4.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
sit0: flags=193<UP,RUNNING,NOARP>  mtu 1480
        inet6 ::127.0.0.1  prefixlen 96  scopeid 0x90<compat,host>
        sit  txqueuelen 0  (IPv6-in-IPv4)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
wlo1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.106  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::5a94:6bff:fe81:b2d8  prefixlen 64  scopeid 0x20<link>
        ether 58:94:6b:81:b2:d8  txqueuelen 1000  (Ethernet)
        RX packets 41252  bytes 26607397 (25.3 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 20795  bytes 3903300 (3.7 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
wlp0s29u1u1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.102  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::12fe:edff:fe26:581c  prefixlen 64  scopeid 0x20<link>
        ether 10:fe:ed:26:58:1c  txqueuelen 1000  (Ethernet)
        RX packets 146  bytes 29451 (28.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 36  bytes 4163 (4.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

So I'll start by unhooking the device from the dhcpcd daemon.

localhost ~ # dhcpcd -k wlp0s29u1u1
dhcpcd[14031]: sending commands to master dhcpcd process
localhost ~ # ifconfig wlp0s29u1u1 down

It might be worth noting that the Gentoo package names are "linux-firmware" for a large batch of device firmware blobs including the atheros one (assuming you don't want to just download and forget, like I did), "aircrack-ng" and for wifite you need to use an overlay which I'm not planning on doing so let's see how far we go.

localhost ~ # airmon-ng start wlp0s29u1u1
Found 3 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID     Name
1900    wpa_supplicant
1918    dhcpcd
13830   wpa_supplicant
Process with PID 1900 (wpa_supplicant) is running on interface wlo1
Process with PID 13830 (wpa_supplicant) is running on interface wlp0s29u1u1

Interface       Chipset         Driver
wlo1            Intel 6200      iwlwifi - [phy0]
wlp0s29u1u1             Atheros AR9271  ath9k - [phy1]
                                (monitor mode enabled on mon0)

Looks allright. Next I run 'airodump-ng mon0' which after a while settles on this:

CH 12 ][ Elapsed: 2 mins ][ 2014-06-01 12:44

BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID

00:21:29:DE:16:63  -55      203      748    0  11  54e  WPA  TKIP   PSK  MY_ESSID
00:23:69:19:3F:82  -71      105        0    0   1  54e  WPA2 CCMP   PSK  linksys
10:FE:ED:F4:13:30  -72      160        1    0   6  54e. WPA  CCMP   PSK  MY_ESSID
C0:C1:C0:9C:17:0E  -76      105        1    0   1  54e  WPA2 CCMP   PSK  LinksysE2000
C0:C1:C0:9C:17:0F  -76       96        0    0   1  54e  OPN              LinksysE2000-gast
00:13:10:1F:48:13  -80      105        0    0  11  54   WPA  TKIP   PSK  STREET 60
00:18:F6:F3:9A:75  -82       53        0    0   6  54e. WPA2 CCMP   PSK  STREET
4C:AC:0A:13:B2:F7  -84       62        1    0  11  54e  WPA2 CCMP   PSK  H220N13B2F7
9C:2A:70:30:19:32  -87       74        0    0   1  54e  WPA2 CCMP   PSK  Ziggo832E0
40:4A:03:C0:BB:37  -90       17        0    0  11  54   WEP  WEP         NAME_A
7C:05:07:A0:23:AE  -90       16        0    0   1  54e  WPA2 CCMP   PSK  Ziggo76412
7E:05:07:A0:23:AF  -90       28        0    0   1  54e  WPA2 CCMP   MGT  Ziggo
58:6D:8F:C6:19:C5  -91        0        0    0  11  54e  WPA2 CCMP   PSK  HVR

BSSID              STATION            PWR   Rate    Lost    Frames  Probe

(not associated)   00:26:BB:40:CA:B7  -89    0 - 1      0        9  linksys
(not associated)   28:10:7B:0E:EE:AB  -90    0 - 6      0        2  Netwerk-NAME
(not associated)   BC:CF:CC:53:0D:28  -91    0 - 1      0        2  H220N13B2F7
00:21:29:DE:16:63  A0:D3:C1:8A:2D:B4   -1   48e- 0      0        7
00:21:29:DE:16:63  58:94:6B:81:B2:D8  -31   48e-54      0        8
00:21:29:DE:16:63  18:9E:FC:8D:27:0B  -70   36e- 1e     0      762  MY_ESSID
10:FE:ED:F4:13:30  D8:50:E6:7D:C8:39  -72    0 - 6      0       14
4C:AC:0A:13:B2:F7  68:48:98:0B:72:7D  -87    0e- 1      0        2

I'm pretty sure that 18:9E:FC:8D:27:0B one is my iPhone playing a securitytube video.

So, time for attack:

localhost ~ # aireplay-ng -0 1 -a 00:21:29:DE:16:63 mon0
12:57:16  Waiting for beacon frame (BSSID: 00:21:29:DE:16:63) on channel 1
12:57:26  No such BSSID available.
Please specify an ESSID (-e).

Same as you. So let's do as it says and provide the ESSID:

localhost ~ # aireplay-ng -0 1 -a 00:21:29:DE:16:63 -e MY_ESSID mon0
12:58:38  Waiting for beacon frame (BSSID: 00:21:29:DE:16:63) on channel 1
12:58:48  No such BSSID available.

Here's the thing though... Why channel 1? Neither ESSID is on channel 1 so it can wait a HELL of a long time for a beacon frame there.

So let's set the device the appropriate channel, which in my case is 11:

localhost ~ # iwconfig
enp0s25   no wireless extensions.
sit0      no wireless extensions.
wlo1      IEEE 802.11abgn  ESSID:"MY_ESSID" 
          Mode:Managed  Frequency:2.462 GHz  Access Point: 00:21:29:DE:16:63  
          Bit Rate=1 Mb/s   Tx-Power=15 dBm  
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=42/70  Signal level=-68 dBm 
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:4  Invalid misc:581   Missed beacon:0
lo        no wireless extensions.
mon0      IEEE 802.11bgn  Mode:Monitor  Frequency:2.412 GHz  Tx-Power=20 dBm  
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off
         
wlp0s29u1u1  IEEE 802.11bgn  Mode:Monitor  Frequency:2.412 GHz  Tx-Power=20 dBm  
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off
         
localhost ~ # iwconfig wlp0s29u1u1 channel 11
localhost ~ # iwconfig
enp0s25   no wireless extensions.
sit0      no wireless extensions.
wlo1      IEEE 802.11abgn  ESSID:"ESSID" 
          Mode:Managed  Frequency:2.462 GHz  Access Point: 00:21:29:DE:16:63  
          Bit Rate=1 Mb/s   Tx-Power=15 dBm  
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=36/70  Signal level=-74 dBm 
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:4  Invalid misc:581   Missed beacon:0
lo        no wireless extensions.
mon0      IEEE 802.11bgn  Mode:Monitor  Frequency:2.462 GHz  Tx-Power=20 dBm  
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off
         
wlp0s29u1u1  IEEE 802.11bgn  Mode:Monitor  Frequency:2.462 GHz  Tx-Power=20 dBm  
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off

Note the change in the reported frequency for both mon0 and wlp0s29u1u1. Now when I try:

localhost ~ # aireplay-ng -0 0 -e Wirschell wlp0s29u1u1
13:13:12  Waiting for beacon frame (ESSID: Wirschell) on channel 11
Found BSSID "00:21:29:DE:16:63" to given ESSID "Wirschell".
NB: this attack is more effective when targeting
a connected wireless client (-c <client's mac>).
13:13:12  Sending DeAuth to broadcast -- BSSID: [00:21:29:DE:16:63]
13:13:13  Sending DeAuth to broadcast -- BSSID: [00:21:29:DE:16:63]
13:13:13  Sending DeAuth to broadcast -- BSSID: [00:21:29:DE:16:63]
13:13:14  Sending DeAuth to broadcast -- BSSID: [00:21:29:DE:16:63]
13:13:14  Sending DeAuth to broadcast -- BSSID: [00:21:29:DE:16:63]
13:13:15  Sending DeAuth to broadcast -- BSSID: [00:21:29:DE:16:63]
13:13:15  Sending DeAuth to broadcast -- BSSID: [00:21:29:DE:16:63]
13:13:16  Sending DeAuth to broadcast -- BSSID: [00:21:29:DE:16:63]
13:13:16  Sending DeAuth to broadcast -- BSSID: [00:21:29:DE:16:63]
13:13:16  Sending DeAuth to broadcast -- BSSID: [00:21:29:DE:16:63]

Looks pretty good to me.

Link to comment
Share on other sites

Run 'uname -a' for a kernel version and any of the aircrack-ng tools have a --help option that specifies their version.

I'm on Linux 3.14 and airodump says it's 1.2 beta 3.

If you're behind on either of these, see if you can find an updated package.

Link to comment
Share on other sites

I know you mention you're using Ubuntu but I'm 99.9% sure that the TL-WN722N works just fine with Kali 1.0.6/7, without any special driver installs. I have the TL-WN722N on my Pwnie PwnPad but I used it on my Kali laptop once when I left my Alfa's at the office.

Could you just boot a live CD of Kali and use that, might be easier?

Link to comment
Share on other sites

But then how will you deal with the next piece of hardware that just works out of the box on OS flavor X and not on Kali (like, I donno, some video card or whatever that is a bitch to setup *cough*ATI*cough*)?

My point is: Get to know your system. Wield it like your personal Excalibur. Know its strengths and weaknesses - and yours, and make it work. Switching now is like replacing your brand-new car for another also brand-new car because you don't like the color of the inside of the rear ashtray... And nobody you know smokes.

Yes, you could go for the next best thing, but I'm assuming that OS is on your machine for more reasons than to have something to kick-start a USB wireless adapter. Quite literally *ALL* Linux distros are capable of being transformed to the other distro. The only difference is the initial software package. If you just jump ship, what will you have learned? Or is the point to just drive some attacks and bitch and moan about how Microsoft sucks?

Link to comment
Share on other sites

Cooper is right... There is a solution to be had here.

I've started with ubuntu 14.04 because it works straight out of the box on my XPS 13, and I'm going to try my best to stay with it.

I'll get back to you tomorrow as need to hit some uni-work or this is going to take up all my time.

Many thanks once again Cooper!

Link to comment
Share on other sites

Hey OpenFerret, did you notice that iwconfig says your card's frequency is in the 5GHz range? The channels in that range are numbered 36 - 173 according to this so what it looks like to me is that your adapter is tuned to channel 36 and you're trying to transmit on channel 1. Set the channel of your interface to that of the one you're trying to transmit on and try again.

Link to comment
Share on other sites

Only on my internal card. The one that doesn't support injection or monitor mode.

The external is 2.4GHz and my access point brodcasts both a 5GHz and a 2.4GHz SSID.

I've checked my kernel and it is 3.13.0-27-generic

Aircrack version is the same as yours now I have installed from source instead if repos.

Link to comment
Share on other sites

Should all be good to go. When you do try, post the commands and their output like I did above. Makes it easier to work out what's happening and hopefully why.

Link to comment
Share on other sites

Right... Got it working in aircrack.

Had to install the most up to date version from the developer website and not use the version from the repo's and needed to sellect the channel when starting the mon0 interface using airmon-ng against wlan1.

Though I seem to remember that you never used to have to do this and the mon0 interface would just try all channels?

Next step if wifite.

Link to comment
Share on other sites

airodump-ng rushed through all the channels continuously but for the aireplay-ng attack to work I did have to set the channel.

Link to comment
Share on other sites

The bit in bold...

localhost ~ # iwconfig

enp0s25 no wireless extensions.

sit0 no wireless extensions.

wlo1 IEEE 802.11abgn ESSID:"MY_ESSID"

Mode:Managed Frequency:2.462 GHz Access Point: 00:21:29:DE:16:63

Bit Rate=1 Mb/s Tx-Power=15 dBm

Retry short limit:7 RTS thr:off Fragment thr:off

Encryption key:off

Power Management:off

Link Quality=42/70 Signal level=-68 dBm

Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0

Tx excessive retries:4 Invalid misc:581 Missed beacon:0

lo no wireless extensions.

mon0 IEEE 802.11bgn Mode:Monitor Frequency:2.412 GHz Tx-Power=20 dBm

Retry short limit:7 RTS thr:off Fragment thr:off

Power Management:off

wlp0s29u1u1 IEEE 802.11bgn Mode:Monitor Frequency:2.412 GHz Tx-Power=20 dBm

Retry short limit:7 RTS thr:off Fragment thr:off

Power Management:off

localhost ~ # iwconfig wlp0s29u1u1 channel 11

localhost ~ # iwconfig

enp0s25 no wireless extensions.

sit0 no wireless extensions.

wlo1 IEEE 802.11abgn ESSID:"ESSID"

Mode:Managed Frequency:2.462 GHz Access Point: 00:21:29:DE:16:63

Bit Rate=1 Mb/s Tx-Power=15 dBm

Retry short limit:7 RTS thr:off Fragment thr:off

Encryption key:off

Power Management:off

Link Quality=36/70 Signal level=-74 dBm

Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0

Tx excessive retries:4 Invalid misc:581 Missed beacon:0

lo no wireless extensions.

mon0 IEEE 802.11bgn Mode:Monitor Frequency:2.462 GHz Tx-Power=20 dBm

Retry short limit:7 RTS thr:off Fragment thr:off

Power Management:off

wlp0s29u1u1 IEEE 802.11bgn Mode:Monitor Frequency:2.462 GHz Tx-Power=20 dBm

Retry short limit:7 RTS thr:off Fragment thr:off

Power Management:off

Anyways, happy to see you've gone 2 steps forward (1st it works and 2nd you figured out how to make it work). Nicely done.

Edited by Cooper
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...