Jump to content

qriocity

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

qriocity's Achievements

Newbie

Newbie (1/14)

  1. qriocity
    To give some background I have successfully crack WEP Open, WPA, and WPS but I seem to be a noob when it comes to WEP SKA. The problem I am encountering is when I capture the auth packet. In airpodump-ng once the client authenticates I receive: Broken SKA instead of handshake Captured. I looked it up some and it said to prevent broken ska packages to spoof the client mac address. I have done that and am still receiving broken ska. I'm including output from airodump-ng and ifconfig. airodump-ng -c 1 --bssid 00:21:2F:39:C4:0C -w keyfile mon0: <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE detection-run SYSTEM "http://kismetwireless.net/kismet-3.1.0.dtd"> <detection-run kismet-version="airodump-ng-1.0" start-time="Sun Apr 1 18:48:38 2012"> <wireless-network number="1" type="infrastructure" first-time="Sun Apr 1 18:48:38 2012" last-time="Sun Apr 1 18:53:17 2012"> <SSID first-time="Sun Apr 1 18:48:38 2012" last-time="Sun Apr 1 18:53:17 2012"> <type>Beacon</type> <max-rate>54.000000</max-rate> <packets>2498</packets> <beaconrate>10</beaconrate> <encryption>WEP </encryption> <essid cloaked="false">airlink101</essid> </SSID> <BSSID>00:21:2F:39:C4:0C</BSSID> <manuf>Phoebe Micro Inc.</manuf> <channel>1</channel> <freqmhz>2412 6034</freqmhz> <maxseenrate>54000</maxseenrate> <packets> <LLC>2498</LLC> <data>760</data> <crypt>0</crypt> <total>6034</total> <fragments>0</fragments> <retries>0</retries> </packets> <datasize>0</datasize> <wireless-client number="1" type="established" first-time="Sun Apr 1 18:48:42 2012" last-time="Sun Apr 1 18:53:11 2012"> <client-mac>E0:B9:BA:5B:44:E0</client-mac> <client-manuf>Apple, Inc.</client-manuf> <channel>1</channel> <maxseenrate>54.000000</maxseenrate> <packets> <LLC>0</LLC> <data>0</data> <crypt>0</crypt> <total>821</total> <fragments>0</fragments> <retries>0</retries> </packets> <snr-info> <last_signal_dbm>-23</last_signal_dbm> <last_noise_dbm>0</last_noise_dbm> <last_signal_rssi>-23</last_signal_rssi> <last_noise_rssi>0</last_noise_rssi> <min_signal_dbm>-23</min_signal_dbm> <min_noise_dbm>0</min_noise_dbm> <min_signal_rssi>1024</min_signal_rssi> <min_noise_rssi>1024</min_noise_rssi> <max_signal_dbm>-23</max_signal_dbm> <max_noise_dbm>0</max_noise_dbm> <max_signal_rssi>-23</max_signal_rssi> <max_noise_rssi>0</max_noise_rssi> </snr-info> <cdp-device></cdp-device> <cdp-portid></cdp-portid> </wireless-client> <snr-info> <last_signal_dbm>-3</last_signal_dbm> <last_noise_dbm>0</last_noise_dbm> <last_signal_rssi>-3</last_signal_rssi> <last_noise_rssi>0</last_noise_rssi> <min_signal_dbm>-3</min_signal_dbm> <min_noise_dbm>0</min_noise_dbm> <min_signal_rssi>1024</min_signal_rssi> <min_noise_rssi>1024</min_noise_rssi> <max_signal_dbm>-3</max_signal_dbm> <max_noise_dbm>0</max_noise_dbm> <max_signal_rssi>-3</max_signal_rssi> <max_noise_rssi>0</max_noise_rssi> </snr-info> <bsstimestamp>0</bsstimestamp> <cdp-device></cdp-device> <cdp-portid></cdp-portid> </wireless-network> </detection-run> ifconfig mon0: mon0 Link encap:UNSPEC HWaddr E0-B9-BA-5B-44-E0-00-00-00-00-00-00-00-00-00-00 UP BROADCAST NOTRAILERS RUNNING PROMISC ALLMULTI MTU:1500 Metric:1 RX packets:294562 errors:0 dropped:23075 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:18673664 (18.6 MB) TX bytes:0 (0.0 B) Any help would be greatly appreciated! Thanks PS One thing I have just noticed is that I neglected to run the arp replay attack before de-authing the client. Would not performing the arp replay first affect my ability to capture the handshake? Any input is greatly appreciated!
×
×
  • Create New...