# PicoCTF - WPA-ing Out ###### tags: `PicoCTF` `CTF` `Misc` Challenge: [WPA-ing Out](https://play.picoctf.org/practice/challenge/206?category=4&page=2) ## Background [Day 26 Wireless Attacks-無線攻擊(aircrack-ng)](https://ithelp.ithome.com.tw/articles/10280033) ## Description & Hint > I thought that my password was super-secret, but it turns out that passwords passed over the AIR can be CRACKED, especially if I used the same wireless network password as one in the <font color="FF0000">`rockyou.txt`</font> credential dump. Use this [`pcap file`](https://artifacts.picoctf.net/c/8/wpa-ing_out.pcap) and the `rockyou` wordlist. The flag should be entered in the `picoCTF{XXXXXX}` format. Hint 1: Finding the IEEE 802.11 wireless protocol used in the wireless traffic packet capture is easier with `wireshark`, the JAWS of the network. Hint 2: `Aircrack-ng` can make a `pcap` file catch big air...and crack a password. ## Exploit - [`aircrack-ng`](https://linuxhint.com/install_aircrack-ng_ubuntu/) ```bash! $ aircrack-ng wpa-ing_out.pcap -w ./rockyou.txt Reading packets, please wait... Opening wpa-ing_out.pcap Read 23523 packets. # BSSID ESSID Encryption 1 00:5F:67:4F:6A:1A Gone_Surfing WPA (1 handshake) Choosing first network as target. Reading packets, please wait... Opening wpa-ing_out.pcap Read 23523 packets. 1 potential targets Aircrack-ng 1.6 [00:00:00] 1183/10303727 keys tested (22306.13 k/s) Time left: 7 minutes, 41 seconds 0.01% KEY FOUND! [ mickeymouse ] Master Key : 61 64 B9 5E FC 6F 41 70 70 81 F6 40 80 9F AF B1 4A 9E C5 C4 E1 67 B8 AB 58 E3 E8 8E E6 66 EB 11 Transient Key : 26 85 7B AC DD 2C 44 E6 06 18 03 B0 0F F2 75 A2 32 63 F7 35 74 2D 18 10 1C 25 F9 14 BC 41 DA 58 52 48 86 B0 D6 14 89 F6 77 00 67 E0 AD 10 1B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EAPOL HMAC : 65 2F 6C 0E 75 F0 49 27 6A AA 6A 06 A7 24 B9 A9 ``` So...The flag is `picoCTF{mickeymouse}` ## Reference [Install tshark](https://tshark.dev/setup/install/) [Some error you may encounter](https://www.cnblogs.com/liqinglucky/p/16989773.html) [ubuntu下安装lex,yacc](https://blog.csdn.net/hitwhylz/article/details/25342271) [WU1 - WPA-ing Out](https://cscbinus.com/articles/WU1-WPA-ing_Out)