Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: WPA no handshake! Help please!

  1. #1
    Junior Member
    Join Date
    Apr 2010
    Posts
    58

    Exclamation WPA no handshake! Help please!

    I have been following g0tm1lk's video on how to crack WPA, but I never get a handshake. Please tell me if I am doing something wrong. Here is what I typed:

    airmon-ng start wlan0
    airodump-ng -bssid (bssid here) -c 11 -w output mon0
    aireplay-ng --deauth 10 -a (bssid here) -c (client MAC here) mon0

    After this, I wait for a handshake, and I never get one. Am I doing something wrong?

  2. #2
    Member
    Join Date
    Feb 2010
    Location
    Root
    Posts
    121

    Default Re: WPA no handshake! Help please!

    Are there any other clients on besides you?

  3. #3
    Junior Member creepykrawler's Avatar
    Join Date
    Jan 2010
    Location
    USA
    Posts
    56

    Default Re: WPA no handshake! Help please!

    Are you sure your card can inject? U can run an aireplay-ng test to check.
    "Failing to plan is planning to fail"

  4. #4
    Junior Member
    Join Date
    Apr 2010
    Posts
    58

    Default

    Yes, it can inject. When using airodump-ng on my network, it doesn't capture the handshake. It captures it very quickly if I connect to my network using the same laptop.

    By the way, I have a desktop connected to my wireless router and I have the laptop which is not connected to the network, but has been running airodump-ng for over 2 hours now without capturing the handshake. What do I do?

    Thanks for your response.

    Quote Originally Posted by Ghost40 View Post
    Are there any other clients on besides you?
    Nope. Anyone know what I should do?

    I tested to see if injection works, and it works perfectly. (I tested it)
    Last edited by Archangel-Amael; 04-06-2010 at 08:53 AM.

  5. #5
    Senior Member hypervista's Avatar
    Join Date
    Feb 2010
    Posts
    121

    Default Re: WPA no handshake! Help please!

    Originally Posted by Ghost40
    Are there any other clients on besides you?
    Quote Originally Posted by yomama
    Nope. Anyone know what I should do?
    Yes, do a little research. Archangel's most excellent reading list

    Grab a second computer and associate it with the target AP by connecting to the AP. Use airodump or kismet, or whatever to discover the client MAC and use that in the deauthentication argument.

    Hmmm... curious, if there were no clients associated, which MAC did you use in:??
    Quote Originally Posted by yomama
    aireplay-ng --deauth 10 -a (bssid here) -c (client MAC here) mon0
    Last edited by hypervista; 04-06-2010 at 11:45 AM.

  6. #6
    Junior Member
    Join Date
    Apr 2010
    Posts
    58

    Default Re: WPA no handshake! Help please!

    Quote Originally Posted by hypervista View Post
    Yes, do a little research. Archangel's most excellent reading list

    Grab a second computer and associate it with the target AP by connecting to the AP. Use airodump or kismet, or whatever to discover the client MAC and use that in the deauthentication argument.

    Hmmm... curious, if there were no clients associated, which MAC did you use in:??
    when i ran airodump-ng --channel 11 --bssid (my MAC here) mon0 at the bottom, there was a station MAC next to my MAC. I actually have been reading a LOT. But thanks for giving me a link so I can read some more

    so if you have a desktop connected to the internet with an ethernet cable, and you have a laptop running airodump-ng and it's not connected to the network, there should be no way to capture a handshake unless some other computer connects to my network wirelessly while i'm running airodump-ng?

  7. #7
    Senior Member hypervista's Avatar
    Join Date
    Feb 2010
    Posts
    121

    Default Re: WPA no handshake! Help please!

    Quote Originally Posted by yomama
    so if you have a desktop connected to the internet with an ethernet cable, and you have a laptop running airodump-ng and it's not connected to the network, there should be no way to capture a handshake unless some other computer connects to my network wirelessly while i'm running airodump-ng?
    Yes! aireplay-ng deauthentcation packets are sent directly from your card to the victim client's card, so the client you are deauthenticating must be connected/associated wirelessly.

    Quote Originally Posted by yomama
    when i ran airodump-ng --channel 11 --bssid (my MAC here) mon0 at the bottom, there was a station MAC next to my MAC.
    Make sure you understand the "station" MAC address listings and how to tell which one is the client.... In your earlier response you indicated there were no clients assocated, so I was curious about the MAC address you used in your deauthentication attack.

    Have you seen this "How-To" video from g0tmilk? found elsewhere on this site?

  8. #8
    Junior Member
    Join Date
    Apr 2010
    Posts
    58

    Default Re: WPA no handshake! Help please!

    Quote Originally Posted by hypervista View Post
    Yes! aireplay-ng deauthentcation packets are sent directly from your card to the victim client's card, so the client you are deauthenticating must be connected/associated wirelessly.



    Make sure you understand the "station" MAC address listings and how to tell which one is the client.... In your earlier response you indicated there were no clients assocated, so I was curious about the MAC address you used in your deauthentication attack.

    Have you seen this "How-To" video from g0tmilk? found elsewhere on this site?
    Actually, I didn't watch this one. I saw the other one by g0tm1lk, though.

    Just to be clear: If a computer is connected through a wired connection to the router and I'm running airodump-ng from a laptop that isn't connected to this network, I will NEVER get a handshake? Thanks

    And thanks a lot! I didn't expect to get as much help as I did.

  9. #9
    Senior Member hypervista's Avatar
    Join Date
    Feb 2010
    Posts
    121

    Default Re: WPA no handshake! Help please!

    Quote Originally Posted by yomama
    Just to be clear: If a computer is connected through a wired connection to the router and I'm running airodump-ng from a laptop that isn't connected to this network, I will NEVER get a handshake?
    "NEVER" is a strong term. You will eventually get a handshake if/when a wireless client associates. In the sceanio where you have a wired client, the WPA authentication handshake takes place over the wire and is not transmitted via the wireless radio for you to intercept and capture. You can imagine you may be waiting a very long time for a wireless client to associate and therefore deauthentication of a wired connected client will increase your chances of capturing the WPA handshake quickly. Otherwise fire up airodump and go get some coffee, lunch, take a nap, ..... and wait.....

    Put on your thinking cap for a moment ..... how can your wireless card (basically a radio) hear a signial from the disassociated client if that client is reassociating with the Access Point over a wire and is not transmitting the reassociation handshake dance?.....

    Quote Originally Posted by aircrack documentation
    The deauthentication packets are sent directly from your PC to the clients. So you must be physically close enough to the clients for your wireless card transmissions to reach them.
    Quote Originally Posted by aircrack documentation
    You need enough transmit power for the packets to reach and be heard by the clients.
    Quote Originally Posted by aircrack documentation
    Wireless cards work in particular modes such b, g, n and so on. If your card is in a different mode then (sic) the client card there is good chance that the client will not be able to correctly receive your transmission.
    Fake authentication doesn't apply to WPA protected access points so you have to identify a wireless client on that AP, deauthenticate him and capture the WPA handshake when he reassociates. The deauthentication attack also sends deauthentication packets to the AP and while you may be able to disassociate the client if he is wired, you won't capture the reassociate handshake because that will transpire over the wire, not over the air.
    Last edited by hypervista; 04-07-2010 at 11:38 AM.

  10. #10
    Junior Member
    Join Date
    Apr 2010
    Posts
    58

    Default Re: WPA no handshake! Help please!

    Quote Originally Posted by hypervista View Post
    "NEVER" is a strong term. You will eventually get a handshake if/when a wireless client associates. In the sceanio where you have a wired client, the WPA authentication handshake takes place over the wire and is not transmitted via the wireless radio for you to intercept and capture. You can imagine you may be waiting a very long time for a wireless client to associate and therefore deauthentication of a wired connected client will increase your chances of capturing the WPA handshake quickly. Otherwise fire up airodump and go get some coffee, lunch, take a nap, ..... and wait.....

    Put on your thinking cap for a moment ..... how can your wireless card (basically a radio) hear a signial from the disassociated client if that client is reassociating with the Access Point over a wire and is not transmitting the reassociation handshake dance?.....







    Fake authentication doesn't apply to WPA protected access points so you have to identify a wireless client on that AP, deauthenticate him and capture the WPA handshake when he reassociates. The deauthentication attack also sends deauthentication packets to the AP and while you may be able to disassociate the client if he is wired, you won't capture the reassociate handshake because that will transpire over the wire, not over the air.
    So long story short, you cannot capture a handshake from a client that is wired, but it is possible to deauthenticate them. But even if you do deauthenticate them, it's pointless because you wont be able to capture the handshake when the client reassociates because that doesn't happen wirelessly on a wired connection. Is this correct?

Page 1 of 2 12 LastLast

Similar Threads

  1. WPA handshake issue?
    By brawngp in forum Beginners Forum
    Replies: 4
    Last Post: 03-01-2010, 06:17 AM
  2. About BT4 Aircrack-ng no handshake FIX
    By Swisher in forum Beginners Forum
    Replies: 2
    Last Post: 02-25-2010, 08:12 PM
  3. WPA Handshake Question
    By mannigill1 in forum Beginners Forum
    Replies: 0
    Last Post: 02-20-2010, 09:03 AM
  4. is this a valid handshake?
    By rocco in forum Beginners Forum
    Replies: 4
    Last Post: 02-18-2010, 08:49 PM
  5. Cant get a handshake for WPA
    By Aleksejlev in forum Beginners Forum
    Replies: 13
    Last Post: 01-16-2010, 09:01 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •