Results 1 to 8 of 8

Thread: WPA2 Capture Handshake - Only once?

  1. #1
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    22

    Default WPA2 Capture Handshake - Only once?

    Hey guys,

    I know this topic is discussed all the time - i've gone through many of the old threads but cant seem to come to a conclusion.

    Im running airodump and then aireplay but cant seem to get handshake. Aireplay does send the DeAuth properly.

    My first attempt to do the whole WPA2 crack I did it successfully. I captured the handshake and then cracked it - all following xploitx's tutorial. Ever since though I cant seem to get another handshake. What could have gone wrong?

    I heard range can effect it - i have tried moving a round a bit, no real success(I can pick up internet from where I sit normally so it should work).

    airodump has been running for about 7 minutes so far - hasnt picked up any client connections either...hmm?

    Oh and yes - this is my own private network I am testing it on. Running BT3 on a dell 600m. Network is WPA2.

    What could it be?

    Thanks in advance

  2. #2
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    22

    Default

    Gosh and then right when I post this I get a handshake!

    All i did was airmon-ng stop eth1, airmon-ng start eth1. Could that really have been the reason why it worked or just dumb luck?

    Also -fair warning this will prob be a noobish question- if I can capture the handshake does that mean my card has injection capabilities? I have ran aireplay-ng -9 eth1 but it does not say anything about injection.

  3. #3
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Great that you caught it on your own, it's probably just dumb luck though - waaaay back when I had no working injection I used to have to wait up to twelve hours for one, thankfully the payment for those tests bought me a card with injection.

    Pro tip: paste your aireplay-ng -9 eth1 output so we can tell you more accurately.

    In the meantime:

    Code:
    # aireplay-ng -9 ath0
    16:02:10  Trying broadcast probe requests...
    16:02:10  Injection is working!
    16:02:12  Found 1 AP
    ...
    16:02:14  30/30: 100%
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  4. #4
    Junior Member
    Join Date
    May 2009
    Posts
    61

    Default

    If you test on your network just disable enable radio on associated client and you will capture handshake.

    You lack of some basic things in aircrack-ng tools so first read things and theory behind it.

  5. #5
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    22

    Default

    Thanks for your replies. I managed to capture handshake a few more times - but it very unpredictable and often I get no luck whatsoever.

    My aireplay-ng -9 eth1 results in

    Trying to broadcast probe requests
    No Answer...
    Found 2 Ap's

    Trying directed probe requests ...and then gets 0/30 0% on each. Looks like that means I dont have injection. You say ill have more luck with a better card?

  6. #6
    Junior Member
    Join Date
    Jul 2009
    Posts
    52

    Default

    Just to prove that I can be nice... Check here for a new card.

    Wireless Cards STICKIED at the top of this NEWBIE section.
    ^^^^.............................................. .................^^^^
    found in no time searching


    Quote Originally Posted by Handsome-geek View Post
    If you test on your network just disable enable radio on associated client and you will capture handshake.

    You lack of some basic things in aircrack-ng tools so first read things and theory behind it.

    Also, I think hg here has a good point. you are lacking a basic understanding of the tools, and the protocols. Injection is not necessary for WPA handshakes.
    ^^^^......................^^^^
    found in under a minute searching


    Another thing to make sure is that you used the command
    Code:
    airmon-ng start device
    JT

    Edited out my poor choice of words. Gitsnik is correct. It helps speed up WPA, but it is not necessary. I put does not help. n00bish of me.

  7. #7
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    If you feel like hanging around with no ability to deauth, be my guest. I, on the other hand, will enjoy my injection capabilities that net me my handshake from active clients on a network.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  8. #8
    Junior Member
    Join Date
    May 2009
    Posts
    61

    Default

    Thats true but he can disable enable radio and he will get handshake and he can make in kate txt file with 4 words and one of them can be his key and he will crack key under second.

    I dont know why people so complicate when its about cracking wpa there is no much wisdom. If you control lab you can crack your key in 3 minutes.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •