Results 1 to 8 of 8

Thread: Getting Handshake WPA ?

  1. #1
    Good friend of the forums Eatme's Avatar
    Join Date
    Aug 2009
    Location
    Socks5
    Posts
    308

    Default Getting Handshake WPA ?

    I was wondering, how much DATA or Packets must be captured in order to receive a successful handshake (crackable).



    Im asking cuz im trying to keep a minimum file size.

  2. #2
    Junior Member
    Join Date
    May 2009
    Posts
    61

    Default

    Read theory before you ask.

    You dont need any data you dont crack wep key so ivs are useless. You must capture packet which has 4-way handshake and then try get key form handshake with dictionary attack.

    when client is is associating with ap then is your chance to get handshake so deauthentcion attack is there to make process faster by disconneting a clinet and force him to connect again.


    In future read more before you ask because you ask basics which you can read anywhere.

    Google: how to crack wpa key or better wpa wiki and wep wiki to see which key is made of what.

  3. #3
    Good friend of the forums Eatme's Avatar
    Join Date
    Aug 2009
    Location
    Socks5
    Posts
    308

    Default

    thanks.

    but i wasn't asking how to crack WPA or WEP. Cuz i already know how. I was asking something totally different from what you posted.

    Your very first sentence answered my question, all the other things you mentioned were useless btw.

  4. #4
    Member mixit's Avatar
    Join Date
    Jan 2010
    Posts
    104

    Default

    Capturing a handshake does not require a certain amount of data. You are actually trying to capture the 4-way handshake between the AP and client, which occurs only when the client initially connects to the AP.

    If there is a client on the network, you can force a deauthentication and when they reconnect to the AP, you can capture the 4-way handshake. To do this, look into the aireplay-ng -0 attack.

    This is not like WEP where you collect a certain amount of data and then can crack the password. You essentially capture the hashed network key and then try to crack that. Once you have the hashed network key, you can run a dictionary attack on it, but there is no guarantee of success like with WEP.

    Someone might reply to this saying that you CAN guarantee success with a brute force attack on it, but to do so would take a ridiculously long period of time with current technology.

    Read about WPA to understand more of the basic concepts is what I'm trying to tell you in all of this.

    EDIT: I took so long typing this someone already answered your questions lol, sorry.

  5. #5
    Junior Member
    Join Date
    May 2009
    Posts
    61

    Default

    Quote Originally Posted by Eatme View Post
    thanks.

    but i wasn't asking how to crack WPA or WEP. Cuz i already know how. I was asking something totally different from what you posted.

    Your very first sentence answered my question, all the other things you mentioned were useless btw.
    Read theory before you ask i think that this gave you answer. Sorry i dont want to be rude but you are member which show that you have some expirience on this forum so how you didnt see this before.

    If you arent sure that your handshake is crackable then put your cap file in wireshark and filter eapol to see has your packet 4-way handshake.

  6. #6
    Senior Member kidFromBigD's Avatar
    Join Date
    Jan 2010
    Location
    Texas
    Posts
    159

    Default

    Quote Originally Posted by Handsome-geek View Post

    ...<edit>...

    If you arent sure that your handshake is crackable then put your cap file in wireshark and filter eapol to see has your packet 4-way handshake.
    By the way, if your box has a later version of pyrit installed, you can use the 'strip' option to pare down very large .cap files into just what you need for WPA. Here's a example:
    Code:
    pyrit -r LARGE_FILE_WITH_4WAY.cap -f small_file_with_4way.cap strip
    If you're running BT4Pre-Final and the repository points to the latest release of pyrit (which is 0.2.4) then you can get this feature.

    Otherwise, you can use Wireshark and save the EAPOL packets plus a single beacon frame and get the same result.

    Cheerio.
    You. Are. Doing. It. Wrong.
    -Gitsnik

  7. #7
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by kidFromBigD View Post
    Otherwise, you can use Wireshark and save the EAPOL packets plus a single beacon frame and get the same result.
    Like so:
    Code:
    tshark -r file.cap -R "eapol || wlan_mgt.fixed.beacon" -w outfile.cap
    That doesn't make it as neatly as via wireshark itself because you might get multiple beacons.

    Ta for the tip about pyrit kidFromBigD, I'd not noticed that one!
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  8. #8
    Good friend of the forums Eatme's Avatar
    Join Date
    Aug 2009
    Location
    Socks5
    Posts
    308

    Default

    Quote Originally Posted by kidFromBigD View Post
    By the way, if your box has a later version of pyrit installed, you can use the 'strip' option to pare down very large .cap files into just what you need for WPA. Here's a example:
    Code:
    pyrit -r LARGE_FILE_WITH_4WAY.cap -f small_file_with_4way.cap strip
    If you're running BT4Pre-Final and the repository points to the latest release of pyrit (which is 0.2.4) then you can get this feature.

    Otherwise, you can use Wireshark and save the EAPOL packets plus a single beacon frame and get the same result.

    Cheerio.
    WOW thanks. this is what I needed ! Im on BT3 tho.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •