[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4688: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4690: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4691: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4692: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
NeoThermic.com • View topic - Backtrack 3 and Intel's 3945ABG wireless card

Backtrack 3 and Intel's 3945ABG wireless card

News artcles from the front page. Comment on them here.

Backtrack 3 and Intel's 3945ABG wireless card

Postby NeoThermic » Mon, 31 2007 Dec 18:42:13

Having seen so many people in #remote-exploit trying their best to get Backtrack 3 working with Intel's wireless chipsets, mainly the 3945ABG, I decided to write a quick-howto. Lets start by saying it's not quite easy. The default driver for Intel 3945 chipsets can do normal wireless stuff, but can't inject. The injection driver can't do normal wireless stuff. So you have to pick your tasks, and thus which driver to use, carefully.

In this brief guide I'll show you the quick way of getting over to the injection driver, finding a network in kismet and throwing wesside-ng at it to obtain the key. Then I'll show how to swap back over and connect to the network you've just pen-tested.

So, how do you know this guide is for you? A nice quick way is to do
Code: Select all
lspci | grep 3945ABG


You'll get something like:
Code: Select all
02:00.0 Network controller: Intel Corporation PRO/Wireless 3945ABG Network Connection (rev 02)


If so, move on, you're doing well.


The first thing to note is that the default driver for this card is called `iwl3945`. Using an `iwconfig` will get you something like:
Image

airmon-ng tells us:
Code: Select all
Interface   Chipset      Driver

wlan0         iwl3945 - [phy0]


If you were to try tell airmon-ng to enable monitor mode on wlan0, you'd get an error like:
Code: Select all
/usr/local/sbin/airmon-ng: line 338: /sys/class/ieee80211/phy0/add_iface: Permission denied
mon0: ERROR while getting interface flags: No such device


So you need to do the following:
Code: Select all
# modprobe -r iwl3945
# modprobe ipwraw


Then do an iwconfig, and you'll see this...
Image

This wifi0 device can go into monitor mode:
Image

Now to find your network to pen-test (and of course, only do this on hardware you own. In this case we're going to use the BT Home Hub we have here).

First edit /usr/local/etc/kismet.conf in you fave editor. We're only going to change a single line, so no need to load anything fancy (I myself use nano, but use what you'd like)

Scroll down to the "source=" line. You'll want to alter the source line to read something like:
Code: Select all
source=iwl3945,wifi0,Intel


Save your changes, and start kismet. Find the network you're looking for (pressing 's' and then 'f' for first-seen sort order), then press 'i' to get the following info:

Image

Note down the MAC address of the router, exit kismet.

Now the fun part. wesside-ng takes the tedious work out of getting all the IV packets and running aircrack-ng on them to get the key. To use wesside-ng:
Code: Select all
wesside-ng -i wifi0 -v {BSSID}


In our case, we'll put in the BSSID of the target network, 00:14:7F:A1:97:39.

Here's wesside-ng after successful authentication:
Image

Here we're cracking the key:
Image


Tada, it found the test key, E723F7D5E8 (Yes, it's a 64-bit key for speed and testing).
Image

Now we need to prove this is correct. Reverse the drivers:
Code: Select all
# modprobe -r ipwraw
# modprobe iwl3945


Fire up your chosen network finder (The wireless assistant will suffice here), find the network in question and click "connect". Enter in the key we just found.

There we go, success:
Image

I hope this helps those who are stuck getting the Intel card to inject.
NeoThermic
Site Owner
Site Owner
 
Posts: 104
Joined: Tue, 19 2004 Oct 23:21:02

What about Aireplay injecting tests ?

Postby Wingerman » Wed, 23 2008 Jan 16:01:24

Hi NeoThermic !
What about Aireplay injecting tests ? Does it works too ?
Wingerman
 

Re: Backtrack 3 and Intel's 3945ABG wireless card

Postby Lip » Tue, 18 2008 Mar 17:11:18

hello, i dont know why, but when i authenthic i get a error like error retranmisions (30bytes)

someone can help me ?
Lip
 

Re: Backtrack 3 and Intel's 3945ABG wireless card

Postby Newid » Sat, 17 2008 May 11:13:54

same problem here, right after it finds the channel i get tons of error retranmissions (30Bytes) while trying to authenticate.
even if my laptop is very close to the router.
Newid
 

Re: Backtrack 3 and Intel's 3945ABG wireless card

Postby Mare » Wed, 09 2008 Jul 22:12:30

Leave kismet runing (there it says exit - wrong) and open new Konsole and then try "wesside-ng -i wifi0 -v {BSSID}". When kismet will get about 100 packets it should work. I did not test it because I tried this on WPA (I did not have chance to try it on WEP) but when I left kismet running it started to do something. Remember this works only for WEP.
Mare
 

Backtrack 3 and Intel's 3945ABG wireless card

Postby lew1s66 » Wed, 25 2009 Mar 12:14:25

Hi NeoThermic,

I want to hack wifi in Backtrack3 with Intel 3945 but I get stuck in
wesside-ng -i wifi0 -v {BSSID}

I got the MAC address but when I ran the command I get just

Associated ID3
..
Associated ID2
..
and after 5 minutes again Associated ID2
..
and after 5 minutes again Associated ID2

and again again ..
I was waiting maybe 30 minutes but I still getting Associated ID2 and its still doing something..

Please can you help me ?

thank you
lew1s66
 

Re: Backtrack 3 and Intel's 3945ABG wireless card

Postby zervyn » Thu, 11 2009 Jun 02:06:17

It works, thank you so much!
zervyn
 

Re: Backtrack 3 and Intel's 3945ABG wireless card

Postby anil » Sat, 07 2009 Nov 17:02:29

my wireless is not been detected by backtrack 3...and i m using vmware workstation ...so can u please guide me...and i cannot find menu for load ipw3945 driver
anil
 


Return to Frontpage News

Who is online

Users browsing this forum: No registered users and 4 guests

cron