injection_test
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
injection_test [2007/04/29 23:27] – corrections, thanks to TuTuFF darkaudax | injection_test [2012/08/17 23:20] – [Usage] jano | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Injection test ====== | ====== Injection test ====== | ||
- | ++++++ IMPORTANT ++++++\\ | + | **Important note: |
- | ++++++ IMPORTANT ++++++\\ | + | |
- | ++++++ IMPORTANT ++++++\\ | + | |
- | + | ||
- | This functionality will be available | + | |
- | + | ||
- | ++++++ IMPORTANT ++++++\\ | + | |
- | ++++++ IMPORTANT ++++++\\ | + | |
- | ++++++ IMPORTANT ++++++\\ | + | |
- | + | ||
===== Description ===== | ===== Description ===== | ||
- | The injection test determines if your card can successfully inject. | + | The injection test determines if your card can successfully inject |
- | The basic injection test provides additional valuable information as well. | + | The basic injection test provides additional valuable information as well. First, it lists access points in the area which respond to broadcast probes. |
- | You may optionally specify the access point (AP) name and MAC address. | + | You may optionally specify the AP name and MAC address. |
So how does it work? The following will briefly describe how the testing is performed. | So how does it work? The following will briefly describe how the testing is performed. | ||
Line 29: | Line 19: | ||
If a specific AP was optionally listed on the command line (BSSID and SSID), this is also added to the list of APs to be processed. | If a specific AP was optionally listed on the command line (BSSID and SSID), this is also added to the list of APs to be processed. | ||
- | Then for each AP in the list, 20 directed probe requests are sent out. A directed probe request is addressed to a specific AP. The count of probe responses received plus the percentage is then printed on the screen. | + | Then for each AP in the list, 30 directed probe requests are sent out. A directed probe request is addressed to a specific AP. The count of probe responses received plus the percentage is then printed on the screen. |
If two wireless cards were specified then each attack mode is tried and the results printed on the screen. | If two wireless cards were specified then each attack mode is tried and the results printed on the screen. | ||
+ | |||
+ | An additional feature is the ability to test connectivity to [[airserv-ng]]. | ||
===== Usage ===== | ===== Usage ===== | ||
- | aireplay-ng -9 -e teddy -a 00:14:6C:7E:40:80 -i wlan0 ath0 | + | aireplay-ng -9 -e teddy -a 00:de:ad:ca:fe:00 -i wlan1 wlan0 |
Where: | Where: | ||
- | * -9 means injection test. Long form is - -test. | + | * -9 means injection test. Long form is -'''' |
* -e teddy is the network name (SSID). | * -e teddy is the network name (SSID). | ||
- | * -a 00:14:6C:7E:40:80 ath0 is MAC address of the access point (BSSID). This is optional. | + | * -b 00:de:ad:ca:fe:00 ath0 is MAC address of the access point (BSSID). This is optional. |
- | * -i wlan0 is interface name of the second card if you want to determine which attacks your card supports. | + | * -i wlan1 is interface name of the second card if you want to determine which attacks your card supports. This interfaces acts as an AP and receives packets. This is optional. |
- | * ath0 is the interface name. (Mandatory) | + | * wlan0 is the interface name or airserv-ng IP Address plus port number. |
- | IMPORTANT: | + | IMPORTANT: |
===== Usage Examples ===== | ===== Usage Examples ===== | ||
- | |||
==== Basic Test ==== | ==== Basic Test ==== | ||
Line 66: | Line 57: | ||
| | ||
| | ||
- | | + | |
| | ||
- | | + | |
| | ||
- | | + | |
+ | | ||
| | ||
- | | + | |
| | ||
- | | + | |
- | + | ||
- | aireplay-ng --test -e teddy -a 00: | + | |
- | + | ||
- | The system responds: | + | |
- | + | ||
- | 16: | + | |
- | 16: | + | |
- | 16: | + | |
- | 16: | + | |
- | + | ||
- | 16: | + | |
- | 16: | + | |
- | 16: | + | |
Analysis of the response: | Analysis of the response: | ||
Line 93: | Line 72: | ||
* **16: | * **16: | ||
* **16: | * **16: | ||
- | * **16: | + | * **16: |
* **16: | * **16: | ||
- | * **16: | + | * **16: |
+ | * **16: | ||
==== Hidden or Specific SSID ==== | ==== Hidden or Specific SSID ==== | ||
Line 112: | Line 92: | ||
| | ||
| | ||
- | | + | |
+ | | ||
Analysis of the response: | Analysis of the response: | ||
* It confirms that the card can inject and successfully communicate with the specified network. | * It confirms that the card can inject and successfully communicate with the specified network. | ||
+ | |||
==== Attack Tests ==== | ==== Attack Tests ==== | ||
- | This test requires two wireless cards. | + | This test requires two wireless cards in monitor mode. The card specified by " |
Run the following command: | Run the following command: | ||
- | | + | |
Where: | Where: | ||
* -9 means injection test. | * -9 means injection test. | ||
- | * -i ath0 is the interface to mimic the AP. | + | * -i wlan1 is the interface to mimic the AP and receives packets. |
* wlan0 is the injection interface. | * wlan0 is the injection interface. | ||
The system responds: | The system responds: | ||
- | | + | |
| | ||
| | ||
Line 141: | Line 123: | ||
| | ||
- | | + | |
- | | + | |
+ | | ||
| | ||
Line 153: | Line 136: | ||
Analysis of the response: | Analysis of the response: | ||
- | * **11: | + | * **11: |
* The first part of the output is identical to what has been presented earlier. | * The first part of the output is identical to what has been presented earlier. | ||
* The last part shows that wlan0 card is able to perform all attack types successfully. | * The last part shows that wlan0 card is able to perform all attack types successfully. | ||
* If you get a failure on attack 5, it may still work in the field if the injection MAC address matches the current card MAC address. | * If you get a failure on attack 5, it may still work in the field if the injection MAC address matches the current card MAC address. | ||
+ | |||
+ | ==== Airserv-ng Test ==== | ||
+ | |||
+ | Run the following command: | ||
+ | |||
+ | | ||
+ | |||
+ | Where: | ||
+ | |||
+ | * -9 means injection test. | ||
+ | * 127.0.0.1: | ||
+ | |||
+ | The system responds: | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | | ||
+ | | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | Analysis of the response: | ||
+ | |||
+ | * **Connection successful**: | ||
+ | * The second part of the output is identical to what has been presented earlier. | ||
+ | |||
===== Usage Tips ===== | ===== Usage Tips ===== | ||
Line 165: | Line 185: | ||
===== Usage Troubleshooting ===== | ===== Usage Troubleshooting ===== | ||
- | Make sure the card(s) are on the same channel as your AP. | ||
- | Make sure your cards are not channel hopping. | + | ==== General ==== |
+ | |||
+ | * Make sure you use the correct interface name. For mac80211 drivers, it is typically " | ||
+ | |||
+ | * Make sure the card(s) are on the same channel as your AP and locked on this channel. | ||
+ | |||
+ | * Make sure your card is not channel hopping. A very common mistake is to have airodump-ng running in channel hopping mode. If you use airodump-ng, | ||
+ | |||
+ | ==== " | ||
+ | |||
+ | If you get error messages similar to the following for Atheros-based cards and the madwifi-ng driver: | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | write failed: Network is down | ||
+ | | ||
+ | |||
+ | Remove the " | ||
+ | |||
+ | |||
+ | ==== Airodump-ng shows APs but they don't respond ==== | ||
+ | |||
+ | The injection test uses broadcast probe requests. | ||
+ | In both cases, try another channel with multiple APs. Or try the specific SSID test described above. | ||
injection_test.txt · Last modified: 2013/04/25 11:17 by jano