Results 1 to 7 of 7

Thread: Kali Linux VM 1.0.9 and USB AWUS036H can't capture handshake

  1. #1
    Join Date
    2015-Jan
    Posts
    3

    Kali Linux VM 1.0.9 and USB AWUS036H can't capture handshake

    I'm a newby and trying to get this to work

    So, have VMware player, and Kali-Linux-1.0.9. VM
    Changed advanced settings for USB to 2.0. Connected Realtek RTL8187_Wireless to VM

    And then run wifite, I wait for my laptop to show as a client
    I choose the access point that it is associated with

    It starts listening for handshakes, issuing deauthentication etc...

    I'm running a continuous ping on the laptop, sometimes for a wifite session I will see nothing happen on the client? I will restart the VM, unplug replug the Alfa card and then run wifite again

    This time I will see that for every deauthentication attempt a packet will drop and it looks like it is working? But it still has never captured a handshake.

    If I manually disconnect and reconnect the laptop to the access point, it will almost immediately grab the handshake.

    Any thoughts? Am I holding it wrong?

    I've been mainly following this tutorial, http://resources.infosecinstitute.co...hrough-part-1/ with much googling on the side.

  2. #2
    Join Date
    2015-Jan
    Posts
    3

    More info

    As far as I can tell it seems to match almost exactly what is here https://forums.kali.org/showthread.p...8187L-rtl8187)
    One difference so far is [ 165.992782] usb 1-1: Product: RTL8187_Wireless versus [ 1.833214] usb 1-1: Product: RTL8187_Wireless_LAN_Adapter
    Another is usbcore 142158 5 uhci_hcd,rtl8187,ehci_hcd,ehci_pci,usbhid versus usbcore 109555 5 btusb,uhci_hcd,rtl8187,ehci_hcd,usbhid

    iwconfig

    Code:
     iwconfig
    wlan0     IEEE 802.11bg  ESSID:off/any  
              Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
              Retry short limit:7   RTS thr:off   Fragment thr:off
              Encryption key:off
              Power Management:off
              
    lo        no wireless extensions.
    
    eth0      no wireless extensions.
    lsusb

    Code:
    Bus 001 Device 002: ID 0bda:8187 Realtek Semiconductor Corp. RTL8187 Wireless Adapter
    Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
    Bus 002 Device 003: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
    Bus 002 Device 002: ID 0e0f:0003 VMware, Inc. Virtual Mouse
    Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
    dmesg | grep 8187
    Code:
    [  165.992773] usb 1-1: New USB device found, idVendor=0bda, idProduct=8187
    [  165.992782] usb 1-1: Product: RTL8187_Wireless
    [  165.992784] usb 1-1: Manufacturer: Manufacturer_Realtek_RTL8187_
    [  168.481097] ieee80211 phy0: hwaddr 00:c0:ca:81:ab:47, RTL8187vB (default) V1 + rtl8225z2, rfkill mask 2
    [  168.652812] rtl8187: Customer ID is 0xFF
    [  168.661786] rtl8187: wireless switch is on
    [  168.664211] usbcore: registered new interface driver rtl8187

    lsmod | grep -i rtl8187
    Code:
    rtl8187                59103  0 
    eeprom_93cx6           12561  1 rtl8187
    mac80211              427800  1 rtl8187
    cfg80211              369089  2 mac80211,rtl8187
    usbcore               142158  5 uhci_hcd,rtl8187,ehci_hcd,ehci_pci,usbhid
    airmon-ng

    Code:
    Interface	Chipset		Driver
    
    wlan0		Realtek RTL8187L	rtl8187 - [phy0]
    iwlist wlan0 frequency
    Code:
    wlan0     14 channels in total; available frequencies :
              Channel 01 : 2.412 GHz
              Channel 02 : 2.417 GHz
              Channel 03 : 2.422 GHz
              Channel 04 : 2.427 GHz
              Channel 05 : 2.432 GHz
              Channel 06 : 2.437 GHz
              Channel 07 : 2.442 GHz
              Channel 08 : 2.447 GHz
              Channel 09 : 2.452 GHz
              Channel 10 : 2.457 GHz
              Channel 11 : 2.462 GHz
              Channel 12 : 2.467 GHz
              Channel 13 : 2.472 GHz
              Channel 14 : 2.484 GHz
    airmon-ng start wlan0 6

    Code:
    Found 3 processes that could cause trouble.
    If airodump-ng, aireplay-ng or airtun-ng stops working after
    a short period of time, you may want to kill (some of) them!
    -e 
    PID	Name
    2978	dhclient
    3028	NetworkManager
    3968	wpa_supplicant
    
    
    Interface	Chipset		Driver
    
    wlan0		Realtek RTL8187L	rtl8187 - [phy0]
    				(monitor mode enabled on mon0)
    aireplay-ng --test -e MIFI-LIBERATE-5CKJ mon0
    Code:
    10:13:52  Waiting for beacon frame (ESSID: MIFI-LIBERATE-5CKJ) on channel -1
    10:13:52  Couldn't determine current channel for mon0, you should either force the operation with --ignore-negative-one or apply a kernel patch
    Please specify a BSSID (-a).
    hmm I wonder if this last part is the problem

  3. #3
    Join Date
    2015-Jan
    Posts
    3

    Solution

    From http://forum.backbox.org/software-su...-negative-one/

    I've encountered this error in the past many times. I own four different Alfa wireless NICs, and to get around this problem all I have to do is:

    service network-manager stop
    airmon-ng check kill && airmon-ng start wlan0
    ifconfig wlan0 down
    airodump-ng -f 1000 mon0 (as an example)

    I usually double check wpa_supplicant is not running as it does seem to affect monitor mode.

    killall wpa_supplicant

    You're monitor interface (eg mon0) will still be available even after putting your primary wireless interface (eg wlan0) down. This fixes the -1 channel issue for me without patching any drivers.

  4. #4
    Join Date
    2014-Feb
    Posts
    14
    Do you solve the Problem, can't capture handshake. Kali 1.1 same 4 me. airodump stuck in chanel -1

  5. #5
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Code:
    10:13:52  Waiting for beacon frame (ESSID: MIFI-LIBERATE-5CKJ) on channel -1
    10:13:52  Couldn't determine current channel for mon0, you should either force the operation with --ignore-negative-one or apply a kernel patch
    Please specify a BSSID (-a).
    hmm I wonder if this last part is the problem
    There is a bug in recent versions of Kali... try this instead:

    Code:
    aireplay-ng mon0 -0 3 -a xx:xx:xx:xx:xx:xx --ig
    or if you want to attack a specific client on the network:

    Code:
    aireplay-ng mon0 -0 3 -a xx:xx:xx:xx:xx:xx -c yy:yy:yy:yy:yy:yy --ig
    xx:xx... is the bssid of the access point and yy:yy... is the bssid of the client. --ig just means to ignore the channel -1 error which is causing your problems.

    You can also run:

    Code:
    airmon-ng check kill
    before you plug in your adapter. This will stop networking mode so there should no longer be a channel -1 error. Good luck and be safe! Don't attack someone else's stuff!
    Last edited by soxrok2212; 2015-02-12 at 02:50.

  6. #6
    Hello,

    I see it's showing chanel -1

    Try your arodump-ng command with the --ignore-negative-one flag and you should be able to get a handshake

    Also virtual machines with usb devices can be problematic for usb bus drop-out

    Let us know how that works
    Last edited by lillypad; 2015-02-20 at 14:18.

  7. #7
    Hi. I try VM virtualbox, kali linux, TP-LINK TL-WN722.
    I use a command airodump-ng mon0. Its show the wifi clients. But if i try get the SESSION, and HANDSHAKE, not show nothing.
    Counted up only Beacons (5000, ano more), and elapsed time is 10min, and more....
    why???

Similar Threads

  1. handshake capture in kali linux and backtrack 5 r3
    By landous in forum TroubleShooting Archive
    Replies: 0
    Last Post: 2020-05-27, 14:06

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •