Things I've learned and want to share
This is just a quick post to provide the presentation I gave tonight at PwnSchool. If you’d like to review it you can download it here. Thanks!
Topics covered:
Many thanks to INIT_SIX for also pointing out a quick way to reduce the size of your WPA handshake captures using pyrit:
pyrit -r /path/to/capture.cap -o /path/to/handshake-only-output.cap stripAdd the “-e” or “-b” switches to filter down to just a single AP by ESSID or BSSID respectively:
pyrit -r capture.cap -o output.cap -b "99:88:77:66:55:44" stripThat’s it! Good hunting!
Many thanks to INIT_SIX for recommending this quick-hit update to the previous WPA wireless attack article. If you find yourself making packet captures and airodump-ng reports that the handshake was captures, but aircrack-ng (or your tool of choice) is having issues, it’s time to break out some manual packet analysis. Let’s verify that capture!
The following is a quick-hit list of commands for attacking a WPA wireless network. It assumes you are using a 2016 variant of Kali linux with the aircrack-ng suite installed and a wireless network card that can be placed into monitor mode (which should be about 100% of them). It also assumes that there is a WPA network with an associated client that is transmitting, and that you are running as a user with sufficient permissions to execute each of these commands.
For the sake of this tutorial the AP will be assumed to have a MAC address of “99:88:77:66:55:44” and the client will be assumed to have a MAC address of “00:11:22:33:44:55”. The wireless network card we will use will be assumed to be “wlan0”.
If a presentation is more your style of learning you can access training on this topic here: Wireless Attacks – WPA & WPS (basic_0x01)
Hermit's Cave 