Summary: WPA traffic decrypting
Here we have a pcap file with 802.11 (wireless) traffic dump. Seems it’s encrypted, let’s try aircrack:
$ aircrack-ng sciteekadm.cap -w 500-worst-passwords.txt
Opening sciteekadm.cap
Read 345 packets.
# BSSID ESSID Encryption
1 40:FC:89:E0:FF:D3 Sciteek-adm WPA (1 handshake)
Choosing first network as target.
Opening sciteekadm.cap
Reading packets, please wait...
Aircrack-ng 1.1
[00:00:00] 4 keys tested (300.98 k/s)
KEY FOUND! [ 12345678 ]
|
Password found! But sadly, wireshark can’t decrypt it, because EAPOL packets are corrupted/missing.
But there is a nice tool called
airdecap-ng (thx to
@kyprizel):
$ airdecap-ng -p 12345678 sciteekadm.cap -e Sciteek-adm
Total number of packets read 345
Total number of WEP data packets 0
Total number of WPA data packets 55
Number of plaintext data packets 0
Number of decrypted WEP packets 0
Number of corrupted WEP packets 0
Number of decrypted WPA packets 41
$ wireshark sciteekadm-dec.cap
|
Now we can simply extract a file from tcp session:
The flag: 7e4ef92d1472fa1a2d41b2d3c1d2b77a
0 comments:
Post a Comment