May 27, 2017, 06:02:49 PM
Welcome, Guest. Please login or register.

"Have you tried turning it off and then on again?"

Author Topic: Can't get a handshake  (Read 5089 times)

Offline BATMAN

  • Prospect
  • *
  • Posts: 13
  • Internets: +0/-0
Can't get a handshake
« on: April 21, 2013, 01:20:30 PM »
so I guess like the rules says I should jump to the point and make this short.

I have a router that I am trying to crack it's password and I run into two issues (I know one question at a time but don't want to make another thread).

1) When I do the airodump-ng mon0 I pick up a lot of wifi signals and they second half of the list were it shows bssid and station number get pushed down and I can not seem them any more. I can't scroll down either...as in I scroll down as far as possible but the second half does not show up.


2) When I do get my station and bssid number and try to get a handshake it never shows up. I do 8 to 10 deauth attacks and still nothing. I have let it ran for a while and still came up with nothing. I googled did not come across anything that could solve my problem and I could not located anything to help me out on aircrack's website.

Any helpful tips or clues?

Thanks!

Offline TAPE

  • Top Hat Member Moderator
  • Elite
  • ********
  • Posts: 1247
  • Internets: +192/-0
Re: Can't get a handshake
« Reply #1 on: April 21, 2013, 01:29:27 PM »
Hey BATMAN, welcome to the forums.

When you use airodump, it is much better to filter the results to your test AP.

So instead of just doing a ;
Code: [Select]
airodump-ng mon0

Do a ;
Code: [Select]
airodump-ng mon0 -c CHANNEL -d YOUR_AP_BSSID

Make sure you are not too far or even too close to your test ap to be able to deauth correctly.
Take all the advice you like and then tell everyone to **** off and do your own thing -- Gitsnik

Offline D4rk-50ld13r

  • Top Hat Member
  • Elite
  • ********
  • Posts: 877
  • Internets: +189/-0
  • I will hack for beer.
    • http://www.ghostsec.org/
Re: Can't get a handshake
« Reply #2 on: April 21, 2013, 01:43:30 PM »
Hi Batman

can you plz give more info ?!

-OS
-Wifi card
-Chipset
-Distance

Can you copy and paste or give a screen shot of the terminal during the whole operation ! i need to see values , distance , chipset , ecc...
Thanks.
If you sat a monkey down in front of a keyboard, the first thing typed would be
a unix command.

Offline BATMAN

  • Prospect
  • *
  • Posts: 13
  • Internets: +0/-0
Re: Can't get a handshake
« Reply #3 on: April 21, 2013, 02:14:16 PM »
Hey BATMAN, welcome to the forums.

When you use airodump, it is much better to filter the results to your test AP.

So instead of just doing a ;
Code: [Select]
airodump-ng mon0

Do a ;
Code: [Select]
airodump-ng mon0 -c CHANNEL -d YOUR_AP_BSSID

Make sure you are not too far or even too close to your test ap to be able to deauth correctly.

Hey bud, what if I do not know my BSSID? Like doesn't it have to sniff what is around first?

Or wait, you mean to get my BSSID from the first list and use that code to get the station number, right?

Hi Batman

can you plz give more info ?!

-OS
-Wifi card
-Chipset
-Distance

Can you copy and paste or give a screen shot of the terminal during the whole operation ! i need to see values , distance , chipset , ecc...
Thanks.

Oh yes sir. Sorry I forgot to list those.


Backtrack 5 r3

alpha 36H but I also have the 36NH but not using it at this point.

RTL8187L

maybe 300 feet or so? I am really bad at guessing distances but I have either 5/5 bar or 4/5 bar. So it is a strong signal but I am not sitting like right next to it.

Running on VMware as of right now.

I just saw that last part. Right now I am on a study break so as soon as I get back on backtrack tonight I will take a screen shot and post it. Sorry I did not see that until now.

Offline n1tr0g3n

  • Super Elite
  • ******
  • Posts: 4734
  • Internets: +63/-2
  • MCSA, MCP, MCTS, DCSE, CE/H, ACSP, N+,A+, CWSP
    • n1tr0g3n Information Security Blog
Re: Can't get a handshake
« Reply #4 on: April 21, 2013, 02:17:03 PM »
Answer to question 1.)  is   reduce your font size and you'll be able to see it better and maybe copy and paste it into gedit or somewhere to get a better look at the output. That happens to me a lot on my laptop when I'm in a public place with tons of networks.


2.) make sure you are attacking a WPA network to get a handshake as it wont work on WEP. Also I have had issues trying to deauth Android phones for some reason just a heads up. Not sure whats going on with your handshake so I'll wait for your screenshots later tonight .
« Last Edit: April 21, 2013, 02:20:16 PM by n1tr0g3n »
"It's mind over matter, If you don't have a mind then it doesn't matter

Youtube  Channnel
http://www.youtube.com/user/n1tr0g3n0x1d3
Twitter  https://twitter.com/n1tr0g3n_com
http://www.n1tr0g3n.com  
http://teamctfu.weebly.com/

Offline TAPE

  • Top Hat Member Moderator
  • Elite
  • ********
  • Posts: 1247
  • Internets: +192/-0
Re: Can't get a handshake
« Reply #5 on: April 21, 2013, 02:41:41 PM »
Quote
Hey bud, what if I do not know my BSSID? Like doesn't it have to sniff what is around first?

Well, you know the essid name, you know the channel, you know the encryption..

So you can in any case filter on those ;

Code: [Select]
airodump-ng mon0 -c CHANNEL -t WPA

What many people dont realise is that in airodump you can filter and sort outputs ;
Filter on ;
- AP only
- AP & STA
- AP & STA & ACK 
- STA only
by tapping the 'a' key

Sort ;
- Sort by beacons
- Sort by packets
- Sort by packet rate
- Sort by channel
- Sort by max data rate
- Sort by encryption
- Sort by cipher
- Sort by authentication
- Sort by ESSID
- Sort by first seen
- Sort by BSSID
- Sort by power level

By tapping the 's' key

Then by tapping 'TAB' you can select an AP and move up or down the list.

With the above, you should be able to filter output and sort so that you can easily see your AP.

« Last Edit: April 21, 2013, 02:50:26 PM by TAPE »
Take all the advice you like and then tell everyone to **** off and do your own thing -- Gitsnik

mm96631

  • Guest
Re: Can't get a handshake
« Reply #6 on: April 21, 2013, 05:41:18 PM »
Quote
Hey bud, what if I do not know my BSSID? Like doesn't it have to sniff what is around first?

Well, you know the essid name, you know the channel, you know the encryption..

So you can in any case filter on those ;

Code: [Select]
airodump-ng mon0 -c CHANNEL -t WPA

What many people dont realise is that in airodump you can filter and sort outputs ;
Filter on ;
- AP only
- AP & STA
- AP & STA & ACK 
- STA only
by tapping the 'a' key

Sort ;
- Sort by beacons
- Sort by packets
- Sort by packet rate
- Sort by channel
- Sort by max data rate
- Sort by encryption
- Sort by cipher
- Sort by authentication
- Sort by ESSID
- Sort by first seen
- Sort by BSSID
- Sort by power level

By tapping the 's' key

Then by tapping 'TAB' you can select an AP and move up or down the list.

With the above, you should be able to filter output and sort so that you can easily see your AP.

NIce one Tape, I didnt even know all of that. thanks bud.

Offline BATMAN

  • Prospect
  • *
  • Posts: 13
  • Internets: +0/-0
Re: Can't get a handshake
« Reply #7 on: April 23, 2013, 11:07:30 AM »
So that night I tried  to get a screen shot but I ran into other issues and the next day was the blackout.


I went to n1tr0g3n's website (which is pretty damn awesome) and I ended up reading the wpa/wp2 crack from aircrack's site and I believe the problem is that nobody is connected to AP. So I would have to wait until someone connects to it. I googled it and apparently there might be a way to connect to a AP and then do deauth while running airodump-ng and it would have the handshake. Am I wrong?


Also N1tr0g3n I did the zooming out thing and it worked but I had to do it BEFORE the second chart went away. If it went away and then i zoomed out the second chart still didn't show it. So I had to do it before I started doing everything.



Offline BATMAN

  • Prospect
  • *
  • Posts: 13
  • Internets: +0/-0
Re: Can't get a handshake
« Reply #8 on: April 23, 2013, 11:12:11 AM »
Quote
Hey bud, what if I do not know my BSSID? Like doesn't it have to sniff what is around first?

Well, you know the essid name, you know the channel, you know the encryption..

So you can in any case filter on those ;

Code: [Select]
airodump-ng mon0 -c CHANNEL -t WPA

What many people dont realise is that in airodump you can filter and sort outputs ;
Filter on ;
- AP only
- AP & STA
- AP & STA & ACK 
- STA only
by tapping the 'a' key

Sort ;
- Sort by beacons
- Sort by packets
- Sort by packet rate
- Sort by channel
- Sort by max data rate
- Sort by encryption
- Sort by cipher
- Sort by authentication
- Sort by ESSID
- Sort by first seen
- Sort by BSSID
- Sort by power level

By tapping the 's' key

Then by tapping 'TAB' you can select an AP and move up or down the list.

With the above, you should be able to filter output and sort so that you can easily see your AP.

This is amazing!!!! Thank you for posting that. Are those listed on aircrack's site, if you don't mind me asking? Wouldn't mind studying more things like that.

Offline n1tr0g3n

  • Super Elite
  • ******
  • Posts: 4734
  • Internets: +63/-2
  • MCSA, MCP, MCTS, DCSE, CE/H, ACSP, N+,A+, CWSP
    • n1tr0g3n Information Security Blog
Re: Can't get a handshake
« Reply #9 on: April 23, 2013, 10:54:41 PM »
Yeah you would have to have a client connected to be able to deauth and grab the handshake. try connecting to the AP with another computer and then trying the handshake capture and it should work. Just remember not to deauth too many times or you wont give it time to reconnect and get the handshake. I'm glad you like my site I throw all kinds of crap up on there that I find lol


TAPE that was a good little bit of info you gave us, kind of like the aircrack-ng book of secrets   :D
"It's mind over matter, If you don't have a mind then it doesn't matter

Youtube  Channnel
http://www.youtube.com/user/n1tr0g3n0x1d3
Twitter  https://twitter.com/n1tr0g3n_com
http://www.n1tr0g3n.com  
http://teamctfu.weebly.com/

Offline BATMAN

  • Prospect
  • *
  • Posts: 13
  • Internets: +0/-0
Re: Can't get a handshake
« Reply #10 on: April 24, 2013, 03:33:00 AM »
Yeah you would have to have a client connected to be able to deauth and grab the handshake. try connecting to the AP with another computer and then trying the handshake capture and it should work. Just remember not to deauth too many times or you wont give it time to reconnect and get the handshake. I'm glad you like my site I throw all kinds of crap up on there that I find lol


TAPE that was a good little bit of info you gave us, kind of like the aircrack-ng book of secrets   :D

I saw someone telling a new-user to do the same thing but I am having trouble finding out how to do it. How would I be able to connect to the AP?

Offline Malachai

  • Top Hat Member
  • Super Elite
  • ********
  • Posts: 2800
  • Internets: +18/-7
  • #!/bin/sh Day/Night (Grey Hat)
Re: Can't get a handshake
« Reply #11 on: April 24, 2013, 10:21:18 AM »
The best way I learned when I don't see a workstation or anything I deauth the whole network. That work for me about 90% of the time.

airmon-ng -0 10 --bssid mon0

try that and see what happens. Wait about 2 mins or less you will see it come up. Some times it takes about 3 mins.
** Dont' judge me! **

*//
  Hope that Firewall works because your SCREWED  
  //*

Offline TAPE

  • Top Hat Member Moderator
  • Elite
  • ********
  • Posts: 1247
  • Internets: +192/-0
Re: Can't get a handshake
« Reply #12 on: April 24, 2013, 12:01:27 PM »
Just to be clear... you are doing this on a network you have setup as test network or what ?

If you are trying willy nilly on some network.. then you are going to get into trouble with some of these commands..
Take all the advice you like and then tell everyone to **** off and do your own thing -- Gitsnik

Offline BATMAN

  • Prospect
  • *
  • Posts: 13
  • Internets: +0/-0
Re: Can't get a handshake
« Reply #13 on: April 24, 2013, 12:47:06 PM »
Going to try that when I get home...which will probably be midnight  :'(

Just to be clear... you are doing this on a network you have setup as test network or what ?

If you are trying willy nilly on some network.. then you are going to get into trouble with some of these commands..

I'm trying these on one of my networks. My brother has two routers in his house and he said he will set them up so when I go there I can see if I can crack his. So I'm practicing for that.

So this is only being used only for educational purposes...if that is what you meant lol.

I'm a nerd so I have the fasted network around the area I am...and google will be here next year so 1gb internet. Yeah buddy!