Tutorila How to Packet injection Aireplay-ng Windows XP. Operating system Microsoft Windows XP SP2. Wireless card: CM9 (WNC AR5213) + miniPCI/PCI reduction. Aplictions: package Aircrack-ng-win 0.9. Driver: CommView for Netgear + library (older commview.dll or new ca2k.dll). Read Metasploit Hacking Windows. Feel free ask for or post txt mistakes.
(All the software used in the tutorial it’s possible to download in the download DIR.
Hardware & Software
CommView for Wifi
library. The functionallity is theoretically relevant on every chipset that the mentioned application supports.
The library (through socket) allows the Airodump and Aireplay applications to connect into the network card. All of this is possible thanks to Airserv-ng application that Aircrack-ng package newly contains. The list of supported
network cards is on producers webpages. The most well known are D-Link, Z-Com (Prism), Netgear (Atheros), ipw22xx,29xx (Centrino), Cisco..
Preparation. As a first step the driver actualization is necessary. This procedure applies
CommView for Wifi
driver which knows packet injection and supports much more wireless cards such as AiroPeek driver. Exe instaler is not available. It is not necessary to install a conventional driver. The new card installation procedure is the same as well as the “actualization” procedure of the existing (conventional) driver. If you have installed a driver that knows packet injection you can skip this step.
In the network card configuration it is necessary to take off zero config.
Click above the network card icon (right mouse button) induces pull-down menu where in “Properties” and then in “Configuration”
..we go ahead -> onto card “Driver” where we can find the button “Driver Actualization”
This step offers
actualization which is for this purpose useless.
Next step: choose “Install from the list or…”
Next step: “Do not search. I will choose the driver myself…”
In the dialog window enter the path to the install folder CommView Wifi/Driver where..
..the file net5211.inf is located
At a standard installation the whole path is:
The automatic vendor detection is implemented and the detected card is offered for the installation. The .inf file contains the entire list of cards.
Installation of uncertified driver click yes.
The installation is completed. Thats all.
Packet Injection & Aireplay-ng
So far it is not possible to generate the trafic packet injection on the Windows platform. Packet injection as we know it from the Linux distribution in the application Aireplay-ng is the only possibility how effectively speed up “capture” of needed amount of ivs for the crack WEP key. This text will describe a small obstruction and a 100% functional way how to use Aireplay-ng and packet injection in Windows.
Hack the box.
Direct and oficialy presented method so far does not exist. This all is solved by a small hack that consists of two parts.
Library commview.dll (ca2k.dll)
Through the installation of CommView Wifi application we get the library. In the installation file is the library that will serve as a connection between the application and network card. In the Aircrack-ng 0.9 package is a small gimmick that we are going to use. It allows a multiple use of the network card in the real time. What does the “Start up” in the Start up menu mean?
For this purpose the application Airserv-ng was. It is a server as it is obvious from the name. It allows the use of one card for more applications. The further procedure is working only on the console. In the menu Start/Start up with the command cmd we induce the console window. With the command cd we move into the file
Start up Airserv-ng on the channel no. 6
airserv-ng -d commview.dll -p 12345 -c 6
or see the proggres and start up Airserv-ng on the channel no.6 in the debug mode
airserv-ng -d “commview.dll|debug” -p 12345 -c 6
Airserv-ng console in the debug mode shows mess..
We confirm the inquiry: “Does this look like yourd card!? In the new (second) console we start up on the channel no.4 Airodump-ng
airodump-ng –ivs –ch 6 -w dumpfile 127.0.0.1:12345
Aireplay-ng is an application that allows client disconnection from AP, false autentization, interactive packet playback, repeated sending of ARP. It implements KoreK chopchop, fragmentation and newly also injection testing. It is operated through these switches:
– 0: Deauthentication
– 1: Fake authentication
– 2: Interactive packet replay
– 3: ARP request replay attack
– 4: KoreK chopchop attack
– 5: Fragmentation attack
– 9: Injection test
In the new console we will use – 2 (interactive packet replay)
aireplay-ng -2 -b 00:xx:xx:xx:xx:xx -d 00:xx:xx:xx:xx:xx 127.0.0.1:12345
In the last console we start up Aircrack-ng. In the case that there is in the file more records we should choose the right MAC. Each record has its sequence, number and the number of captured ivs.
The key was recovered.
“Weplab” – All the windows.
- The Wireless Adapters and Applications
- Intel Centrino Packet Injection WiFiSlax and ipw3945
- Packet Injection wifi Intel 4965 AGN patch
- Wireless Hacking – Ultimate Ubuntu Guide
- Aircrack 1.0 BETA .lzm BackTrack
- WLAN Hacking with WEPKR plug-in
- The Intuitive WiFi hacking GUI app for Ubuntu Linux
- HostAP Ubuntu 7.04 Packet Injection
- WEP cracking Intel Centrino, OmniPeek + winAircrack
- KoreK chopchop, Kismet, Gateway Ubuntu