Did you try connecting to it with another PC, and see if the handshake can be captured then?Originally Posted by jamesmetham
Can't get a handshake with WPA-PSK networks
I'm using the Edimax EW-7318 USB stick, using RT73USB drivers, included in Backtrack 4.
I can get data now, but no "4-way handshake", or so it's called with WPA/WPA2 networks.
I ran it for over 50 minutes with over 25,000 beacons, but i guess there is just no one else connecting to the Access Point, which explains it.
I made sure to use the right channel number.
Is there any possible reason why there's no handshake?
( By the way, I was using the cracking_wpa guide from aircrack-ng dot org to help me )
Did you try connecting to it with another PC, and see if the handshake can be captured then?
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
Yeah, that's what I need to try, and I'll do so when I have a spare computer. By the way, when the other person connects to it, does that PC need to know the password, or is an attempt good enough?
Apart from that, is there any other possible reason why this isn't working?
Yes, it's exactly what you suspected: No one is connecting to the AP.
The easiest thing to do is get a second laptop and have it join, and then disconnect. Rinse, repeat. You should see at least some 4-way handshakes that way.
Yes, the second PC needs to be a legitimate member of the network.
Thorn
Stop the TSA now! Boycott the airlines.
Also, one more question.
I understand the next step is to launch a dictionary brute force attack, which for WPA/2 would be any combination of the ASCII printable characters, with the number of characters ranging between 8-63 characters total.
I was wondering, 1) Presumably these are case-sensitive, and 2) Is a dictionary.lst file simply one word after another, printed one line after another, such as:
hello
goodbye
howareyou
OK, that should be about it for my questions.
Umm, yep, that's about right.
Have you considered the size of the dictionary you'd need to bruteforce WPA2?
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
1) Yes.
2) Yes. No. Maybe. Sorta, kinda. It depends on the encoding, and the CR/LF used.
Plus, if you're planning on using using rainbow tables, they must be pre-compiled.
Thorn
Stop the TSA now! Boycott the airlines.
Well, if it's 63 characters, it would be basically impossible, but I think I'm dealing with an 8-character setup, so it should be a bit easier. I think something like 300 attempts per minute are possible, so it could be painful.
What is the encoding setup I need for this to work?
Don't know what a rainbow table is or why I would need one.
It's apparent that you don't even have the slightest clue as to what you're doing, so chances are, you probably shouldn't friggen do it.
Now run along.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
You "think" it's an 8-character passphrase? If you don't know, that would imply you're committing a crime.
Thorn
Stop the TSA now! Boycott the airlines.
Posting Permissions