Results 1 to 4 of 4

Thread: Cracking WPA - 100% got client but it does not show

  1. #1
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    5

    Default Cracking WPA - 100% got client but it does not show

    OK, I've cracked WEP - piece of cake once you know how. Not a boast - just to give you the info that I'm not a dullard and that I have supported wifi devices ;-) I'm using BT3 final

    Now I'm trying WPA - Tkip

    I have the net password. I set one laptop up as a client , connected with the password, browsing fine.

    On my PEN machine (BT3 Final) I get things going and end up with airodump running but it does not show the client. The client I know is 100% connected wirelessly. I've tried connecting the client with b and then g. I've tried browsing and pinging. Nothing I do lets my PENtesting machine detect the client.

    What direction should I be looking in?

    I've tried Kismet and it DOES see the client, though it lists it as a type "F" - not a "T" or "E". I've then tried a deauth with the supplied MAC info but nothing happens.

    Maybe the AP is immune?

    ANy help more than welcome. I really don't need the key, I already have it, but I hate being beaten....

  2. #2
    Senior Member DaKahuna's Avatar
    Join Date
    Jan 2010
    Posts
    103

    Default

    You need the client to be sending and receiving traffic to the WAP vice just being associated to it.

    Use the client to go to a streaming audio or video site and then it should show up in airodump-ng.

  3. #3

    Default

    The first part of cracking WPA is the same as cracking WEP, so if you can do one, you should be able to do the other.

    What direction should I be looking in?
    Several!

    On your pentest box:

    1. Is your interface in monitor mode?
    2. Did you lock airodump to the channel of your AP?
    3. Using wireshark, can you see traffic between the client and AP? If not, either you are out of range or your card is not actually in promiscious (monitor) mode.
    4. From you client box, ping or surf to something...did you capture those packets in wireshark? If not, then see the last part of (item 3 above).
    5. Are you using the correct monitoring interface (if you drivers support more than 1 interface). What kind of card/drivers are you using?

    On a seperate, but related note: I'm not familar with Kismet network type fields of "F" and "E". There is a Flag that is "F" which denotes factory default config. What are these network types?

  4. #4
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    5

    Default

    Thanks guys.

    1) Yep 100% in monitor mode
    2) yep - channel locked
    3) Will check wireshark - only just started playing with that app
    4) Will try that
    5) I'm using RAUSB0 (Hawkingtech RT73 chipset) - works fine when doing WEP

    I'm certainly happy i'm in monitor mode - it confirms this after stopping and starting the card - besides I do the same thing for WEP with 100% success.

    I did try generatiing some traffic on the client - by browsing web sites. Maybe this time I'll try some heavier traffic

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •