OpenFerret Posted May 31, 2014 Share Posted May 31, 2014 (edited) Hi all, I'm trying to get the TL-WN722N USB device working under Ubuntu 14.04 LTS, specifically with aircrack-ng and wifite. I can run the USB device in monitor mode, but injection seems to be a problem. I have to use the TL-WN722N because the built in wireless card in the Dell XPS (9333) is the intel 7260 wifi + bluetooth card, doesn't support monitor mode and injection (as far as I can see.) Can anyone help me out here, or does anyone have any experience? Edited May 31, 2014 by OpenFerret Quote Link to comment Share on other sites More sharing options...
cooper Posted May 31, 2014 Share Posted May 31, 2014 I have that card, except I'm running Gentoo. Could you run me through what you're doing and where things start to go awry so I can try the same here, hopefully reproduce it and see what we can do to remedy the situation? Quote Link to comment Share on other sites More sharing options...
OpenFerret Posted May 31, 2014 Author Share Posted May 31, 2014 (edited) I have that card, except I'm running Gentoo. Could you run me through what you're doing and where things start to go awry so I can try the same here, hopefully reproduce it and see what we can do to remedy the situation? Hi Cooper, Thank you for taking time to help. If I throw you what I have, can you see what I'm going by? openferret@ubuntu:~$ lspci 00:00.0 Host bridge: Intel Corporation Haswell-ULT DRAM Controller (rev 09) 00:02.0 VGA compatible controller: Intel Corporation Haswell-ULT Integrated Graphics Controller (rev 09) 00:03.0 Audio device: Intel Corporation Haswell-ULT HD Audio Controller (rev 09) 00:14.0 USB controller: Intel Corporation Lynx Point-LP USB xHCI HC (rev 04) 00:16.0 Communication controller: Intel Corporation Lynx Point-LP HECI #0 (rev 04) 00:1b.0 Audio device: Intel Corporation Lynx Point-LP HD Audio Controller (rev 04) 00:1c.0 PCI bridge: Intel Corporation Lynx Point-LP PCI Express Root Port 1 (rev e4) 00:1c.2 PCI bridge: Intel Corporation Lynx Point-LP PCI Express Root Port 3 (rev e4) 00:1d.0 USB controller: Intel Corporation Lynx Point-LP USB EHCI #1 (rev 04) 00:1f.0 ISA bridge: Intel Corporation Lynx Point-LP LPC Controller (rev 04) 00:1f.2 SATA controller: Intel Corporation Lynx Point-LP SATA Controller 1 [AHCI mode] (rev 04) 00:1f.3 SMBus: Intel Corporation Lynx Point-LP SMBus Controller (rev 04) 02:00.0 Network controller: Intel Corporation Wireless 7260 (rev 6b) openferret@ubuntu:~$ iwconfig wlan1 IEEE 802.11bgn ESSID:off/any Mode:Managed Access Point: Not-Associated Tx-Power=20 dBm Retry long limit:7 RTS thr:off Fragment thr:off Power Management:off lo no wireless extensions. wlan0 IEEE 802.11abgn ESSID:"VM88***mine" Mode:Managed Frequency:5.18 GHz Access Point: 9C:D3:6D:75:E8:10 Bit Rate=300 Mb/s Tx-Power=16 dBm Retry long limit:7 RTS thr:off Fragment thr:off Power Management:on Link Quality=70/70 Signal level=-31 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:23 Missed beacon:0 root@ubuntu:~# airmon-ng start wlan1 Found 5 processes that could cause trouble. If airodump-ng, aireplay-ng or airtun-ng stops working after a short period of time, you may want to kill (some of) them! PID Name 684 avahi-daemon 686 avahi-daemon 998 NetworkManager 1079 wpa_supplicant 14544 dhclient Process with PID 14544 (dhclient) is running on interface wlan0 Interface Chipset Driver wlan1 Atheros ath9k - [phy2] (monitor mode enabled on mon0) wlan0 Unknown iwlwifi - [phy0] When I try to use wifite for example, I can scan using the mon0 interface that I've setup with airmon-ng, but it doesn't detect the clients detected to my AP as seen here: NUM ESSID CH ENCR POWER WPS? CLIENT --- -------------------- -- ---- ----- ---- ------ 1 VM88***mine 11 WPA2 55db no 2 VM37******* 6 WPA2 37db no 3 VM37******* 1 WPA2 30db no 4 virginmedia******* 1 WPA2 30db no 5 virginmedia******* 6 WPA2 26db no 6 VM12******* 1 WPA2 26db no 7 virginmedia******* 11 WPA2 25db no 8 virginmedia******* 6 WPA2 16db no [+] select target numbers (1-8) separated by commas, or 'all': 1 [+] 1 target selected. [0:08:20] starting wpa handshake capture on "VM88***mine" [0:07:44] listening for handshake... It then just keeps trying to send a deuath every so often and doesn't pick up any clients of get the WPA handshake. If I try to use airodump-ng I get the following: CH -1 ][ Elapsed: 1 min ][ 2014-05-31 23:37 BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID 08:BD:43:18:DA:A8 -55 1096 0 0 1 54e WPA2 CCMP PSK VM37******* 00:8E:F2:C9:1D:AC -67 1059 18 0 1 54e WPA2 CCMP PSK virginmedia******* 08:BD:43:16:CD:F0 -68 1082 0 0 1 54e WPA2 CCMP PSK VM12******* 9C:D3:6D:26:DB:68 -81 543 0 0 1 54e WPA2 CCMP PSK VM97******* C4:04:15:E9:A1:50 -90 4 0 0 1 54e WPA2 CCMP PSK VM87******* 9C:D3:6D:21:2D:80 -89 18 0 0 1 54e WPA2 CCMP PSK VM20******* 9C:D3:6D:88:7B:68 -91 9 0 0 1 54e WPA2 CCMP PSK******* 9C:D3:6D:2A:E8:28 -72 2 0 0 6 54e WPA2 CCMP PSK betti******* 10:0D:7F:C3:8E:B1 -72 2 0 0 11 54e WPA2 CCMP PSK virginmedia******* 00:8E:F2:E0:79:8C -71 2 0 0 6 54e WPA2 CCMP PSK virginmedia******* 10:0D:7F:CD:ED:7A -65 3 0 0 6 54e WPA2 CCMP PSK virginmedia******* 9C:D3:6D:65:D6:C0 -47 0 0 0 6 54e WPA2 CCMP PSK VM37******* 9C:D3:6D:84:19:F0 -46 3 0 0 11 54e WPA2 CCMP PSK VM88***mine BSSID STATION PWR Rate Lost Packets Probes (not associated) C0:4A:00:1E:E9:48 0 0 - 1 0 13 (not associated) 00:23:14:C4:F0:58 -84 0 - 1 0 3 (not associated) E8:2A:EA:4C:21:51 -52 0 - 1 0 2 For some reason, it still doesn't pick up any clients associated with my AP. The if I try to inject a deuath attack with this: root@ubuntu:~# aireplay-ng -0 0 -a 9C:D3:6D:84:19:F0 mon0 23:41:00 Waiting for beacon frame (BSSID: 9C:D3:6D:84:19:F0) on channel -1 23:41:00 Couldn't determine current channel for mon0, you should either force the operation with --ignore-negative-one or apply a kernel patch Please specify an ESSID (-e). root@ubuntu:~# (Or with wlan1 interface) root@ubuntu:~# aireplay-ng -0 0 -a 9C:D3:6D:84:19:F0 wlan1 ioctl(SIOCSIWMODE) failed: Device or resource busy ARP linktype is set to 1 (Ethernet) - expected ARPHRD_IEEE80211, ARPHRD_IEEE80211_FULL or ARPHRD_IEEE80211_PRISM instead. Make sure RFMON is enabled: run 'airmon-ng start wlan1 <#>' Sysfs injection support was not found either. Edited May 31, 2014 by OpenFerret Quote Link to comment Share on other sites More sharing options...
OpenFerret Posted May 31, 2014 Author Share Posted May 31, 2014 Ãœber points for using Gentoo!!! I'm only begining with really getting into Linux, but my desired end state is Gentoo or Arch. Quote Link to comment Share on other sites More sharing options...
cooper Posted June 1, 2014 Share Posted June 1, 2014 Okay, so here's me: localhost ~ # lspci 00:00.0 Host bridge: Intel Corporation Core Processor DRAM Controller (rev 02) 00:01.0 PCI bridge: Intel Corporation Core Processor PCI Express x16 Root Port (rev 02) 00:16.0 Communication controller: Intel Corporation 5 Series/3400 Series Chipset HECI Controller (rev 06) 00:16.3 Serial controller: Intel Corporation 5 Series/3400 Series Chipset KT Controller (rev 06) 00:19.0 Ethernet controller: Intel Corporation 82577LM Gigabit Network Connection (rev 05) 00:1a.0 USB controller: Intel Corporation 5 Series/3400 Series Chipset USB2 Enhanced Host Controller (rev 05) 00:1b.0 Audio device: Intel Corporation 5 Series/3400 Series Chipset High Definition Audio (rev 05) 00:1c.0 PCI bridge: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 1 (rev 05) 00:1c.1 PCI bridge: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 2 (rev 05) 00:1c.3 PCI bridge: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 4 (rev 05) 00:1c.7 PCI bridge: Intel Corporation 5 Series/3400 Series Chipset PCI Express Root Port 8 (rev 05) 00:1d.0 USB controller: Intel Corporation 5 Series/3400 Series Chipset USB2 Enhanced Host Controller (rev 05) 00:1e.0 PCI bridge: Intel Corporation 82801 Mobile PCI Bridge (rev a5) 00:1f.0 ISA bridge: Intel Corporation Mobile 5 Series Chipset LPC Interface Controller (rev 05) 00:1f.2 SATA controller: Intel Corporation 5 Series/3400 Series Chipset 6 port SATA AHCI Controller (rev 05) 00:1f.6 Signal processing controller: Intel Corporation 5 Series/3400 Series Chipset Thermal Subsystem (rev 05) 01:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Broadway XT [Mobility Radeon HD 5870] 01:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Juniper HDMI Audio [Radeon HD 5700 Series] 44:00.0 Network controller: Intel Corporation Centrino Advanced-N 6200 (rev 35) 45:00.0 USB controller: NEC Corporation uPD720200 USB 3.0 Host Controller (rev 03) 46:06.0 SD Host controller: Ricoh Co Ltd R5C822 SD/SDIO/MMC/MS/MSPro Host Adapter (rev 25) 46:06.1 System peripheral: Ricoh Co Ltd R5C843 MMC Host Controller (rev 14) 46:06.2 System peripheral: Ricoh Co Ltd R5C592 Memory Stick Bus Host Adapter (rev 14) 46:06.3 System peripheral: Ricoh Co Ltd xD-Picture Card Controller (rev 14) 46:06.4 CardBus bridge: Ricoh Co Ltd RL5c476 II (rev bb) ff:00.0 Host bridge: Intel Corporation Core Processor QuickPath Architecture Generic Non-core Registers (rev 02) ff:00.1 Host bridge: Intel Corporation Core Processor QuickPath Architecture System Address Decoder (rev 02) ff:02.0 Host bridge: Intel Corporation Core Processor QPI Link 0 (rev 02) ff:02.1 Host bridge: Intel Corporation Core Processor QPI Physical 0 (rev 02) ff:02.2 Host bridge: Intel Corporation Core Processor Reserved (rev 02) ff:02.3 Host bridge: Intel Corporation Core Processor Reserved (rev 02) localhost ~ # lsusb Bus 002 Device 004: ID 0cf3:9271 Atheros Communications, Inc. AR9271 802.11n Bus 002 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 004: ID 04f2:b15e Chicony Electronics Co., Ltd Bus 001 Device 003: ID 03f0:231d Hewlett-Packard Broadcom 2070 Bluetooth Combo Bus 001 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub I had to compile the ath9k_htc driver and download the firmware to get it going on this laptop. I typically use that stick only for my Pineapple. Post-insertion it got renamed to the fascinating 'wlp0s29u1u1' by udevd (what's in a name, eh?) and dhcpcd promptly took control of it and associated it with my wireless lan. localhost ~ # iwconfig enp0s25 no wireless extensions. sit0 no wireless extensions. wlo1 IEEE 802.11abgn ESSID:"MY_SSID" Mode:Managed Frequency:2.462 GHz Access Point: 00:21:29:DE:16:63 