Obtaining the Handshake

Follow our easy Youtube video guide OR the instructions below !


Text Instructions

Click the Download button

Once downloaded, either burn and boot off the CD; or to boot from a USB drive, navigate to http://www.linuxliveusb.com/en/download and download Linux Live USB Creator. Install and run. This program transfers the Backtrack image to a USB Flash drive.

  • USB Boot Only
  • Open Linux Live USB Creator
  • Select USB Key
  • Choose a Source: ISO / IMG / Zip
  • Select Options like below ( This will format the USB drive )
  • Click the Lightning icon to create

Once you have the CD or USB ready, ensure this is inserted and restart your computer. As the BIOS information is displayed, repeatedly press the boot selection key every two seconds, most computers use either ESC, F8, F10 or F12 ( usually says at the bottom of the screen ); alternatively go into the BIOS, usually F2, F12 or DEL and change the Boot priority to CD / USB.

  • If booting from a USB click Backtrack Persistent - Persistent Mode
  • If booting from a CD click Backtrack Text - Default Boot Text Mode
  • You may be prompted to select a Video Mode, press the Space Bar to detect automatically or press Enter to select a custom mode.
  • If Backtrack is installed to a Hard Drive, login with root / toor
  • Type startx and press Enter.
  • Click the Terminal icon on the top of the Desktop.
  • If your using a USB Wireless adapter, ensure this is connected.
  • Type airmon-ng . This will display any interfaces that can be put into monitor mode. If nothing is listed here then it is likely your device is not compatible, or an additional driver is required. To check for additional drivers that may be needed, refer to this database.
  • Type airmon-ng start wlan1 ( your interface number from above ).
  • If successful the message 'Monitor mode is enabled on mon(x)' should display.
  • We now need to find details of our target wireless network.
  • Type airodump-ng mon0 ( or which number monitor mode was enabled on above ).
    • The wireless adapter will now scan all networks.
    • From the ESSID, identify the network you are targetting.
    • CH - Note down the channel the network is on.
    • BSSID - Note down the mac address of the network.

    The bottom BSSID and Station indicate if any wireless clients are connected to the network at the time. This can be useful to quickly obtain a handshake. We can deauthenticate a Station which should then automatically reconnect and a Handshake can be obtained.

    Press CTRL+C to stop scanning.

    • We now restart airodump and target the wireless network.
    • In the example above it will be:
    • airodump-ng -c 7 -w mycapture --bssid 00:1A:XX:XX:XX:XX mon0
    • ( X been the rest of the mac address )
    • where :

    • -c : Channel
    • -w mycapture : This is the capture filename and can be anything.
    • --bssid : BSSID from the steps above. The mac address of your network.
    • mon0 : The interface monitor mode was enabled on.

    We now wait for the Handshake to be captured. If there are no wireless clients currently connected, the dump needs to continue until a client connects. If you already have a client connected we can manually deauthenticate the client and force them to reconnect.

    Deauthenticating a client

    • Whilst airodump-ng is running, open a new Terminal window and type:
    • aireplay-ng -0 5 -a 00:1A:XX:XX:XX:XX -c 18:87:XX:XX:XX:XX mon0


    • -0 : Deauthenticate mode
    • 5 : How many times to send the deauthentication command ( you can change this if you like )
    • -a 00:1A:XX:XX:XX:XX : The mac address BSSID of the wireless network you are targetting
    • -c 18:87:XX:XX:XX:XX : The mac address of the wireless station you are targetting

    If the above command does not capture a handshake, you can also try without specifying the client bit -c 18:87:XX:XX:XX:XX . This will deauthenticate ALL clients on the wireless network.

    The deauthentication process will begin and hopefully the client automatically reconnects. You should then see the WPA Handshake captured on the top right of the airodump window.

    • We now need to verify the Handshake.
    • Press CTRL+C to stop the Airodump capturing.
    • ls -l
    • The Airodump capture should now be listed as a .cap file ( see picture below )
    • pyrit -r mycapture-01.cap analyze
    • You need to ensure the HMAC_SHA1_AES is Good. If this displays as Bad, repeat the steps above until you have a Good Handshake.
    • If the file is quite big Pyrit can strip the packets so only the necessary ones are only included.
    • pyrit -r mycapture-01.cap -o mycapture_stripped.cap strip
    • Again use the analyze command to confirm a Good Handshake is included.
    • pyrit -r mycapture_stripped.cap analyze
      • You can either Email the Handshake to us or to yourself; or alternatively you can copy it to a USB Flash drive.
      • ( You will need an additional USB pendrive if you are booting from a USB )
      • To Email, you need Internet access within Backtack. If you connect via a cable you should be able to go straight onto the Internet.
      • Click Applications > Internet > Firefox Web Browser
      • If you connect via wireless, you will need to enter your networks password details.
      • You will need to know the Interface number of your wireless adapter.
      • Open a new Terminal and type iwconfig
      • In the example below mine is wlan0 , yours might be wlan1.

      Now you can go into Applications > Internet > Wicd Network Manager to configure your network.

      • Click Preferences.
      • Check that Wireless Interface is the same as before. If yours is wlan1 correct this.
      • Click OK.
      • You may need to click Refresh to get a list of networks.
      • When you can see the networks, click Properties on your network.
      • Enter your Wireless key and click OK
      • Click Connect and you should now be connected to the Internet.
      • Click Applications > Internet > Firefox Web Browser

      • If you are copying to a USB drive.
      • Insert a USB Flash drive.
      • Click Places at the top and select Home Folder
      • Right click the Capture File.
      • Click Copy
      • Once the USB Flash drive is inserted, it should automount and be visible on the Desktop.
      • Double click the USB Flash drive.
      • Right Click the empty space of the File Browser and click Paste
      • Right click the USB Flash drive.
      • Click Safely Remove Drive.
      • You have now obtained the WPA Handshake.
      • Copy this to your PC and you are now ready to send the Handshake to us.