Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Can't get a handshake with WPA-PSK networks

  1. #1
    Just burned his ISO
    Join Date
    Dec 2009
    Posts
    13

    Default Can't get a handshake with WPA-PSK networks

    I'm using the Edimax EW-7318 USB stick, using RT73USB drivers, included in Backtrack 4.

    I can get data now, but no "4-way handshake", or so it's called with WPA/WPA2 networks.

    I ran it for over 50 minutes with over 25,000 beacons, but i guess there is just no one else connecting to the Access Point, which explains it.

    I made sure to use the right channel number.

    Is there any possible reason why there's no handshake?

    ( By the way, I was using the cracking_wpa guide from aircrack-ng dot org to help me )

  2. #2
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by jamesmetham View Post
    I'm using the Edimax EW-7318 USB stick, using RT73USB drivers, included in Backtrack 4.

    I can get data now, but no "4-way handshake", or so it's called with WPA/WPA2 networks.

    I ran it for over 50 minutes with over 25,000 beacons, but i guess there is just no one else connecting to the Access Point, which explains it.

    I made sure to use the right channel number.

    Is there any possible reason why there's no handshake?
    Did you try connecting to it with another PC, and see if the handshake can be captured then?
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #3
    Just burned his ISO
    Join Date
    Dec 2009
    Posts
    13

    Default

    Quote Originally Posted by streaker69 View Post
    Did you try connecting to it with another PC, and see if the handshake can be captured then?
    Yeah, that's what I need to try, and I'll do so when I have a spare computer. By the way, when the other person connects to it, does that PC need to know the password, or is an attempt good enough?

    Apart from that, is there any other possible reason why this isn't working?

  4. #4
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by jamesmetham View Post
    I'm using the Edimax EW-7318 USB stick, using RT73USB drivers, included in Backtrack 4.

    I can get data now, but no "4-way handshake", or so it's called with WPA/WPA2 networks.

    I ran it for over 50 minutes with over 25,000 beacons, but i guess there is just no one else connecting to the Access Point, which explains it.

    I made sure to use the right channel number.

    Is there any possible reason why there's no handshake?
    Yes, it's exactly what you suspected: No one is connecting to the AP.

    The easiest thing to do is get a second laptop and have it join, and then disconnect. Rinse, repeat. You should see at least some 4-way handshakes that way.

    Quote Originally Posted by jamesmetham View Post
    Yeah, that's what I need to try, and I'll do so when I have a spare computer. By the way, when the other person connects to it, does that PC need to know the password, or is an attempt good enough?

    Apart from that, is there any other possible reason why this isn't working?
    Yes, the second PC needs to be a legitimate member of the network.
    Thorn
    Stop the TSA now! Boycott the airlines.

  5. #5
    Just burned his ISO
    Join Date
    Dec 2009
    Posts
    13

    Default

    Also, one more question.

    I understand the next step is to launch a dictionary brute force attack, which for WPA/2 would be any combination of the ASCII printable characters, with the number of characters ranging between 8-63 characters total.

    I was wondering, 1) Presumably these are case-sensitive, and 2) Is a dictionary.lst file simply one word after another, printed one line after another, such as:

    hello
    goodbye
    howareyou

    OK, that should be about it for my questions.

  6. #6
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by jamesmetham View Post
    Also, one more question.

    I understand the next step is to launch a dictionary brute force attack, which for WPA/2 would be any combination of the ASCII printable characters, with the number of characters ranging between 8-63 characters total.

    I was wondering, 1) Presumably these are case-sensitive, and 2) Is a dictionary.lst file simply one word after another, printed one line after another, such as:

    hello
    goodbye
    howareyou

    OK, that should be about it for my questions.
    Umm, yep, that's about right.

    Have you considered the size of the dictionary you'd need to bruteforce WPA2?
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  7. #7
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by jamesmetham View Post
    Also, one more question.

    I understand the next step is to launch a dictionary brute force attack, which for WPA/2 would be any combination of the ASCII printable characters, with the number of characters ranging between 8-63 characters total.

    I was wondering, 1) Presumably these are case-sensitive, and 2) Is a dictionary.lst file simply one word after another, printed one line after another, such as:

    hello
    goodbye
    howareyou

    OK, that should be about it for my questions.
    1) Yes.
    2) Yes. No. Maybe. Sorta, kinda. It depends on the encoding, and the CR/LF used.

    Plus, if you're planning on using using rainbow tables, they must be pre-compiled.
    Thorn
    Stop the TSA now! Boycott the airlines.

  8. #8
    Just burned his ISO
    Join Date
    Dec 2009
    Posts
    13

    Default

    Quote Originally Posted by streaker69 View Post
    Umm, yep, that's about right.

    Have you considered the size of the dictionary you'd need to bruteforce WPA2?
    Well, if it's 63 characters, it would be basically impossible, but I think I'm dealing with an 8-character setup, so it should be a bit easier. I think something like 300 attempts per minute are possible, so it could be painful.

    Quote Originally Posted by Thorn View Post
    1) Yes.
    2) Yes. No. Maybe. Sorta, kinda. It depends on the encoding, and the CR/LF used.
    What is the encoding setup I need for this to work?

    Quote Originally Posted by Thorn View Post
    Plus, if you're planning on using using rainbow tables, they must be pre-compiled.
    Don't know what a rainbow table is or why I would need one.

  9. #9
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by jamesmetham View Post
    What is the encoding setup I need for this to work?



    Don't know what a rainbow table is or why I would need one.
    It's apparent that you don't even have the slightest clue as to what you're doing, so chances are, you probably shouldn't friggen do it.

    Now run along.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  10. #10
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by jamesmetham View Post
    Well, if it's 63 characters, it would be basically impossible, but I think I'm dealing with an 8-character setup, so it should be a bit easier. I think something like 300 attempts per minute are possible, so it could be painful.
    You "think" it's an 8-character passphrase? If you don't know, that would imply you're committing a crime.
    Thorn
    Stop the TSA now! Boycott the airlines.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •