|
10-09-2002
|
#63 (permalink) |
|
Registered Member
Join Date: Sep 2002
Posts: 6
|
monkey_jack issues (SIOCSIWESSID: Operation not supported).
setup:
kernel 2.4.19 vanilla pcmcia-cs-3.1.31 /w orinoco patch airjack-defcon card: SMC 2632W (aj0), Lucent Orinoco (eth0) ap: Lucent RG-1000 all drivers/tools appear to have compiled fine. Problem monkey_jack fails with error: SIOCSIWESSID: Operation not supported. command line: # ./monkey_jack -b 00:02:2d:04:7a:32 -v 00:04:e2:1a:e7:bd -c 11 -C 1 -I eth0 -a 10 -t 10 -e "047a32" Starting Monkey in the Middle Attack: victim: 00:04:e2:1a:e7:bd bssid: 00:02:2d:04:7a:32 configuring airjack device...done. forcing ourselves in the middle...done. configuring lucent card...done. coercing our card to associate as the victim...ioctl:SIOCSIWESSID: Operation not supported Other notes: ------------- # lsmod Module airjack_cs orinoco_cs orinoco hermes ds i82365 pcmcia_core * wlan_jack works perfectly * monkey_jack is partially working (the victim disassociates from AP on chan 11 and moves to chan 1) * monkey_jack is dying in monkey_jack.c:347 in set_essid() function. iwconfig, which uses similar code doesn't die setting essid. Any idea? Thanks in advance |
|
|
|
10-10-2002
|
#64 (permalink) | |
|
Registered Member
Join Date: Aug 2002
Location: bar
Posts: 25
|
Re: monkey_jack issues (SIOCSIWESSID: Operation not supported).
please do an lsmod and verify for me that you are in fact loading the orinoco_cs drivers with my patch, you should see the hermes.o orinoco.o and orinoco_cs.o loaded...
--Abaddon Quote:
|
|
|
|
|
|
10-10-2002
|
#65 (permalink) |
|
Registered Member
Join Date: Sep 2002
Posts: 6
|
Re: monkey_jack issues (SIOCSIWESSID: Operation not supported).
here's my details (sorry for length)
# lsmod Module Size Used by Not tainted orinoco_cs 4780 2 orinoco 28064 0 [orinoco_cs] hermes 3328 0 [orinoco_cs orinoco] airjack_cs 16736 1 ds 6752 2 [orinoco_cs airjack_cs] i82365 22992 2 pcmcia_core 39072 0 [orinoco_cs airjack_cs i82365] Just to be sure I was running the right orinoco: # cd /usr/src/pcmcia-cs-3.1.31/wireless # patch -p0 < orinico.c.patch patching file orinoco.c Reversed (or previously applied) patch detected! # Assume -R? [n] ^C # make clean # make [...] # cp *.o /lib/modules/2.4.19/pcmcia/ # cd /lib/modules/2.4.19/ # find . -name \*orinoco\* -exec ls -al \{\} \; lrwxrwxrwx 1 root root 28 Oct 10 16:02 ./kernel/drivers/net/wireless/orinoco.o -> ../../../../pcmcia/orinoco.o -rw-r--r-- 1 root root 42088 Oct 10 15:58 ./pcmcia/orinoco.o -rw-r--r-- 1 root root 8416 Oct 10 15:58 ./pcmcia/orinoco_cs.o # depmod -a # depmod # /etc/init.d/pcmcia restart cardmgr[3941]: socket 0: Lucent Technologies WaveLan/IEEE Adapter cardmgr[3941]: executing: 'modprobe hermes' cardmgr[3941]: executing: 'modprobe orinoco' cardmgr[3941]: executing: 'modprobe orinoco_cs' cardmgr[3941]: executing: './network start eth0' cardmgr[3941]: socket 1: SMC 2632W 11Mbps 802.11b WLAN Card cardmgr[3941]: executing 'modprobe airjack_cs' cardmgr[3941]: executing './network start aj0' # lsmod Module Size Used by Not tainted airjack_cs 16736 1 orinoco_cs 4780 2 orinoco 28064 0 [orinoco_cs] hermes 3328 0 [orinoco_cs orinoco] ds 6752 2 [orinoco_cs airjack_cs] i82365 22992 2 pcmcia_core 39072 0 [orinoco_cs airjack_cs i82365] # cd /usr/src/airjack-v0.6.2-alpha-defcon/tools # make clean all [...] # ./monkey_jack -b 00:06:25:54:b9:91 -v 00:e0:29:9e:48:04 -c 9 -C 1 -I eth0 -e "047a32" Starting Monkey in the Middle Attack: victim: 00:e0:29:9e:48:04 bssid: 00:06:25:54:b9:91 configuring airjack device...done. forcing ourselved in the middle...done. configuring lucent card...done. coercing our card to associate as the victim...ioctl: SIOCSIWESSID: Operation not supported # iwconfig eth0 essid blah # iwconfig eth0 eth0 IEEE 802.11-DS ESSID:"blah" .... I beleive the orinoco card has firmware version 8.10. What firmware is known good? Also, what kernel/distro is airjack known working on? Thanks, novocane |
|
|
|
|
01-06-2003
|
#66 (permalink) |
|
stumble, sniff, audit awa
Join Date: Dec 2002
Posts: 19
|
airjack code
Looking for a copy of the airjack code and also the iPaq port mentioned earlier in this thread would rock!
 The 802.11ninja site hasn't had it up for a while and it doesn't seem to be anywhere else that I can locate... tia, bb |
|
|
|
|
02-24-2003
|
#68 (permalink) |
|
Registered Member
Join Date: Feb 2003
Posts: 1
|
compile problems
Hmm, I was wondering if anyone was having problems with compiling airjack. I've tried everything from using different kernels to different versions of pcmcia cs and i get the same error. I'm following c0rnholio's step-by-step on airjack's site.
I get this "airjack_cs: RequestIRQ: Resource in use"... This occurs when I plug in my card after replacing all "prism2_cs" entries in wlan-ng.conf with airjack_cs anyone else having this problem? I'm tested on linux 2.4.20 and above kernels, pcmcia-cs 3.1.33 and above versions, with linux-wlan-ng 0.1.16pre9. System version is debian 3.0r1 Btw, anyone know howto select a different WAP if two have a strong signal in the area with the same ESSID? sylikc |
|
|
|
|
03-10-2003
|
#69 (permalink) |
|
Registered Member
Join Date: May 2002
Posts: 12
|
aj0 doesn't come up
I am trying to use the airjack tools. I followed the step by step guide posted by c0rnholio but can't get it working on RH 8.0. It compiles fine (after I comment the __func__ print lines). I am using pcmcia-cs-3.2.3 with linux kernel 2.4.20.
After compiling, I do "modprobe airjack_cs" and then lsmod shows the airjack_cs module. I edited wlan-ng.conf file to use the airjack_cs module. I created a ifcfg-aj0 file and then restarted the pcmcia card services. ifconfig -a still displays wlan0 and not aj0. The airjack_cs module is not being used (as displayed by lsmod). Can someone please help me with this? Thanks. |
|
|
|
|
03-25-2003
|
#70 (permalink) | |
|
Registered Member
Join Date: Aug 2002
Location: bar
Posts: 25
|
Re: aj0 doesn't come up
the major problem here is that the wlan-ng.conf files are busted (if you ask me), check out the web site
http://802.11ninja.net and you should find an example config file for airjack pcmcia files, then rename your wlan-ng.conf to something other than .conf (ghetto solution but you get what you pay for)... --Abaddon Quote:
|
|
|
|
|
|
03-25-2003
|
#71 (permalink) | |
|
Registered Member
Join Date: Aug 2002
Location: bar
Posts: 25
|
Re: compile problems
for your first question, are you by chance using an orinoco driver at the same time as the airjack driver (two different cards), this sounds alot like an irq conflict with another driver that doesnt want to play nicely with the other children, the lucent (orinoco, hermes, wavelan, etc, etc, etc), cards have the same underlying hardware (different firmware though) than the stock prism2's, so ive noticed they like to fight for the same irq, and the orinoco drivers dont always play nicely with other drivers (they take their marbles and go home)...try forcing it to use another irq, or better yet try changing the line in airjack.c to this
static unsigned int irq_mask = 0xdeb0; that should force it to look for an irq other than 3...if that doesnt work email me directly abaddon@802.11ninja.net as for your second question, yes i can do it, no its not really easy...thats one of the flaws that airjack exploits when doing a man in the middle attack...one way you can do it is to handle the interrupt given by the card when status changes (like being associated), and force it off if its not to the correct bssid or whatever, this could be slow but should work really... --Abaddon Quote:
|
|
|
|
|
|
03-25-2003
|
#72 (permalink) | |
|
Registered Member
Join Date: Aug 2002
Location: bar
Posts: 25
|
Re: airjack code
email me for it and its yours if you have a good reason (hint: good reasons do not include "hook me up with your 1337 zer0 d4y", or "i want to break into someones network cause im a 31337 h4x0r y0")...
--Abaddon Quote:
|
|
|
|
|
Linear Mode
