forensics/wpa_ing_out

This commit is contained in:
Oystein Kristoffer Tveit 2024-09-03 18:37:57 +02:00
parent fa2ecdc606
commit 0fec7de96a
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146
3 changed files with 52 additions and 0 deletions

View File

@ -0,0 +1,41 @@
$ nix-shell -p aircrack-ng
$ nix build nixpkgs#rockyou
$ aircrack-ng -w result/share/wordlists/rockyou.txt wpa-ing_out.pcap
Reading packets, please wait...
Opening wpa-ing_out.pcap
Resetting EAPOL Handshake decoder state.
Resetting EAPOL Handshake decoder state.
Read 23523 packets.
# BSSID ESSID Encryption
1 00:5F:67:4F:6A:1A Gone_Surfing WPA (1 handshake)
Choosing first network as target.
Reading packets, please wait...
Opening wpa-ing_out.pcap
Resetting EAPOL Handshake decoder state.
Resetting EAPOL Handshake decoder state.
Read 23523 packets.
1 potential targets
Aircrack-ng 1.7
[00:00:00] 1269/10303727 keys tested (22890.06 k/s)
Time left: 7 minutes, 30 seconds 0.01%
KEY FOUND! [ mickeymouse ]
Master Key : 61 64 B9 5E FC 6F 41 70 70 81 F6 40 80 9F AF B1
4A 9E C5 C4 E1 67 B8 AB 58 E3 E8 8E E6 66 EB 11
Transient Key : 26 85 7B AC DD 2C 44 E6 06 18 03 B0 0F F2 75 A2
32 63 F7 35 74 2D 18 10 1C 25 F9 14 BC 41 DA 58
52 48 86 B0 D6 14 89 F6 77 00 67 E0 AD 10 1B 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
EAPOL HMAC : 65 2F 6C 0E 75 F0 49 27 6A AA 6A 06 A7 24 B9 A9

View File

@ -0,0 +1,11 @@
With the output of `output.txt`, open the pcap file in wireshark.
Go to Edit > Preferences > Protocols > IEEE 802.11 > Decryption Keys [Edit...]
Add key of type `wpa-pwd`: `mickeymouse:Gone_Surfing`
The traffic should now be decrypted.
... Turns out the password itself is the flag
picoCTF{mickeymouse}

Binary file not shown.