Bit Rate=54 Mb/s Tx-Power=15 dBm Retry short limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality=40/70 Signal level=-70 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:4 Invalid misc:548 Missed beacon:0 lo no wireless extensions. wlp0s29u1u1 IEEE 802.11bgn ESSID:"MY_SSID" Mode:Managed Frequency:2.437 GHz Access Point: 10:FE:ED:F4:13:30 Bit Rate=150 Mb/s Tx-Power=20 dBm Retry short limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality=41/70 Signal level=-69 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:22 Missed beacon:0 Note that I have 2 APs in my house to truly cover every nook and cranny. They have the same ESSID and password configured, but they have a different netmask, as can also be seen here: localhost ~ # ifconfig enp0s25: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 ether 64:31:50:78:0e:c9 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 20 memory 0xd4500000-d4520000 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 14332 bytes 4539976 (4.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 14332 bytes 4539976 (4.3 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 sit0: flags=193<UP,RUNNING,NOARP> mtu 1480 inet6 ::127.0.0.1 prefixlen 96 scopeid 0x90<compat,host> sit txqueuelen 0 (IPv6-in-IPv4) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlo1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.0.106 netmask 255.255.255.0 broadcast 192.168.0.255 inet6 fe80::5a94:6bff:fe81:b2d8 prefixlen 64 scopeid 0x20<link> ether 58:94:6b:81:b2:d8 txqueuelen 1000 (Ethernet) RX packets 41252 bytes 26607397 (25.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 20795 bytes 3903300 (3.7 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlp0s29u1u1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.10.102 netmask 255.255.255.0 broadcast 192.168.10.255 inet6 fe80::12fe:edff:fe26:581c prefixlen 64 scopeid 0x20<link> ether 10:fe:ed:26:58:1c txqueuelen 1000 (Ethernet) RX packets 146 bytes 29451 (28.7 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 36 bytes 4163 (4.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 So I'll start by unhooking the device from the dhcpcd daemon. localhost ~ # dhcpcd -k wlp0s29u1u1 dhcpcd[14031]: sending commands to master dhcpcd process localhost ~ # ifconfig wlp0s29u1u1 down It might be worth noting that the Gentoo package names are "linux-firmware" for a large batch of device firmware blobs including the atheros one (assuming you don't want to just download and forget, like I did), "aircrack-ng" and for wifite you need to use an overlay which I'm not planning on doing so let's see how far we go. localhost ~ # airmon-ng start wlp0s29u1u1 Found 3 processes that could cause trouble. If airodump-ng, aireplay-ng or airtun-ng stops working after a short period of time, you may want to kill (some of) them! PID Name 1900 wpa_supplicant 1918 dhcpcd 13830 wpa_supplicant Process with PID 1900 (wpa_supplicant) is running on interface wlo1 Process with PID 13830 (wpa_supplicant) is running on interface wlp0s29u1u1 Interface Chipset Driver wlo1 Intel 6200 iwlwifi - [phy0] wlp0s29u1u1 Atheros AR9271 ath9k - [phy1] (monitor mode enabled on mon0) Looks allright. Next I run 'airodump-ng mon0' which after a while settles on this: CH 12 ][ Elapsed: 2 mins ][ 2014-06-01 12:44 BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID 00:21:29:DE:16:63 -55 203 748 0 11 54e WPA TKIP PSK MY_ESSID 00:23:69:19:3F:82 -71 105 0 0 1 54e WPA2 CCMP PSK linksys 10:FE:ED:F4:13:30 -72 160 1 0 6 54e. WPA CCMP PSK MY_ESSID C0:C1:C0:9C:17:0E -76 105 1 0 1 54e WPA2 CCMP PSK LinksysE2000 C0:C1:C0:9C:17:0F -76 96 0 0 1 54e OPN LinksysE2000-gast 00:13:10:1F:48:13 -80 105 0 0 11 54 WPA TKIP PSK STREET 60 00:18:F6:F3:9A:75 -82 53 0 0 6 54e. WPA2 CCMP PSK STREET 4C:AC:0A:13:B2:F7 -84 62 1 0 11 54e WPA2 CCMP PSK H220N13B2F7 9C:2A:70:30:19:32 -87 74 0 0 1 54e WPA2 CCMP PSK Ziggo832E0 40:4A:03:C0:BB:37 -90 17 0 0 11 54 WEP WEP NAME_A 7C:05:07:A0:23:AE -90 16 0 0 1 54e WPA2 CCMP PSK Ziggo76412 7E:05:07:A0:23:AF -90 28 0 0 1 54e WPA2 CCMP MGT Ziggo 58:6D:8F:C6:19:C5 -91 0 0 0 11 54e WPA2 CCMP PSK HVR BSSID STATION PWR Rate Lost Frames Probe (not associated) 00:26:BB:40:CA:B7 -89 0 - 1 0 9 linksys (not associated) 28:10:7B:0E:EE:AB -90 0 - 6 0 2 Netwerk-NAME (not associated) BC:CF:CC:53:0D:28 -91 0 - 1 0 2 H220N13B2F7 00:21:29:DE:16:63 A0:D3:C1:8A:2D:B4 -1 48e- 0 0 7 00:21:29:DE:16:63 58:94:6B:81:B2:D8 -31 48e-54 0 8 00:21:29:DE:16:63 18:9E:FC:8D:27:0B -70 36e- 1e 0 762 MY_ESSID 10:FE:ED:F4:13:30 D8:50:E6:7D:C8:39 -72 0 - 6 0 14 4C:AC:0A:13:B2:F7 68:48:98:0B:72:7D -87 0e- 1 0 2 I'm pretty sure that 18:9E:FC:8D:27:0B one is my iPhone playing a securitytube video. So, time for attack: localhost ~ # aireplay-ng -0 1 -a 00:21:29:DE:16:63 mon0 12:57:16 Waiting for beacon frame (BSSID: 00:21:29:DE:16:63) on channel 1 12:57:26 No such BSSID available. Please specify an ESSID (-e). Same as you. So let's do as it says and provide the ESSID: localhost ~ # aireplay-ng -0 1 -a 00:21:29:DE:16:63 -e MY_ESSID mon0 12:58:38 Waiting for beacon frame (BSSID: 00:21:29:DE:16:63) on channel 1 12:58:48 No such BSSID available. Here's the thing though... Why channel 1? Neither ESSID is on channel 1 so it can wait a HELL of a long time for a beacon frame there. So let's set the device the appropriate channel, which in my case is 11: localhost ~ # iwconfig enp0s25 no wireless extensions. sit0 no wireless extensions. wlo1 IEEE 802.11abgn ESSID:"MY_ESSID" Mode:Managed Frequency:2.462 GHz Access Point: 00:21:29:DE:16:63 Bit Rate=1 Mb/s Tx-Power=15 dBm Retry short limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality=42/70 Signal level=-68 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:4 Invalid misc:581 Missed beacon:0 lo no wireless extensions. mon0 IEEE 802.11bgn Mode:Monitor Frequency:2.412 GHz Tx-Power=20 dBm Retry short limit:7 RTS thr:off Fragment thr:off Power Management:off wlp0s29u1u1 IEEE 802.11bgn Mode:Monitor Frequency:2.412 GHz Tx-Power=20 dBm Retry short limit:7 RTS thr:off Fragment thr:off Power Management:off localhost ~ # iwconfig wlp0s29u1u1 channel 11 localhost ~ # iwconfig enp0s25 no wireless extensions. sit0 no wireless extensions. wlo1 IEEE 802.11abgn ESSID:"ESSID" Mode:Managed Frequency:2.462 GHz Access Point: 00:21:29:DE:16:63 Bit Rate=1 Mb/s Tx-Power=15 dBm Retry short limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality=36/70 Signal level=-74 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:4 Invalid misc:581 Missed beacon:0 lo no wireless extensions. mon0 IEEE 802.11bgn Mode:Monitor Frequency:2.462 GHz Tx-Power=20 dBm Retry short limit:7 RTS thr:off Fragment thr:off Power Management:off wlp0s29u1u1 IEEE 802.11bgn Mode:Monitor Frequency:2.462 GHz Tx-Power=20 dBm Retry short limit:7 RTS thr:off Fragment thr:off Power Management:off Note the change in the reported frequency for both mon0 and wlp0s29u1u1. Now when I try: localhost ~ # aireplay-ng -0 0 -e Wirschell wlp0s29u1u1 13:13:12 Waiting for beacon frame (ESSID: Wirschell) on channel 11 Found BSSID "00:21:29:DE:16:63" to given ESSID "Wirschell". NB: this attack is more effective when targeting a connected wireless client (-c <client's mac>). 13:13:12 Sending DeAuth to broadcast -- BSSID: [00:21:29:DE:16:63] 13:13:13 Sending DeAuth to broadcast -- BSSID: [00:21:29:DE:16:63] 13:13:13 Sending DeAuth to broadcast -- BSSID: [00:21:29:DE:16:63] 13:13:14 Sending DeAuth to broadcast -- BSSID: [00:21:29:DE:16:63] 13:13:14 Sending DeAuth to broadcast -- BSSID: [00:21:29:DE:16:63] 13:13:15 Sending DeAuth to broadcast -- BSSID: [00:21:29:DE:16:63] 13:13:15 Sending DeAuth to broadcast -- BSSID: [00:21:29:DE:16:63] 13:13:16 Sending DeAuth to broadcast -- BSSID: [00:21:29:DE:16:63] 13:13:16 Sending DeAuth to broadcast -- BSSID: [00:21:29:DE:16:63] 13:13:16 Sending DeAuth to broadcast -- BSSID: [00:21:29:DE:16:63] Looks pretty good to me. Quote Link to comment Share on other sites More sharing options...
OpenFerret Posted June 1, 2014 Author Share Posted June 1, 2014 (edited) I've definatly got the firmware in the right place... Ubuntu 14.04 comes with it pre-installed. Guess I need to have a go at compiling the correct drivers... Will post back when I get it right. Edited June 1, 2014 by OpenFerret Quote Link to comment Share on other sites More sharing options...
cooper Posted June 1, 2014 Share Posted June 1, 2014 In your aireplay-ng command include the parameter '--ignore-negative-one' Quote Link to comment Share on other sites More sharing options...
OpenFerret Posted June 1, 2014 Author Share Posted June 1, 2014 I've tried installing both the drivers and including the '--ignore-negative-one' command. Still doesn't seem to be working. I thinking of just running Kali Linux from inside a virtual machine and cheating as opposed to resolving :( Quote Link to comment Share on other sites More sharing options...
cooper Posted June 1, 2014 Share Posted June 1, 2014 What's your kernel version and what's your aircrack-ng version? Quote Link to comment Share on other sites More sharing options...
OpenFerret Posted June 1, 2014 Author Share Posted June 1, 2014 I'm just using the aircrack-ng suite that is available from the repositories, and the kernel that comes with Ubuntu 14.04... I'm on the aircrack-ng forums right now to see if anyone there has an idea where I'm going wrong. Quote Link to comment Share on other sites More sharing options...
cooper Posted June 1, 2014 Share Posted June 1, 2014 Run 'uname -a' for a kernel version and any of the aircrack-ng tools have a --help option that specifies their version. I'm on Linux 3.14 and airodump says it's 1.2 beta 3. If you're behind on either of these, see if you can find an updated package. Quote Link to comment Share on other sites More sharing options...
Trolljegeren Posted June 1, 2014 Share Posted June 1, 2014 I know you mention you're using Ubuntu but I'm 99.9% sure that the TL-WN722N works just fine with Kali 1.0.6/7, without any special driver installs. I have the TL-WN722N on my Pwnie PwnPad but I used it on my Kali laptop once when I left my Alfa's at the office. Could you just boot a live CD of Kali and use that, might be easier? Quote Link to comment Share on other sites More sharing options...
cooper Posted June 1, 2014 Share Posted June 1, 2014 But then how will you deal with the next piece of hardware that just works out of the box on OS flavor X and not on Kali (like, I donno, some video card or whatever that is a bitch to setup *cough*ATI*cough*)? My point is: Get to know your system. Wield it like your personal Excalibur. Know its strengths and weaknesses - and yours, and make it work. Switching now is like replacing your brand-new car for another also brand-new car because you don't like the color of the inside of the rear ashtray... And nobody you know smokes. Yes, you could go for the next best thing, but I'm assuming that OS is on your machine for more reasons than to have something to kick-start a USB wireless adapter. Quite literally *ALL* Linux distros are capable of being transformed to the other distro. The only difference is the initial software package. If you just jump ship, what will you have learned? Or is the point to just drive some attacks and bitch and moan about how Microsoft sucks? Quote Link to comment Share on other sites More sharing options...
OpenFerret Posted June 1, 2014 Author Share Posted June 1, 2014 Cooper is right... There is a solution to be had here. I've started with ubuntu 14.04 because it works straight out of the box on my XPS 13, and I'm going to try my best to stay with it. I'll get back to you tomorrow as need to hit some uni-work or this is going to take up all my time. Many thanks once again Cooper! Quote Link to comment Share on other sites More sharing options...
cooper Posted June 1, 2014 Share Posted June 1, 2014 Hey OpenFerret, did you notice that iwconfig says your card's frequency is in the 5GHz range? The channels in that range are numbered 36 - 173 according to this so what it looks like to me is that your adapter is tuned to channel 36 and you're trying to transmit on channel 1. Set the channel of your interface to that of the one you're trying to transmit on and try again. Quote Link to comment Share on other sites More sharing options...
OpenFerret Posted June 1, 2014 Author Share Posted June 1, 2014 Only on my internal card. The one that doesn't support injection or monitor mode. The external is 2.4GHz and my access point brodcasts both a 5GHz and a 2.4GHz SSID. I've checked my kernel and it is 3.13.0-27-generic Aircrack version is the same as yours now I have installed from source instead if repos. Quote Link to comment Share on other sites More sharing options...
cooper Posted June 1, 2014 Share Posted June 1, 2014 Should all be good to go. When you do try, post the commands and their output like I did above. Makes it easier to work out what's happening and hopefully why. Quote Link to comment Share on other sites More sharing options...
OpenFerret Posted June 1, 2014 Author Share Posted June 1, 2014 Right... Got it working in aircrack. Had to install the most up to date version from the developer website and not use the version from the repo's and needed to sellect the channel when starting the mon0 interface using airmon-ng against wlan1. Though I seem to remember that you never used to have to do this and the mon0 interface would just try all channels? Next step if wifite. Quote Link to comment Share on other sites More sharing options...
cooper Posted June 1, 2014 Share Posted June 1, 2014 airodump-ng rushed through all the channels continuously but for the aireplay-ng attack to work I did have to set the channel. Quote Link to comment Share on other sites More sharing options...
OpenFerret Posted June 1, 2014 Author Share Posted June 1, 2014 Just tried wifite... But found that it sends so many deauths that its pretty obvious what is happening. Also it doesn't collect the WPA handshake. I'm still considering this as mission completed. Many thanks Cooper!!! Quote Link to comment Share on other sites More sharing options...
cooper Posted June 1, 2014 Share Posted June 1, 2014 (edited) The bit in bold... localhost ~ # iwconfig enp0s25 no wireless extensions. sit0 no wireless extensions. wlo1 IEEE 802.11abgn ESSID:"MY_ESSID" Mode:Managed Frequency:2.462 GHz Access Point: 00:21:29:DE:16:63 Bit Rate=1 Mb/s Tx-Power=15 dBm Retry short limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality=42/70 Signal level=-68 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:4 Invalid misc:581 Missed beacon:0 lo no wireless extensions. mon0 IEEE 802.11bgn Mode:Monitor Frequency:2.412 GHz Tx-Power=20 dBm Retry short limit:7 RTS thr:off Fragment thr:off Power Management:off wlp0s29u1u1 IEEE 802.11bgn Mode:Monitor Frequency:2.412 GHz Tx-Power=20 dBm Retry short limit:7 RTS thr:off Fragment thr:off Power Management:off localhost ~ # iwconfig wlp0s29u1u1 channel 11 localhost ~ # iwconfig enp0s25 no wireless extensions. sit0 no wireless extensions. wlo1 IEEE 802.11abgn ESSID:"ESSID" Mode:Managed Frequency:2.462 GHz Access Point: 00:21:29:DE:16:63 Bit Rate=1 Mb/s Tx-Power=15 dBm Retry short limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality=36/70 Signal level=-74 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:4 Invalid misc:581 Missed beacon:0 lo no wireless extensions. mon0 IEEE 802.11bgn Mode:Monitor Frequency:2.462 GHz Tx-Power=20 dBm Retry short limit:7 RTS thr:off Fragment thr:off Power Management:off wlp0s29u1u1 IEEE 802.11bgn Mode:Monitor Frequency:2.462 GHz Tx-Power=20 dBm Retry short limit:7 RTS thr:off Fragment thr:off Power Management:off Anyways, happy to see you've gone 2 steps forward (1st it works and 2nd you figured out how to make it work). Nicely done. Edited June 1, 2014 by Cooper Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.