4

Here is the process and results. I am not sure why this isn't working when a few day's ago it was. This is my network, I have full control over it and all the machines on it.

//Step 1 get wlan0 in monitor mode

root@kali:~# ifconfig wlan0 down
root@kali:~# iwconfig wlan0 mode monitor
root@kali:~# ifconfig wlan0 up
root@kali:~# iwconfig wlan0
wlan0     IEEE 802.11bgn  Mode:Monitor  Frequency:2.452 GHz  Tx-Power=20 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off
          
root@kali:~# 


//step two create interface with airmon-ng

root@kali:~# airmon-ng start wlan0
Interface   Chipset     Driver

wlan0       Ralink RT2870/3070  rt2800usb - [phy0]
                (monitor mode enabled on mon0)

root@kali:~# 

//start airodump-ng to target my wifi
root@kali:~# airodump-ng mon0 

CH  5 ][ Elapsed: 2 mins ][ 2015-01-03 19:17  

                                                                                                                                                              
 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID
                                                                                                                             
 <MAC Removed>  -17       75       14    0   1  54e  WPA2 CCMP   PSK  <ESSID Removed>  


//Attempt to target my wifi 
root@kali:~# airodump-ng mon0 -c 1 --bssid <MAC From Above>

It's at this point that I can see my wifi with all the correct info. However, NONE of the devices I have associated with my wifi appear? I have a phone, two kindles, a surface pro 3 and an xbox one all on my wifi. I would imagine at least one of them would appear in the associated devices output. Yet, nothing.

I am only about 10 feet from my router so I don't think it's a distance issue. Also, as I mentioned earlier, I tried this about a week ago and had success. I'm not sure what's different. Did I miss something?

UPDATE

Well some interesting results....

I decided to put one of the tablets in front of me and watch it as I sent deauth packets. It, as you would expect, drops it's connection to the wifi and then re-establishes it. What is interesting about this is two things.

First I did a test packet injection with aireplay-ng -9 and it said 0/30 packets made it through. If that's the case then why did the deauth work?

So I wrote all the packets to a cap file and then inspected it with WireShark. Sure enough I can see the deauth packets then shortly after I can see each device re-establishing a connection (no handshake captured though)

It would appear that the airodump-ng script is lying to me. I am not sure why though.

UPDATE Number 2

So further interesting details. I decided to attempt this attack on a separate machine. I booted up my Wifi-Pinapple MK5 and launched an identical attack. Worked first time no questions.

Since I am using a live version of Kali and this attack did work a couple weeks ago, I am lead to one of two conclusions. Either my usb wifi adapter has gone bad or it has some internal setting that was changed. This is beyond any knowledge I have about it so feel free to add input.

Community
  • 1
DotNetRussell
  • 180
  • 1
  • 3
  • 11
  • 1
    Your USB adapter is crap and produces this "undefined behavior". Get an Atheros card and try again. –  Jan 04 '15 at 09:49
  • @AndréDaniel nope, the adapter is fine. Just had to run an update. – DotNetRussell Jan 04 '15 at 21:10
  • Still, this adapter isn't the usual Atheros card aircrack-ng was developed for; you may run into other issues in the future. –  Jan 04 '15 at 21:32
  • Per the aircrack wikis. This one is from 2010 and the 3070 series was gaining support back then. Being that its 5 years later, a rational mind would say its fully supported. http://aircrack-ng.org/doku.php?id=rt2x00 – DotNetRussell Jan 05 '15 at 02:05
  • Also, you seem to be working with outdated info on supported interfaces. Per the aircrack site there are hundreds of adapters. Most of which aren't atheros – DotNetRussell Jan 05 '15 at 02:06
  • I don't really care what devices are officially supported, I do know by experience that Atheros has the best Linux support you could ask for, so I'm always recommending that. If something else works for you, great, if not try an Atheors card. For me, if you want WIFI on Linux, go with Atheros. Feel free to disagree with my opinion of course. :) –  Jan 05 '15 at 11:26

1 Answers1

2

Looks to be a driver issue between Ralink RT2870/3070 and usb wifi adapter firmware. I would say maybe the wifi router only accepts deauth packets from authenticated mac address's however this is not the case as you used a Wifi-Pinapple MK5 with identical commands and it worked fine. If you have used the wifi usb with a live version of kali before and it worked fine then I would say the is problem your wifi adapter.

Tim Jonas
  • 666
  • 7
  • 12