WPA Handshake Stripping

Many thanks to INIT_SIX for also pointing out a quick way to reduce the size of your WPA handshake captures using pyrit:

pyrit -r /path/to/capture.cap -o /path/to/handshake-only-output.cap strip

Add the “-e” or “-b” switches to filter down to just a single AP by ESSID or BSSID respectively:

pyrit -r capture.cap -o output.cap -b "99:88:77:66:55:44" strip

That’s it! Good hunting!

Wireless Attack: WPA

The following is a quick-hit list of commands for attacking a WPA wireless network. It assumes you are using a 2016 variant of Kali linux with the aircrack-ng suite installed and a wireless network card that can be placed into monitor mode (which should be about 100% of them). It also assumes that there is a WPA network with an associated client that is transmitting, and that you are running as a user with sufficient permissions to execute each of these commands.

For the sake of this tutorial the AP will be assumed to have a MAC address of “99:88:77:66:55:44” and the client will be assumed to have a MAC address of “00:11:22:33:44:55”. The wireless network card we will use will be assumed to be “wlan0”.

If a presentation is more your style of learning you can access training on this topic here: Wireless Attacks – WPA & WPS (basic_0x01)

Continue reading “Wireless Attack: WPA”

Installing CrackMapExec (CME)

If you need to install CrackMapExec (CME), which for some reason isn’t included in Kali Linux, you can do so with the following commands:

apt-get install -y libssl-dev libffi-dev python-dev build-essential
apt-get install virtualenvwrapper
source /usr/share/virtualenvwrapper/virtualenvwrapper.sh
mkvirtualenv CME
(CME) #~ pip install crackmapexec

Lifted from the CME Wiki install instructions.

Reversing Binary on Command Line

Just throwing this here in case it’s useful to someone else… I often come across binary in challenges that needs to be reversed, and don’t always have a quick tool available.  Assuming you have Perl installed, it’s a straightforward conversion (this assumes 8 bit, zero-padded data):

echo 01000001 01000010 01000011 01000100 | perl -lape '$_=pack"(B8)*",@F'

Good hunting. 🙂

Create a website or blog at WordPress.com

Up ↑