there are a couple of reasons you are not capturing the handshake.
1. Are you close enough to the ap and client?
2. Are you on the correct band?
also have you tried analyzing the packets in wireshark? to see what you have got?
WPA - Stuck at handshake
It's me again, I've set my router up as WPA TKIP. I have followed Xploitz (wonderful) walkthrough video at hxxp://forums.remote-exploit.org/showthread.php?t=8230&page=33
So far it's been easy to follow, and I'm pretty sure I understand it, but I am stuck at the handshake. Here's what I've got so far..
I have started the airodump in a shell, according to one of the first steps in the video. Next I try this in a second shell:
It has 2 lines after that..Code:aireplay-ng -0 1 -a (Target AP's mac) -c (my faked mac, did it with mac changer) wlan0
Waiting for beacon frame (BSSID: AP mac here) on channel 11
Sending 64 directed DeAuth. STMAC: [Faked mac] [ 0|11 ACKs]
So after that I look back in the first shell.. No handshake. I've tried it like, 30 times, and no luck. I've also used this tutorial: hxxp://xxx.macpirate.ch/uploads/Cellys_WPA2_Hack_EN.pdf
It's practially the same, with the same results. Help? I'm going to bed btw, so goodnight, I'll check this tomorrow.
there are a couple of reasons you are not capturing the handshake.
1. Are you close enough to the ap and client?
2. Are you on the correct band?
also have you tried analyzing the packets in wireshark? to see what you have got?
1. Yeah, I'm right beside the router pretty much. 100 pwr.Originally Posted by m1cha3l
2. I don't understand what you mean by band..
Also no, I haven't even used wireshark. When googling around last night it came up alot, not entirely sure what it is..
There needs to be an client actually connected to the AP in order for you to be able to capture the handshake. The de-authentication attack will not magically generate the WPA handshake, only force an currently connected client to re-connect to the AP using the correct passphrase, thus exchanging the handshake again. Since you in your command seem to use your own MAC address as the target one it would seem like this is the fact you are missing.
-Monkeys are like nature's humans.
Well, I suppose the client that is connected would be this PC. That would work, right? I don't really know if it matters much, but this PC is usually always on MSN, lol.
So, this pc is the client, but does the client have to be active?
As long as the PC, or at least the wireless card that you use, is not the same as the one you use for sending the de-auth packets with. The client does need to be active to a degree, that is he must re-associate with the AP, and will have to be connected through a wireless connection.
-Monkeys are like nature's humans.
..What?? That's the first time I've heard that! So basically, to be able to get the handshake the client must be wirelessly connected??
What kind of n00b you are.WPA works on Wireless network so its quite obvious for capturing 4 way handshake the station will have to re-associate with the AP using wpa passphrase on a wireless connection.read about the Wireless technology first.bt3 is not a n00b distro.
read more at
http://www.aircrack-ng.org/doku.php?id=cracking_wpa
Strongly recommend to you to study first about wireless network,authentication methods and encryption types.
Naturally, since the wired connection is not encrypted with WPA the handshake will not occur unless the clients connect to the AP wirelessly.
-Monkeys are like nature's humans.
Oooh... Now I have to say that makes much more sense.
I've used wireshark for the first time, and I see that it's a packet sniffer. This is going to allow me to see if there are any wireless clients connected to the AP, correct? I don't really know how to use it.. Any tips, or maybe there's a good thread out there?
Posting Permissions