Backtrack 3 with the 7811

So I've begun my Backtrack 3 adventure (legal uses only). I won't provide an explanation of what it is or what it does, this thread is mainly for those who know a bit about it already. I'll be posting my progress in getting it to work with the P-7811. Any input or support is appreciated.

Discovered information thus far (chronological order):
-BT3 is live bootable from a CD.
-BT3's KDE is NOT supported by our monitor, due to low maximum refresh rate of 60hz. Both Flux and VESA KDE are supported by the 7811.
-BT3 is live bootable from a USB when the bootsec batch is properly used. The bootsec batch file on the USB version of BT3 can corrupt any MBR if used incorrectly (can render Windows unbootable). Learned the hard way. NOTE: it requires administrator rights to work properly, however, if you "run as administrator'' it will run it from C: instead of your USB drive, which will corrupt your MBR. instead, you have to turn off UAC, reboot, execute batch, turn on UAC, reboot.
-BT3 USB version is extended with 2 new options, Compiz and Compiz Nvidia. Giving the same graphical error as KDE, neither are supported.
-Windows Recovery CD can fix MBR with its command prompt and command "Bootrec.exe /FixMbr" and "Bootrec.exe /FixBoot"
-The kernel currently used by BT3 does NOT provide support for the Marvel Yukon Gigabit Ethernet Controller nor the Intel Wifilink 5100, so as of now, BT3 will not allow for internet access without external hardware.
-Updated kernels DO provide support for the 7811 hardware.
-BT3 kernel can be updated.
-If modified, lilo.conf on the live USB version can easily corrupt windows MBR. Learned the hard way. Beginning to think that updated on the live USB version is hopeless.
-BT3 kernel cannot be updated on the live versions (USB nor CD - confirmed). It requires a hard drive installation.

Currently researching:
-Pros and Cons of BT3 hard drive installation. Is it considered a dual-boot?
-Updating kernel on hard drive install.

Purchased for research:
ALFA AWUS036H

 

Funnily enough I've had the latest BT3 image sat on my desktop for a while now but I have got around to trying it out yet. I didn't realise it would be such a hassle to get it working. Maybe I'll give it a go and let you know how I get on. Not sure how much difference it will make that I'm on slightly older hardware?

 

i just keep it on usb since they don't provide a GUI for installing.

 

Older hardware definitely helps, so you'll probably have more luck than me. What card are you using?

Information update:
-Doing BT3 hard drive install is pretty easy, but is unfortunately a full on dual-boot, so I'm considering not doing it at all.
-Linux boot loader is not required to boot BT3 from HDD, you can use Microsoft boot loader.
-Once on the HDD, the kernel can be updated, but there's a large risk of MBR corruption if directions are not closely followed (what's new?).

So I think I'm going to stick with the older kernel on the live USB and just use my external Alfa when it arrives, which sucks because I will always have my USB with me on the go, but I probably won't always have the Alfa with me (we'll see how big it is), so it kind of defeats the purpose here.

 

I get the same problems with the 75Hz refresh I think. I do get the KDE desktop for a few seconds and then it quits with VESA errors. Is there any other way of changing the refresh rate other than updating the kernel?

 

To be honest I don't even know if updating the kernel will change it, or if the problem really does have anything to do with the refresh rate. I've seen other people say that KDE has problems with nvidia cards in general. I just know that updating the kernel will add the drivers for my wificard and other hardware. VESA KDE works fine for me, just not regular KDE, is it the same for u?

Hmm... maybe I can get just the iwlwifi drivers and use them without updating the kernel... and maybe that would let me do it off the live USB. I'll have to look into this.

 

Ok I've got the VESA KDE working now. Not sure what was going wrong before. I've got an ASUS WL-167G USB wireless adaptor and I think it's fully supported with injection (although it's slow supposedly):

ASUS WL-167G

* Driver : rt73 (older version rt2570)
* Chipset : rt2571WF (older verson Ralink 2570)

Notice : Range is moderate but both monitor mode and injection work perfectly. Injects IV's at a very slow rate (about 300-500 IV's per minute), taking about 35 hours to collect 1,000,000 IV's.

