Results 1 to 10 of 18

Thread: WPA - Stuck at handshake

Hybrid View

  1. #1
    Junior Member Acester's Avatar
    Join Date
    Jul 2008
    Posts
    54

    Default WPA - Stuck at handshake

    It's me again, I've set my router up as WPA TKIP. I have followed Xploitz (wonderful) walkthrough video at hxxp://forums.remote-exploit.org/showthread.php?t=8230&page=33

    So far it's been easy to follow, and I'm pretty sure I understand it, but I am stuck at the handshake. Here's what I've got so far..

    I have started the airodump in a shell, according to one of the first steps in the video. Next I try this in a second shell:
    Code:
    aireplay-ng -0 1 -a (Target AP's mac) -c (my faked mac, did it with mac changer) wlan0
    It has 2 lines after that..
    Waiting for beacon frame (BSSID: AP mac here) on channel 11
    Sending 64 directed DeAuth. STMAC: [Faked mac] [ 0|11 ACKs]

    So after that I look back in the first shell.. No handshake. I've tried it like, 30 times, and no luck. I've also used this tutorial: hxxp://xxx.macpirate.ch/uploads/Cellys_WPA2_Hack_EN.pdf
    It's practially the same, with the same results. Help? I'm going to bed btw, so goodnight, I'll check this tomorrow.

  2. #2
    Member m1cha3l's Avatar
    Join Date
    May 2008
    Posts
    208

    Default

    there are a couple of reasons you are not capturing the handshake.

    1. Are you close enough to the ap and client?

    2. Are you on the correct band?

    also have you tried analyzing the packets in wireshark? to see what you have got?

  3. #3
    Junior Member Acester's Avatar
    Join Date
    Jul 2008
    Posts
    54

    Default

    Quote Originally Posted by m1cha3l View Post
    there are a couple of reasons you are not capturing the handshake.

    1. Are you close enough to the ap and client?

    2. Are you on the correct band?

    also have you tried analyzing the packets in wireshark? to see what you have got?
    1. Yeah, I'm right beside the router pretty much. 100 pwr.

    2. I don't understand what you mean by band..

    Also no, I haven't even used wireshark. When googling around last night it came up alot, not entirely sure what it is..

  4. #4
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    There needs to be an client actually connected to the AP in order for you to be able to capture the handshake. The de-authentication attack will not magically generate the WPA handshake, only force an currently connected client to re-connect to the AP using the correct passphrase, thus exchanging the handshake again. Since you in your command seem to use your own MAC address as the target one it would seem like this is the fact you are missing.
    -Monkeys are like nature's humans.

  5. #5
    Junior Member Acester's Avatar
    Join Date
    Jul 2008
    Posts
    54

    Default

    Quote Originally Posted by =Tron= View Post
    There needs to be an client actually connected to the AP in order for you to be able to capture the handshake. The de-authentication attack will not magically generate the WPA handshake, only force an currently connected client to re-connect to the AP using the correct passphrase, thus exchanging the handshake again. Since you in your command seem to use your own MAC address as the target one it would seem like this is the fact you are missing.
    Well, I suppose the client that is connected would be this PC. That would work, right? I don't really know if it matters much, but this PC is usually always on MSN, lol.

    So, this pc is the client, but does the client have to be active?

  6. #6
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by Acester View Post
    Well, I suppose the client that is connected would be this PC. That would work, right? I don't really know if it matters much, but this PC is usually always on MSN, lol.

    So, this pc is the client, but does the client have to be active?
    As long as the PC, or at least the wireless card that you use, is not the same as the one you use for sending the de-auth packets with. The client does need to be active to a degree, that is he must re-associate with the AP, and will have to be connected through a wireless connection.
    -Monkeys are like nature's humans.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •