WPA Handshake capture problem
forums.remote-exploit.org/showthread.php?t=8230
I used this tutorial and followed to the dotted i's and crossed t's (yes, I used my own macs, not his...I can see that question arising) and here's my setup:
eeePc running Back Track 3 final from SDHC partition
Inspiron 5100 running windows XP connected to
dd-wrt router with WPA2/PSK encryption
when I run through this, no matter how much I deauth the client, I still get no handshake, is there something I have done wrong?
(I used every command in the video)
1.Your not close enough. More than likely the reason.Originally Posted by tangentcollision
2.Your card is not injecting, try this command aireplay-ng --test (device) change device to what ever card your using, removing the brackets obviously.
3. If it results in injecting a high number of packets successfully, try using spoonwep to automate a deauth attack.
What card are you using your internal one?
Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.
okay, it's probably the distance then, I can inject and I've tried using spoonwep to deauth to no avail. thank you for the suggestion, didn't know that distance could affect the handshake capture process.
i can usually only capture using;
iwconfig eth1 rate 1M
then maybe this in aireplay;
-o 50 (or whatever number, play around.)
BIG BROTHER IS WATCHING YOU!!!
Tangent are you getting client acks when you do the deauth?
When you do the deauth you get
Sending 64 directed deauth STMAC [whatever] [Clients acks | AP acks]
If you are getting a decent amount of client acks then you should be in range.
When using spoonwep did you cheack the spoonwep dump file, it`s slightly disguised on your task bar, next to your shell tab.
Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.
I'm getting a decent amount of acks from the client, still not getting a handshake, I've even gone so far as to restart both router and computer...
-o 50? what does the -o option do? (don't have eeepc on, just wondering for quick reply) is eth1 your wireless card, VAP, or what?
ha, well, thanks to etech9 I got it, thanks for the advice. I can't tell if it was the rate or the -o 50 that did it, but I got my deauth packet and am cracking the key right now...not sure if the dictionary has my key in it, but I can add it in if I really want to see it pop up. it's the practice that I want, not the results.
From my expierence, run to airodump-ng and look on PWR level interface performing deauth operations, if level is less than 23 dB, handshake capture would be impossible, use more powerfull card as example Alfa AWUS036H
ah, I see...well, I got the handshake in my house, on the street...across the street, a little down the street......I think it's powerful enoughFrom my expierence, run to airodump-ng and look on PWR level interface performing deauth operations, if level is less than 23 dB, handshake capture would be impossible, use more powerfull card as example Alfa AWUS036H
Posting Permissions
