Results 1 to 10 of 10

Thread: WPA Handshake capture problem

  1. #1
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    12

    Default WPA Handshake capture problem

    forums.remote-exploit.org/showthread.php?t=8230
    I used this tutorial and followed to the dotted i's and crossed t's (yes, I used my own macs, not his...I can see that question arising) and here's my setup:

    eeePc running Back Track 3 final from SDHC partition
    Inspiron 5100 running windows XP connected to
    dd-wrt router with WPA2/PSK encryption

    when I run through this, no matter how much I deauth the client, I still get no handshake, is there something I have done wrong?
    (I used every command in the video)

  2. #2
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default

    Quote Originally Posted by tangentcollision View Post
    forums.remote-exploit.org/showthread.php?t=8230
    I used this tutorial and followed to the dotted i's and crossed t's (yes, I used my own macs, not his...I can see that question arising) and here's my setup:

    eeePc running Back Track 3 final from SDHC partition
    Inspiron 5100 running windows XP connected to
    dd-wrt router with WPA2/PSK encryption

    when I run through this, no matter how much I deauth the client, I still get no handshake, is there something I have done wrong?
    (I used every command in the video)
    1.Your not close enough. More than likely the reason.

    2.Your card is not injecting, try this command aireplay-ng --test (device) change device to what ever card your using, removing the brackets obviously.

    3. If it results in injecting a high number of packets successfully, try using spoonwep to automate a deauth attack.

    What card are you using your internal one?
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

  3. #3
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    12

    Default

    okay, it's probably the distance then, I can inject and I've tried using spoonwep to deauth to no avail. thank you for the suggestion, didn't know that distance could affect the handshake capture process.

  4. #4
    Junior Member imported_etech9's Avatar
    Join Date
    Aug 2008
    Posts
    48

    Default

    i can usually only capture using;

    iwconfig eth1 rate 1M

    then maybe this in aireplay;

    -o 50 (or whatever number, play around.)
    BIG BROTHER IS WATCHING YOU!!!

  5. #5
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    2

    Default

    Tangent are you getting client acks when you do the deauth?

    When you do the deauth you get

    Sending 64 directed deauth STMAC [whatever] [Clients acks | AP acks]

    If you are getting a decent amount of client acks then you should be in range.

  6. #6
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default

    When using spoonwep did you cheack the spoonwep dump file, it`s slightly disguised on your task bar, next to your shell tab.
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

  7. #7
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    12

    Default

    Quote Originally Posted by Nukelear View Post
    Tangent are you getting client acks when you do the deauth?

    When you do the deauth you get

    Sending 64 directed deauth STMAC [whatever] [Clients acks | AP acks]

    If you are getting a decent amount of client acks then you should be in range.
    I'm getting a decent amount of acks from the client, still not getting a handshake, I've even gone so far as to restart both router and computer...

    Quote Originally Posted by etech9 View Post
    i can usually only capture using;

    iwconfig eth1 rate 1M

    then maybe this in aireplay;

    -o 50 (or whatever number, play around.)
    -o 50? what does the -o option do? (don't have eeepc on, just wondering for quick reply) is eth1 your wireless card, VAP, or what?

  8. #8
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    12

    Default

    ha, well, thanks to etech9 I got it, thanks for the advice. I can't tell if it was the rate or the -o 50 that did it, but I got my deauth packet and am cracking the key right now...not sure if the dictionary has my key in it, but I can add it in if I really want to see it pop up. it's the practice that I want, not the results.

  9. #9
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    13

    Default

    Quote Originally Posted by tangentcollision View Post
    forums.remote-exploit.org/showthread.php?t=8230
    I used this tutorial and followed to the dotted i's and crossed t's (yes, I used my own macs, not his...I can see that question arising) and here's my setup:

    eeePc running Back Track 3 final from SDHC partition
    Inspiron 5100 running windows XP connected to
    dd-wrt router with WPA2/PSK encryption

    when I run through this, no matter how much I deauth the client, I still get no handshake, is there something I have done wrong?
    (I used every command in the video)
    From my expierence, run to airodump-ng and look on PWR level interface performing deauth operations, if level is less than 23 dB, handshake capture would be impossible, use more powerfull card as example Alfa AWUS036H

  10. #10
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    12

    Default

    Quote Originally Posted by tangentcollision View Post
    forums.remote-exploit.org/showthread.php?t=8230
    I used this tutorial and followed to the dotted i's and crossed t's (yes, I used my own macs, not his...I can see that question arising) and here's my setup:

    eeePc running Back Track 3 final from SDHC partition
    Inspiron 5100 running windows XP connected to
    dd-wrt router with WPA2/PSK encryption

    when I run through this, no matter how much I deauth the client, I still get no handshake, is there something I have done wrong?
    (I used every command in the video)
    Quote Originally Posted by vertigo View Post
    From my expierence, run to airodump-ng and look on PWR level interface performing deauth operations, if level is less than 23 dB, handshake capture would be impossible, use more powerfull card as example Alfa AWUS036H
    ah, I see...well, I got the handshake in my house, on the street...across the street, a little down the street......I think it's powerful enough

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •