A couple of months ago, I published my previous Wi-Fi penetration article about “Aircrack/Aireplay-ng Under Packet Injection Monitor Mode in Windows using a Virtual Machine of Backtrack Linux.” Really, there was still no complete sever from Linux with this scheme … until now. I didn’t realize that there was an easier way to use aircrack-ng in Windows and at the same time completely break free of Linux. Hours after I released that article, a reader left a comment telling me that somebody already wrote a less complicated method, “How to Packet injection Aireplay-ng & Windows XP” at airdump.net.

Summary

Ultimately, the premises of this hack works like this. With a slightly modified DOS/Windows-ported compilation of the most cutting-edge (actually beta) Aircrack-ng suite and a monitor mode compatible WiFi driver, it is possible to essentially inject packets in Windows with no middleman of a virtual machine (as mentioned in my previous Backtrack article). The original article at airdump.net actually provides the recompiled Aircrack-ng suite and the stripped CommView WiFi driver in a nifty little package.

Override the Original Driver

Since you’ll be using a third-party driver, like Aireplay, there are only certain wireless adapters it will work with.

First things first, you need to replace the original manufacturer driver with the one from CommView. I won’t go into the details because if you’re reading this, you should already be competent enough to know how to do it yourself. Basically, you “Update Driver,” “Install from a list or a specific location (Advanced),” “Don’t search, I will choose the driver to install,” “Have Disk…”and “Browse…” Note that this new driver will render your wireless adapter unusable by your operating system until you revert back to the original manufacturer’s driver.

New Tools

Airserv-ng will not be a familiar tool for most readers since it is not even included in the stable release of the Aircrack-ng suite. I am very excited about the next stable release, whether it is for Linux or Windows. This is because of the new cutting edge programs that the developers are working on, Airserv-ng being one of them. Like it sounds, Airserv-ng is a server that creates a TCP port allowing other programs to interface with the wireless card. This allows simpler programs to focus less on driver/hardware logistics and more on other penetration techniques. Eventually, it will allow any operating system with TCP/IP technology (all of them) to access some functionality of aireplay-ng in multiple instances. This includes Windows.

Initializing Airserv-ng

1. Start by loading the Command Prompt and navigating to the aircrack-ng folder (from the airdump.net website package).
2. Enter “airserv-ng –d commview.dll -p 12345 -c 6” Instead of “6,” input the channel with the target network.
   
   
   
3. Confirm when it asks you if it chose the correct card. Keep this airserv-ng window open while performing packet injection.

   

4. Open another instance of the Command Prompt and work aireplay-ng like normal. But instead of using the “Linuxy” network replay interfaces like “ath0,” “wifi0,” “rausb0,” and “ra0,” use “127.0.0.1:12345”

   
   
   

5. Watch the packets flow!

   

See if this works for you. Check my original source for additional information or leave any questions/comments below. I would love to hear of more ways to use aireplay-ng in Windows … but I highly doubt that there are any other ways that beat this.

If you enjoyed this post, make sure you subscribe to hacker not cracker via RSS feed or email update!

---