Results 1 to 8 of 8

Thread: WPA Handshake Issues BT2, aircrack0.9.3,RT61 Card

  1. #1
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    5

    Default WPA Handshake Issues BT2, aircrack0.9.3,RT61 Card

    Hey, i just registered and can only post here for three days, so here is my problem (already have searched forums and google extensively):

    I am using BackTrack2.0 with aircrack-ng-0.9.3 and a Ralink Card with the RT61 chipset/drivers.

    I have cracked plenty of WEPs with this identical setup, they are easy. So I decided to try some WPA-PSK networks.

    Everything goes to plan, put card in monitor mode, start airodump-ng on the BSSID / Channel I want, and then start hitting its client with some deauth attacks.

    The problem is, even though I have an approx 80% signal strength, deauth has no effect and no handshakes are ever captured.

    I have tried just sending one deauth packet, and letting it send them over and over for an hour. Nothing.
    See screenshots:
    freewebs.com/straafe/NoDeauth.jpg
    freewebs.com/straafe/NoDeauth1.jpg

    I have tried this on various WPA-PSK networks with signal strengths ranging from 50%-85% with no luck on the handshake. During some of my searches I read that many people were successful with 30/100 connection strengths, so I am wondering if my card might have something to do with it, although its worked flawlessly until now.

  2. #2
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    5

    Default

    More info:

    Have tried setting rate to 1M

    Have faked the MAC of the client

    Have used laptop with Intel Pro/Wireless 3945abg card to monitor/deauth simultaneously with my Ralink card in my desktop - neither picked up a handshake

    (screen from laptop: freewebs.com/straafe/laptop.jpg)

    FOR SCREENS: add the http or www to the link since it won't let me post full urls since I just signed up.

  3. #3
    Member
    Join Date
    Jun 2007
    Posts
    218

    Default

    You might want to try a later version of aircrack-ng.

    You got a lot of data packets, did you get any part of a handshake?

    Also, try sending just 1 deauthentication, give the client a better chance to reassociate.

  4. #4
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    5

    Default

    I never checked if I had any parts with wireshark, i just gave up after a while if airodump didnt indicate it had caught the handshake.

    according to download.aircrack-ng.org 0.9.3 is the latest version of aircrack. I guess there is a beta2 version 1.0 out, but I dont think it would make any difference. Has anyone else used the RT61 drivers for a WPA crack? I have successfully used it in multiple WEP trials with ARP Replay attacks so I assume injection should work fine.

    I just cannot get the handshake.

    I have downloaded backtrack 3 beta to see if it has any changes that could help, and will try it later.

  5. #5
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    5

    Default

    Im in BT3 right now using whatever version of aircrack it comes with. It changed the interface from ra0 to wlan0 but so far that is still the only difference.... still no luck on the handshake.

  6. #6
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    The problem is, even though I have an approx 80% signal strength, deauth has no effect and no handshakes are ever captured.

    I have tried just sending one deauth packet, and letting it send them over and over for an hour. Nothing.
    See screenshots:
    Try mdk3 with the d option, and a blacklist (-b). I personally always recommend this if someone is having problems with the deauth attack as I find that mdk3 is better for this task and it has not failed me once.

    Also remember that the fact that you can hear the AP, even with a good signal, does not necessarily mean that you will be able to inject to it. It all comes down to the transmission power of your wireless card and if it is too weak the AP will not be able to hear your deauth packets.
    -Monkeys are like nature's humans.

  7. #7
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    5

    Default

    Also remember that the fact that you can hear the AP, even with a good signal, does not necessarily mean that you will be able to inject to it. It all comes down to the transmission power of your wireless card and if it is too weak the AP will not be able to hear your deauth packets.
    True, I guess I have just been making the assumption that I am close enough. I will try your suggestions. I am not familiar with mdk3 but Ill do the research and get back to you.

  8. #8
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    True, I guess I have just been making the assumption that I am close enough. I will try your suggestions. I am not familiar with mdk3 but Ill do the research and get back to you.
    Nice to see a new member willing to do some research himself and not just asking to be spoonfed. Good luck, and post back if you are running into any issues you can't resolve on your own.
    -Monkeys are like nature's humans.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •