Решение проблемы: Wi-Fi карта не переходит в режим монитора, хотя название меняется на wlan0mon

The Codeby — одна из сильнейших Red Team в RU сегменте. Команда профессионалов, специализирующаяся на аудите информационных систем и тестировании на проникновение.

Мы предлагаем: Аудит веб-сайта компании, Аудит внешнего периметра, Аудит веб-приложения, Аудит внутренней корпоративной сети, Проверка ИБ-грамотности сотрудников, Анализ кода ПО, Аудит Wi-Fi и СКУД, Выявление уязвимостей ПО серверов и рабочих станций, Пентест инфраструктуры методом черного ящика. Подробнее .

Сын спрашивает отца-программиста:
– Папа, а почему солнце встает на востоке?
– Ты это проверял?
– Да.
– Работает?
– Да.
– Каждый день работает?
– Да.
– Тогда сынок, ради бога, ничего не трогай, ничего не меняй!

После обновлений Reaver t6_x и Aircrack-ng v1.2 RC2 в Kali Linux, появились жалобы на этот самый Reaver — t6x, можно посмотреть их в комментариях к соответствующей статье.

Само-собой, думалось, что проблема именно в Ривер. В нём бесконечно появлялись ошибки вроде «WARNING: Failed to associate with» даже без Pixiewps у меня он перестал что-либо подбирать. Но если присмотреться к работе других программ, например к Wifite, то там такая же проблема — атака на WPS не работает. Penetrator-WPS также не работает.

Ответ подсказал один из посетителей сайта с именем Владимир. Вот его сообщение:

«Замечал у себя проблему, что не всегда airmon переводит карту в режим монитора (название карты изменялось на wlan0mon, но режим оставался managed), в этот раз и penetrator не смог перевести карту в монитор. В итоге в режим монитора карту переводил вручную через iwconfig wlan0 mode monitor. После этого penetrator -i wlan0 -A начал работу»

Владимир, огромное Вам спасибо, что навели на верное решение!

Error for wireless request «Set Mode» (8B06) : SET failed on device wlan0 ; Device or resource busy.

В моём случае (думаю и у других, у кого схожая ситуация с Ривером) оказалось, что карта просто не переводилась в режим монитора.

Это можно сделать, как указал Владимир, следующей командой:

Правда команда у меня выдавала следующую ошибку:

Побороть эту ошибку и перевести карту в режим монитора мне позволила следующая последовательность команд:

В результате карта была переведена в режим монитора и программы, использующие этот режим, заработали должным образом.

Сегодняшняя статья — отличный пример того, что наши собственные знания приумножаются, когда мы ими делимся с другими.

Aircrack-ng

User Tools

Site Tools

Table of Contents

Airmon-ng

Description

This script can be used to enable monitor mode on wireless interfaces. It may also be used to go back from monitor mode to managed mode. Entering the airmon-ng command without parameters will show the interfaces status.

Usage

usage: airmon-ng [channel] or airmon-ng

Usage Examples

Typical Uses

Check status and/or listing wireless interfaces

Checking for interfering processes

When putting a card into monitor mode, it will automatically check for interfering processes. It can also be done manually by running the following command:

Killing interfering processes

This command stops network managers then kill interfering processes left:

Enable monitor mode

Note: It is very important to kill the network managers before putting a card in monitor mode!

As you can see, it created a monitor mode interface called wlan0mon and it notified there are a few process that will interfere with the tools.

Disable monitor mode

Don’t forget to restart the network manager. It is usually done with the following command:

Madwifi-ng driver monitor mode

This describes how to put your interface into monitor mode. After starting your computer, enter “iwconfig” to show you the current status of the wireless interfaces. It likely looks similar the following output.

If you want to use ath0 (which is already used):

And the system will respond:

Now, if you do “iwconfig”:

You can see ath0 is gone.

To put wifi0 in monitor mode:

Now enter “iwconfig”

You can see ath0 is in monitor mode. Also make sure the essid, nickname and encryption have not been set. The access point shows the MAC address of the card. The MAC address of the card is only shown when using the madwifi-ng driver. Other drivers do not show the MAC address of the card.

If ath1/ath2 etc. is running then stop them first prior to all the commands above:

You can set the channel number by adding it to the end: airmon-ng start wifi0 9

Usage Tips

Confirming the Card is in Monitor Mode

To confirm that the card is in monitor mode, run the command “iwconfig”. You can then confirm the mode is “monitor” and the interface name.

For the madwifi-ng driver, the access point field from iwconfig shows your the MAC address of the wireless card.

Determining the Current Channel

To determine the current channel, enter “iwlist channel”. If you will be working with a specific access point, then the current channel of the card should match that of the AP. In this case, it is a good idea to include the channel number when running the initial airmon-ng command.

How Do I Put My Card Back into Managed Mode?

It depends on which driver you are using. For all drivers except madwifi-ng:

For madwifi-ng, first stop ALL interfaces:

Where X is 0, 1, 2 etc. Do a stop for each interface that iwconfig lists.

For mac80211 drivers, nothing has to be done, as airmon-ng keeps the managed interface alongside the monitor mode one (mac80211 uses interface types rather than modes of operation). If you no longer need the monitor interface and want to remove it, use the following:

X is the monitor interface number — 0 unless you run multiple monitoring interfaces simultaneously.

Debugging issues

airmon-ng has two options to show more information, which can be useful when reporting or debugging issues.

—verbose flag

It gives information about the system as well as details about the wireless card.

In this case, the following additional information can be seen:

—debug flag

It will give the same information as verbose and add more details:

Usage Troubleshooting

Madwifi-ng

Quite often, the standard scripts on a linux distribution will setup ath0 and or additional athX interfaces. These must all be removed first per the instructions above. Another problem is that the script set fields such as essid, nickname and encryptions. Be sure these are all cleared.

Airmon-ng says the interface is not in monitor mode

It most likely mean the interface mode was changed from monitor to managed mode by a network manager. In this case, when stopping monitor mode, this is not a problem.

My interface was put in monitor mode but tools says it is not

It usually means the interface was put in monitor mode prior to killing network managers. And the network manager put the card back in managed mode.

Refer to the documentation above to kill network managers and put it back into monitor mode.

Interface athX number rising (ath0, ath1, ath2. ath45..)

The original problem description and solution can be found in this forum thread.

Problem: Every time the command “airmon-ng start wifi0 x” is run, a new interface is created as it should, but there where two problems. The first is that for each time airmon-ng is run on wifi0 the interface number on ath increases: the first time is ath1, the second ath2, the third ath3, and and so on. And this continues so in a short period of time it is up to ath56 and continuing to climb. Unloading the madwifi-ng driver, or rebooting the system has no effect, and the number of the interface created by airmon-ng continues to increase.

The second problem is that if you run airmon-ng on wifi0 the athXX created does not show as being shown as in Monitor mode, even though it is. This can be confirmed via iwconfig.

All these problem related to how udev assigns interface names. The answer is in this ticket: http://madwifi-project.org/ticket/972#comment:12 Thanks to lucida. The source of the problem comes from the udev persistent net rules generator.

Each distro is different… So here is a solution specifically for Gentoo. You should be able to adapt this solution to your particular distribution.

Gentoo 2.6.20-r4 Udev 104-r12 Madwifi 0.9.3-r2 Aircrack-ng 0.7-r2

Change the file /etc/udev/rules.d/75-persistent-net-generator.rules

From: KERNEL==“eth*|ath*|wlan*|ra*|sta*…….. To: KERNEL==“eth*|Ath*|wlan*|ra*|sta*…….

In other words, you just capitalize the a. ath* becomes Ath*. Save the file.

Now delete the file /etc/udev/rules.d/70-persistent-net.rules.

Remove the driver and insert back.

Removing ath also works: KERNEL==“eth*|wlan*|ra*|sta*….

This is also on Gentoo, both 2.6.19-gentoo-r5 and 2.6.20-gentoo-r6

For Ubuntu, see this Forum posting. The modified version of /etc/udev/rules.d/75-persistent-net-generator.rules is:

Interface ath1 created instead of ath0

This troubleshooting tip applies to madwifi-ng drivers. First try stopping each VAP interface that is running (“airmon-ng stop IFACE” where IFACE is the VAP name). You can obtain the list from iwconfig. Then do “airmon-ng start wifi0”.

If this does not resolve the problem then follow the advice in this thread.

Why do I get ioctl(SIOCGIFINDEX) failed?

If you get error messages similar to:

Error message: «wlanconfig: command not found»

If you receive “wlanconfig: command not found” or similar then the wlanconfig command is missing from your system or is not in the the path. Use locate or find to determine if it is on your system and which directory it is in.

If it is missing from your system then make sure you have done a “make install” after compiling the madwifi-ng drivers. On Ubuntu, do “apt-get install madwifi-tools”.

If it is not in a directory in your path then move it there or add the directory to your path.

airmon-ng shows RT2500 instead of RT73

Error «add_iface: Permission denied»

You receive an error similar to:

or similar to this:

This means you have an old version of airmon-ng installed. Upgrade to at least v1.0-rc1. Preferably you should upgrade to the current version. See the installation page for more details. Also, don’t forget you need to be root to use airmon-ng (or use sudo).

check kill fails

Distros from now on are going to adopt ‘upstart’ which is going to replace the /sbin/init daemon which manages services and tasks during boot.

and then proceed with greping and killing the pids of dhclient and wpa_supplicant.

This is the only way to kill ALL of the potentially problematic pids for aireplay-ng permanently. The trick is the kill the daemons first and then terminate the ‘tasks’.

SIOCSIFFLAGS: Unknown error 132

If you have an output similar to:

It indicates that RF are blocked. It needs to be enabled by using the switch on your laptop and/or using the following command:

ERROR adding monitor mode interface: command failed: Operation not supported (-95)

It is known to happen on the Raspberry Pi, when using airmon-ng. When that happens, the following can be seen in dmesg:

There may be instances of the following in dmesg as well prior to the above output:

Even though dmesg says the interface is already in monitor mode and “iw dev wlan0 info” confirms it is, airodump-ng will fail and report the interface data linktype is Ethernet. This is a bug in the driver and/or firmware, and the workaround is to reboot the system or to reload the driver:

Помогите! Как убрать Wi-Fi адаптер с режима монитора

Здарова народ! Столкнулся с проблемой, в этом деле я не спец вот и прошу вашей помощи, у меня адаптер TP-Link TL-WN7227N и я его перевёл в режим монитора, как сделать всё обратно, как было?

Какой командой ты это сделал? Пробрвал ломать сеть соседа?

airmon-ng start. Ну типо да xD

Посмотри в man airmon-ng

AIRMON-NG(8) System Manager’s Manual AIRMON-NG(8)

NAME airmon-ng — POSIX sh script designed to turn wireless cards into monitor mode.

SYNOPSIS airmon-ng [channel] airmon-ng [kill]

DESCRIPTION airmon-ng This script can be used to enable monitor mode on wireless interfaces. It may also be used to go back from monitor mode to man‐ aged mode. Entering the airmon-ng command without parameters will show the interfaces status. It can also list/kill programs that can interfere with the wireless card operation.

OPTIONAL PARAMETERS start [channel] Enable monitor mode on an interface (and specify a channel). Note: Madwifi-ng is a special case, ‘start’ has to be used on wifi interfaces and ‘stop’ on ath interfaces.

stop Disable monitor mode and go back to managed mode (except for madwifi-ng where it kills the ath VAP).

check [kill] List all possible programs that could interfere with the wireless card. If ‘kill’ is specified, it will try to kill all of them.

—verbose This flag must precede start/stop/check and can be combined with with other parameters or used alone. This flag will increase the verbosity to provide additional useful information which may not be needed for normal operation.

—debug This flag must precede start/stop/check and can be combined with with other parameters or used alone. This flag will increase the verbosity to debug level to assist in troubleshooting errors in airmon-ng. Use this flag when opening a bug, but only use —verbose when requesting support in irc.

—elite WARNING: DO NOT USE: This flag must precede start or stop and will prevent airmon-ng from removing interfaces. WARNING: Use of this flag will immediately disqualify receiving any support from the aircrack-ng team, due to the fact that this behavior is known to be

Перевод адаптера в режим наблюдения (wlan0 -> mon0)

Все доброго времени суток. Не так давно пользуюсь Kali Linux. Пытаюсь перевести адаптер в режим наблюдения но почему то не выходит. Рассказываю что к чему, кто может обьясните плиз почему не выходит.

1. Выполняю ifconfig. Мой беспроводной адаптер соответственно wlan0.
2. Выполняю airmon-ng start wlan0.
Выдает мне следующее: Newly created monitor mode interface wlan0mon is *NOT* in monitor mode.
Removing non-monitor wlan0mon interface.
WARNING: unable to start monitor mode, please run «airmon-ng check kill»
3. Соответственно делаю airmon-ng check kill и следом airmon-ng start wlan0.
Пишет: (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
(mac80211 station mode vif disabled for [phy0]wlan0)

4. Далее я пытаюсь выполнить airodump-ng и конечно же ничего не выходит. Пишет No interface specified.
Не могу понять что не так и почему не переводит в wlan0. .
Если что мой чипсет Qualcomm Atheros AR9485 Wireless Network Adapter (rev 01); Драйвер ath9k

Диплом. Перевод адаптера wifi в AP
Добрый день. Собственно нужно написать программу для перевода wifi адаптера AP. Базовые знания.

Вывести на экран информацию сетевого адаптера — IP адрес, Gateway, имя адаптера. WinAPI
Здравия желаю! По тз начал изучать винапи. Буквально недавно занялся плюсами и пока плохо.

Qt перевод в фоновый режим
Всем привет! Подскажите как сделать в приложении Qt Widgets, чтобы при определенной комбинации.

Перевод проца в защищенный режим
Кибердруги, посоветуйте хорошую литературу по переводу проца в защищенный режим. С практическими.