Getting Handshake WPA ?

**Eatme** · 08-26-2009, 04:06 PM

I was wondering, how much DATA or Packets must be captured in order to receive a successful handshake (crackable).

Im asking cuz im trying to keep a minimum file size.

**Handsome-geek** · 08-26-2009, 04:21 PM

Read theory before you ask.

You dont need any data you dont crack wep key so ivs are useless. You must capture packet which has 4-way handshake and then try get key form handshake with dictionary attack.

when client is is associating with ap then is your chance to get handshake so deauthentcion attack is there to make process faster by disconneting a clinet and force him to connect again.

In future read more before you ask because you ask basics which you can read anywhere.

Google: how to crack wpa key or better wpa wiki and wep wiki to see which key is made of what.

**Eatme** · 08-26-2009, 04:26 PM

thanks.

but i wasn't asking how to crack WPA or WEP. Cuz i already know how. I was asking something totally different from what you posted.

Your very first sentence answered my question, all the other things you mentioned were useless btw.

**mixit** · 08-26-2009, 04:27 PM

Capturing a handshake does not require a certain amount of data. You are actually trying to capture the 4-way handshake between the AP and client, which occurs only when the client initially connects to the AP.

If there is a client on the network, you can force a deauthentication and when they reconnect to the AP, you can capture the 4-way handshake. To do this, look into the aireplay-ng -0 attack.

This is not like WEP where you collect a certain amount of data and then can crack the password. You essentially capture the hashed network key and then try to crack that. Once you have the hashed network key, you can run a dictionary attack on it, but there is no guarantee of success like with WEP.

Someone might reply to this saying that you CAN guarantee success with a brute force attack on it, but to do so would take a ridiculously long period of time with current technology.

Read about WPA to understand more of the basic concepts is what I'm trying to tell you in all of this.

EDIT: I took so long typing this someone already answered your questions lol, sorry.

**Handsome-geek** · 08-26-2009, 04:50 PM

Originally Posted by Eatme

thanks.

but i wasn't asking how to crack WPA or WEP. Cuz i already know how. I was asking something totally different from what you posted.

Your very first sentence answered my question, all the other things you mentioned were useless btw.

Read theory before you ask i think that this gave you answer. Sorry i dont want to be rude but you are member which show that you have some expirience on this forum so how you didnt see this before.

If you arent sure that your handshake is crackable then put your cap file in wireshark and filter eapol to see has your packet 4-way handshake.

**kidFromBigD** · 08-26-2009, 06:10 PM

Originally Posted by Handsome-geek

...<edit>...

If you arent sure that your handshake is crackable then put your cap file in wireshark and filter eapol to see has your packet 4-way handshake.

By the way, if your box has a later version of pyrit installed, you can use the 'strip' option to pare down very large .cap files into just what you need for WPA. Here's a example:

Code:

pyrit -r LARGE_FILE_WITH_4WAY.cap -f small_file_with_4way.cap strip

If you're running BT4Pre-Final and the repository points to the latest release of pyrit (which is 0.2.4) then you can get this feature.

Otherwise, you can use Wireshark and save the EAPOL packets plus a single beacon frame and get the same result.

Cheerio.

**Gitsnik** · 08-27-2009, 12:51 AM

Originally Posted by kidFromBigD

Otherwise, you can use Wireshark and save the EAPOL packets plus a single beacon frame and get the same result.

Like so:

Code:

tshark -r file.cap -R "eapol || wlan_mgt.fixed.beacon" -w outfile.cap

That doesn't make it as neatly as via wireshark itself because you might get multiple beacons.

Ta for the tip about pyrit kidFromBigD, I'd not noticed that one!

**Eatme** · 08-27-2009, 08:47 AM

Originally Posted by kidFromBigD

By the way, if your box has a later version of pyrit installed, you can use the 'strip' option to pare down very large .cap files into just what you need for WPA. Here's a example:

Code:

pyrit -r LARGE_FILE_WITH_4WAY.cap -f small_file_with_4way.cap strip

If you're running BT4Pre-Final and the repository points to the latest release of pyrit (which is 0.2.4) then you can get this feature.

Otherwise, you can use Wireshark and save the EAPOL packets plus a single beacon frame and get the same result.

Cheerio.

WOW thanks. this is what I needed ! Im on BT3 tho.

BackTrack Linux - Penetration Testing Distribution

Thread: Getting Handshake WPA ?

Thread Tools

Search Thread

Display

Getting Handshake WPA ?

Posting Permissions