Aircrack/Packet Injection Testing: Difference between revisions
From charlesreid1
| Line 27: | Line 27: | ||
Now you can insert a second wireless card into the laptop (I used a second USB dongle of the same type/manufacturer/chipset). | Now you can insert a second wireless card into the laptop (I used a second USB dongle of the same type/manufacturer/chipset). | ||
[[Image:TwoWirelessDongles.jpg|400px]] | |||
===Setup=== | |||
Look for it in the list: | Look for it in the list: | ||
| Line 51: | Line 55: | ||
$ aireplay-ng -9 wlan3mon | $ aireplay-ng -9 wlan3mon | ||
</pre> | </pre> | ||
===Get Wireless Devices on Same Channel=== | |||
Now get both cards listening on the same channel. Run a quick <code>airodump-ng</code> command for the new wireless card to ensure it's listening on the right channel: | Now get both cards listening on the same channel. Run a quick <code>airodump-ng</code> command for the new wireless card to ensure it's listening on the right channel: | ||
| Line 60: | Line 66: | ||
and kill it as soon as you've run it. This will switch the card to channel 7 (or, our channel of choice) and make sure both cards are on the same channel. | and kill it as soon as you've run it. This will switch the card to channel 7 (or, our channel of choice) and make sure both cards are on the same channel. | ||
===Run Attack Test=== | |||
Now you can run the attack test: | |||
<pre> | |||
$ aireplay-ng -9 -i wlan3mon wlan2mon | |||
</pre> | |||
And the output: | |||
<pre> | |||
$ aireplay-ng -9 -i wlan3mon wlan2mon | |||
13:05:50 Trying broadcast probe requests... | |||
13:05:50 Injection is working! | |||
13:05:51 Found 3 APs | |||
13:05:51 Trying directed probe requests... | |||
13:05:51 AA:BB:CC:DD:EE - channel: 7 - 'Walrus' | |||
13:05:52 Ping (min/avg/max): 1.273ms/20.986ms/33.943ms Power: -26.67 | |||
13:05:52 30/30: 100% | |||
13:05:52 34:95:3B:84:5C:18 - channel: 7 - '' | |||
13:05:53 Ping (min/avg/max): 5.004ms/28.884ms/64.336ms Power: -30.13 | |||
13:05:53 30/30: 100% | |||
13:05:53 F7:71:85:13:6A:4B - channel: 7 - 'Dee' | |||
13:05:54 Ping (min/avg/max): 1.262ms/8.353ms/31.431ms Power: -60.40 | |||
13:05:54 25/30: 83% | |||
13:05:54 Trying card-to-card injection... | |||
13:05:54 Attack -0: OK | |||
13:05:54 Attack -1 (open): OK | |||
13:05:54 Attack -1 (psk): OK | |||
13:05:54 Attack -2/-3/-4/-6: OK | |||
13:05:58 Attack -5/-7: Failed | |||
</pre> | |||
Revision as of 20:07, 30 July 2015
Basic Injection Test
In order to confirm that packet injection works, you can use aireplay-ng in packet injection test mode (mode 9). The command looks like this:
$ aireplay-ng -9 -a AA:BB:CC:DD:EE wlan2mon
where -9 or --test tells it to operate in packet injection test mode, -a AA:BB:CC:DD:EE is the MAC address of the target access point, wlan2mon is the wireless device that has already been put into monitoring mode with airomon-ng.
Here's what the output should look like:
$ aireplay-ng -9 -a AA:BB:CC:DD:EE wlan2mon 12:47:05 Waiting for beacon frame (BSSID: AA:BB:CC:DD:EE) on channel 7 12:47:05 Trying broadcast probe requests... 12:47:06 Injection is working! 12:47:07 Found 1 AP 12:47:07 Trying directed probe requests... 12:47:07 AA:BB:CC:DD:EE - channel: 7 - 'Walrus' 12:47:08 Ping (min/avg/max): 0.891ms/15.899ms/32.832ms Power: -21.72 12:47:08 29/30: 96%
Attack Tests
Now you can insert a second wireless card into the laptop (I used a second USB dongle of the same type/manufacturer/chipset).
Setup
Look for it in the list:
$ airmon-ng
In my case it was called wlan3. Now bring it online:
$ airmon-ng start wlan3
This will rename the device to wlan3mon. List wireless devices again:
$ airmon-ng
If you want to test your new wireless card really quick, you can do:
$ aireplay-ng -9 wlan3mon
Get Wireless Devices on Same Channel
Now get both cards listening on the same channel. Run a quick airodump-ng command for the new wireless card to ensure it's listening on the right channel:
$ airdoump-ng -bssid AA:BB:CC:DD:EE -c 7 -w /tmp/junk wlan3mon
and kill it as soon as you've run it. This will switch the card to channel 7 (or, our channel of choice) and make sure both cards are on the same channel.
Run Attack Test
Now you can run the attack test:
$ aireplay-ng -9 -i wlan3mon wlan2mon
And the output:
$ aireplay-ng -9 -i wlan3mon wlan2mon 13:05:50 Trying broadcast probe requests... 13:05:50 Injection is working! 13:05:51 Found 3 APs 13:05:51 Trying directed probe requests... 13:05:51 AA:BB:CC:DD:EE - channel: 7 - 'Walrus' 13:05:52 Ping (min/avg/max): 1.273ms/20.986ms/33.943ms Power: -26.67 13:05:52 30/30: 100% 13:05:52 34:95:3B:84:5C:18 - channel: 7 - '' 13:05:53 Ping (min/avg/max): 5.004ms/28.884ms/64.336ms Power: -30.13 13:05:53 30/30: 100% 13:05:53 F7:71:85:13:6A:4B - channel: 7 - 'Dee' 13:05:54 Ping (min/avg/max): 1.262ms/8.353ms/31.431ms Power: -60.40 13:05:54 25/30: 83% 13:05:54 Trying card-to-card injection... 13:05:54 Attack -0: OK 13:05:54 Attack -1 (open): OK 13:05:54 Attack -1 (psk): OK 13:05:54 Attack -2/-3/-4/-6: OK 13:05:58 Attack -5/-7: Failed