Kali Linux VM 1.0.9 and USB AWUS036H can't capture handshake

[mellerbeck]

I'm a newby and trying to get this to work

So, have VMware player, and Kali-Linux-1.0.9. VM
Changed advanced settings for USB to 2.0. Connected Realtek RTL8187_Wireless to VM

And then run wifite, I wait for my laptop to show as a client
I choose the access point that it is associated with

It starts listening for handshakes, issuing deauthentication etc...

I'm running a continuous ping on the laptop, sometimes for a wifite session I will see nothing happen on the client? I will restart the VM, unplug replug the Alfa card and then run wifite again

This time I will see that for every deauthentication attempt a packet will drop and it looks like it is working? But it still has never captured a handshake.

If I manually disconnect and reconnect the laptop to the access point, it will almost immediately grab the handshake.

Any thoughts? Am I holding it wrong?

I've been mainly following this tutorial, http://resources.infosecinstitute.co...hrough-part-1/ with much googling on the side.

[mellerbeck]

As far as I can tell it seems to match almost exactly what is here https://forums.kali.org/showthread.p...8187L-rtl8187)
One difference so far is [ 165.992782] usb 1-1: Product: RTL8187_Wireless versus [ 1.833214] usb 1-1: Product: RTL8187_Wireless_LAN_Adapter
Another is usbcore 142158 5 uhci_hcd,rtl8187,ehci_hcd,ehci_pci,usbhid versus usbcore 109555 5 btusb,uhci_hcd,rtl8187,ehci_hcd,usbhid

iwconfig

Code:

 iwconfig
wlan0     IEEE 802.11bg  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          
lo        no wireless extensions.

eth0      no wireless extensions.

lsusb

Code:

Bus 001 Device 002: ID 0bda:8187 Realtek Semiconductor Corp. RTL8187 Wireless Adapter
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 003: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
Bus 002 Device 002: ID 0e0f:0003 VMware, Inc. Virtual Mouse
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

dmesg | grep 8187

Code:

[  165.992773] usb 1-1: New USB device found, idVendor=0bda, idProduct=8187
[  165.992782] usb 1-1: Product: RTL8187_Wireless
[  165.992784] usb 1-1: Manufacturer: Manufacturer_Realtek_RTL8187_
[  168.481097] ieee80211 phy0: hwaddr 00:c0:ca:81:ab:47, RTL8187vB (default) V1 + rtl8225z2, rfkill mask 2
[  168.652812] rtl8187: Customer ID is 0xFF
[  168.661786] rtl8187: wireless switch is on
[  168.664211] usbcore: registered new interface driver rtl8187

lsmod | grep -i rtl8187

Code:

rtl8187                59103  0 
eeprom_93cx6           12561  1 rtl8187
mac80211              427800  1 rtl8187
cfg80211              369089  2 mac80211,rtl8187
usbcore               142158  5 uhci_hcd,rtl8187,ehci_hcd,ehci_pci,usbhid

airmon-ng

Code:

Interface	Chipset		Driver

wlan0		Realtek RTL8187L	rtl8187 - [phy0]

iwlist wlan0 frequency

Code:

wlan0     14 channels in total; available frequencies :
          Channel 01 : 2.412 GHz
          Channel 02 : 2.417 GHz
          Channel 03 : 2.422 GHz
          Channel 04 : 2.427 GHz
          Channel 05 : 2.432 GHz
          Channel 06 : 2.437 GHz
          Channel 07 : 2.442 GHz
          Channel 08 : 2.447 GHz
          Channel 09 : 2.452 GHz
          Channel 10 : 2.457 GHz
          Channel 11 : 2.462 GHz
          Channel 12 : 2.467 GHz
          Channel 13 : 2.472 GHz
          Channel 14 : 2.484 GHz

airmon-ng start wlan0 6

Code:

Found 3 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
-e 
PID	Name
2978	dhclient
3028	NetworkManager
3968	wpa_supplicant


Interface	Chipset		Driver

wlan0		Realtek RTL8187L	rtl8187 - [phy0]
				(monitor mode enabled on mon0)

aireplay-ng --test -e MIFI-LIBERATE-5CKJ mon0

Code:

10:13:52  Waiting for beacon frame (ESSID: MIFI-LIBERATE-5CKJ) on channel -1
10:13:52  Couldn't determine current channel for mon0, you should either force the operation with --ignore-negative-one or apply a kernel patch
Please specify a BSSID (-a).

hmm I wonder if this last part is the problem

[mellerbeck]

From http://forum.backbox.org/software-su...-negative-one/

I've encountered this error in the past many times. I own four different Alfa wireless NICs, and to get around this problem all I have to do is:

service network-manager stop
airmon-ng check kill && airmon-ng start wlan0
ifconfig wlan0 down
airodump-ng -f 1000 mon0 (as an example)

I usually double check wpa_supplicant is not running as it does seem to affect monitor mode.

killall wpa_supplicant

You're monitor interface (eg mon0) will still be available even after putting your primary wireless interface (eg wlan0) down. This fixes the -1 channel issue for me without patching any drivers.

[i6l6l6u]

Do you solve the Problem, can't capture handshake. Kali 1.1 same 4 me. airodump stuck in chanel -1

[soxrok2212]

Code:

10:13:52  Waiting for beacon frame (ESSID: MIFI-LIBERATE-5CKJ) on channel -1
10:13:52  Couldn't determine current channel for mon0, you should either force the operation with --ignore-negative-one or apply a kernel patch
Please specify a BSSID (-a).

hmm I wonder if this last part is the problem

There is a bug in recent versions of Kali... try this instead:

Code:

aireplay-ng mon0 -0 3 -a xx:xx:xx:xx:xx:xx --ig

or if you want to attack a specific client on the network:

Code:

aireplay-ng mon0 -0 3 -a xx:xx:xx:xx:xx:xx -c yy:yy:yy:yy:yy:yy --ig

xx:xx... is the bssid of the access point and yy:yy... is the bssid of the client. --ig just means to ignore the channel -1 error which is causing your problems.

You can also run:

Code:

airmon-ng check kill

before you plug in your adapter. This will stop networking mode so there should no longer be a channel -1 error. Good luck and be safe! Don't attack someone else's stuff!

[lillypad]

Hello,

I see it's showing chanel -1

Try your arodump-ng command with the --ignore-negative-one flag and you should be able to get a handshake

Also virtual machines with usb devices can be problematic for usb bus drop-out

Let us know how that works

[jeckodani@gmail.com]

Hi. I try VM virtualbox, kali linux, TP-LINK TL-WN722.
I use a command airodump-ng mon0. Its show the wifi clients. But if i try get the SESSION, and HANDSHAKE, not show nothing.
Counted up only Beacons (5000, ano more), and elapsed time is 10min, and more....
why???