Any idea how to get it working with that driver?

 

****, 35 hours for 1,000,000 IV's, lets hope you don't run into any WPA that you need. As to getting your card going, can you open up a command prompt and type "iwconfig" and tell me what you see. As long as you don't get "lo no wireless extensions" then it will be easy.

 

I take it that's pretty slow then?!

Code:

rausb0    RT2500USB WLAN  ESSID:""  Nickname:""
          Mode:Managed  Frequency=2.412 GHz  Bit Rate=11 Mb/s
          RTS thr:off   Fragment thr:off
          Encryption key:off
          Link Quality=0/100  Signal level:-120 dBm  Noise level:-87 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

 

Depends what you need it for I guess. You can start by typing "kismet" into a command prompt when in VESA KDE. If you need my help from there, we should probably talk through PM depending on what you're trying to do.

 

jakamo5,

I can't pm because i didn't have a post yet, but i'm looking for some help re: the ra2500usb driver too

if i get the capability i'll be looking to pm soon, hopefully you can help

thanks

 

what do you need 1,000,000 IV's for? wep only needs 40/50,000 or less.

 

I assume jakamo5 was referring to WPA.

When I run kismet from a command prompt it comes back with an error that there are no packet sources specified. If I run kismet using the icon it works but only if I have my internal 4965AGN wireless card switched on (using switch on front of laptop) and it uses the 4965AGN instead of the Asus USB. If I switch the 4965AGN (wlan0) off kismet doesn't load. It once asked me if I wanted to use rausb0 or wlan0 so I selected rausb0 but again it didn't load. Any ideas?

 

right with wpa you need about a million, but you might have luck with less

i forgot how to tell it to use one adapter over the other, i'll have to look into it for you. maybe you could disable your 4965 all together so then maybe it will default to your asus?

hmmm, i feel like it was something like

ifconfig wlan0 -down
ifconfig rausb0 -up

not sure

 

I have vista ultimate x64/bt3 dual boot. I ran expermental nvidia mode, and installed newest video drivers, then i did hdd instalation. my problem is that i get 1920x1200 resolution only, and yeah wifi does not work because of the kernel, so i am using usb wifi adapter. For wpa you can even have 10 billion ivs or 50k, it does not matter. Full hand shake and good password dictionary is needed.

 

i use a Hawking HWU8DD which has a zydas chipset. so for kistmet i type:
kismet -c zd1211,eth0,zd1211rw

i'm not too sure on the format of that except that it's ...,card name,driver name or something like that. can probably find it out with a quick google search tho.

@zarraza

yeah thats what i thought. last time i tried wpa cracking i was able to get the hand shake in about 15min., but sometimes it took at least an hour.

i think i read something about a guy being able to crack wpa in about 15 minutes, but didn't say how yet.

 

Ok found out why kismet and other tools aren't working. When I run start-kismet-ng I get this:

Code:

Interface       Chipset         Driver

rausb0          Ralink USB      rt2570 (monitor mode enabled)Invalid command : forceprismheader

wlan0           Intel 4965 a/b/g/n      iwl4965 - [phy0]

A quick google search tells me it could be a driver problem. No idea how to fix it though.

 

Sorted it. I just used kismet with my internal 4965AGN card and then used 'iwconfig rausb0 mode monitor' to activate monitor mode on my Asus USB dongle. Nice.

 

I have not played in a while with wpa/wpa2 cracking, but as far as i can remember, getting handshake is a matter of seconds if a client is connected. All you need to do is deauth that client, and client automatically tries to reauth and thats how you intercept handshake.
However, cracking handshake... is another story. Like i mentioned before, you need a really good/strong dictionary, and still it does not mean that you will successfully crack password, because IF password is preeeettyy lonnnnggg and complicated, most likely it is not in your dictionary, so you will fail.

I think there is a bruteforce thingy but not sure, and also gpu+cpu based software to crack wpa/wpa2. Recently i read that some russian company are using gpu+cpu to crack wpa/wpa2. Personally i dont know what or how to use to do/achviece that, because i really never researched that tho. But i know that......
There is some programs available to crack md5 hashes that uses new gpu+cpu technology. For example with very popular mdcrack program (based only on cpu), i was able to crack ~20 millions hash per/s (depends on proc tho. I tried on lappy with 1.66 Ghz C2D 6 months or so ago).
With a new technology... gpu+cpu (program called barswf, there are some others but this one is the fastest one as far as i know) and 7811 default i was able to crack 260-280 million hashes per/s (~40 mill each cpu core and ~200mill gpu). So thats a big improvement
Can you image what kind of speeds new quads and 2 or 3 gfx280 or radeon 4780x2 can achieve? Must be at least 1500 mill/s Personally, with tweaking my 7811's gpu i was able to reach ~350 mill/s hash..

I think i know what you are talking about... the thing is relatively new, and it is in beta version. The process will be shown in some kind of upcoming Security conference and after that available to public or something of that nature. I think its done thru Tkiptun-ng (one of the tools from aircrack-ng), but i am not sure if its available yet in aircrack-ng suite.
In addition, as far as i know, this method works only on WPA with QoS enabled networks. Also it seems to apply only to WPA-TKIP and not WPA-AES, so wpa is still kind of safe. However, wpa2 is still must be untouchable (except for those russians i mentioned before).

I hope that helps, and i do not sound to complicated lol

 

i after my last post i looked up the article again and read that he can crack part of it, but there is still more needed to get into the network.

one thing that i'd really like is injection support for the 4965agn in my 6860fx, i have a belkin card but could never get it working so i have to use a hawking hwu8dd dish antenna, which can be a hassle.

 

you might be right, but then it kind of makes no sense since there is no point if you cannot access AP. I think they were able to crack it but Qos must be enabled. Oh whatever... i am to tired In a couple of weeks it should be all clear i think.

4965agn is default wifi card, that came with 6860 right? I am to lazy to google that lol. I have 2 usb dongles, linksys wusb54gc and edimax 7318USG and both of them work perfectly. 7811's 5100wifi is not supported by bt3 kernel. I tried to install new kernel.... but it went wrong so i had to uninstall bt3 lol, so i am not doing it again, i will stick with my dongles.
hwu8dd looks pretty nice, like small sattelite dish Whats wrong with it? it wont inject? Its rt73 isnt? should not be a problem.
I am thinking about HAWKING HAO9SIP Hi-Gain Omni-Directional 2.4 GHz 9dBi Outdoor Antenna Kit. What You think about it? I would attach that to my edimax dongle because it has detachable antenna, or i might buy hawing usb dongle, it has detachable antenna too. I am not good with antennas at all so if you have some knowledge, please shed some light on this matter... thanks

edit: i would put it on my roof, so i could catch a lot of.... wep/wpa/wpa2 waves hahaha

 

Just an update since people are still keeping this thread going (thanks):

- Decided that updating the kernel on live BT3 (usb) is simply too hard and not worth it since it would have to be done every time anyway.
- Attempted to simply add a driver that would work for the 5100.
- Abandoned the driver add because it was too hard, but can be done. Anyway the 5100 isn't very powerful and sucks at injection.
- Got my Alfa AWUS036H and it's amazing right out of the box. BT3 has the drivers for the Alfa already, and cracking works perfectly on WEP/WPA/WPA2 etc. Small problem - the alfa cannot connect to WPA/WPA2 networks even though it can crack them fine. Weird issue... however, I can simply get on Windows and log in to the WPA/WPA2 network with the 5100 card once it's cracked. Or, there is a wrapper that will allow the Alfa to connect to WPA here.
- Found two extremely nifty programs: spoonwep and spoonwpa. spoonwep comes with BT3, however spoonwep2 is out and you have to place it in BT3/modules on your USB if you want to use it. spoonwpa also doesn't come with BT3 so you have to do the same with that. The correct spoonwep2 and spoonwpa files have a .lzm extension, a simple google search will get you them. If you do it right, you won't have to load them every time you do a live boot.
- Figured out that both spoonwep2 and spoonwpa show you whether or not AP's currently have clients connected to them, and also how many. (yes, I realize airodump-ng does this just as well, but it's cool to not have to use any commend line funtions).

As said, WEP does not need clients connected to it, but if there's no one using it, you'll have a hard time getting IV's. WPA requires both clients using it and also a good dictionary.

Again, if you have a USB install, place the .lzm files in BT3/modules and then when you boot BT3, simply open up a command prompt and type "spoonwep" for spoonwep2 or "spoonwpa" (for spoonwpa). You can also place the files in the same location inside the iso if you're using a CD boot.

**All cracks are done on my own network.**

 

yes the 4965agn is the default card. the hawking dish works great, the hassle is the size. i plan on buy an antenna from this guy on ebay, but i'm waiting for a response on what chipset it uses.
link

 

@Jakamo5: I did not succeed installing new kernel so i had to do reinstall bt3 lol.

As far as i know, to connect to wpa/wpa2 you need to configure wpa_supplipicant and such.

spoonwep and spoonwpa are pretty handy tools, i use spoonwep a lot. I used to do everything by hand but i just got lazy. There is also wesside-ng. It can crack wep in one minute or so.

Yes wep does not need clients, but still someone has to be on the other end to create arp packets (wired or wireless).

@ N00d13s

I had ubuntu x64 alpha 6 with aircrack-ng installed. That particular ubuntu version had newer kernel so 5100 was working. As far as i remember i was able to do injection with 5100.

Oh i thought your hawking is not working... or something of that nature, but if its only size, then its not that of a biggy i guess

wow that antenna is crazyyyy. Let me know when you get answer from him. Also what do you think of the antenna i posted. Should i get it or not really? I might get that crazy one if it has decent chipset and supports injections and such. 1 Mile radius... thats crazy.I would definitely put antenna like this on my roof.
Can you imagine having this one in downtown of a big city? 1000 spots easy lol.
The only thing is, the cable that connects pc (or rather say usb dongle or wifi card) and antenna... the shorter cable is... the better. Because the longer cable is, the more power you would loose.

edit: check out this one, from the same seller. It has 3 mile radius. http://stores.ebay.com/Bilcos-Wirel...0QQcolZ4QQdirZ1QQfsubZ588386018QQftidZ2QQtZkm

also he sells a lot of same ones, but the price is different so i dont know what is up with that. Seems like he has like 100 different versions but they all look the same.

 

i think it's because some of them have different length cables. I didn't see the ones with a 3 mile radius, maybe i'll get one of those. He replied back and told me they use an atheros chipset, so injection should work on those.

i live about a mile away from downtown here and they suppy free wifi. i also live close to a few schools, Mcdonalds, and few cafes that have wifi available also.

 

Yeah i was thinking that also, but still they all look the same, and most of them have same lenght but cost more than others lol
But basically, you really planing on getting either 1 mile radius antenna or 3 mile radius antenna?
p.s. may you do me a favor and ask him if longer cable decreases power and and etc?

EDIT: Did anyone managed to get lower graphics than 1920x1200 in bt3?

EDIT2: resolution problem solved. use modeline converters available online and then add given code to....

nevermind... i solved it after long ours of researching all i had to do is use modeline converting tools on internet. It gave me a code and i had to add it in ...

Section "Monitor"
Identifier "Monitor0"
VendorName "Unknown"
ModelName "AUO"
HorizSync 30.0 - 75.5
VertRefresh 62.0
Option "DPMS"
Modeline "1280x960@62" 105.34 1280 1336 1464 1704 960 960 962 997
Modeline "1600x1024@62" 143.49 1600 1672 1848 2176 1024 1024 1026 1063
EndSection

AND

Section "Screen"
Identifier "Screen0"
Device "Device0"
Monitor "Monitor0"
DefaultDepth 24
Option "NoLogo" "1"
Option "Coolbits" "1"
Option "TripleBuffer" "1"
Option "AddARGBGLXVisuals" "1"
Option "DamageEvents" "1"
Option "TwinView" "0"
Option "metamodes" "1600x1024 142.81 1600 1672 1848 2176 1024 1024 1026 1063"
SubSection "Display"
Depth 24
Modes "1600x1024@62" "1280x960@62"
EndSubSection
EndSection