Steiner254
Twitter:https://twitter.com/steiner254
Github:

โ€“-CyberTalents Writeups
MACHINE CHALLENGES

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More โ†’

FIRST CHALLENGE >>>NAME: WPA CRACK~100 Points

https://cybertalents.com/challenges/machines/wpa-crack
[ You are conducting a WIFI pentest, Handshake has been captured and your task is to crack it

Flag format is just the password
"We are given a link that contains a cap file containing WPA network sniffed packet"

| Get Ready:)
โ”Œโ”€[root@yoninetanyahu]โ”€[/home/yoninetanyahu]
โ””โ”€โ”€โ•ผ #
|
This Challenge will help us understand Cracking WPA PCAP file

We will learn WPA Crackingโ€ฆ

In the captured traffic was also a handshake between a Client and the test Network. It is possible to bruteforce the password of a WPA Network as we have captured a handshake.

| โ”Œโ”€[root@yoninetanyahu]โ”€[/home/yoninetanyahu/Downloads]
โ””โ”€โ”€โ•ผ #ls
Steiner254.jpeg wpa943050264305852656243865.cap
โ”Œโ”€[root@yoninetanyahu]โ”€[/home/yoninetanyahu/Downloads]
โ””โ”€โ”€โ•ผ #aircrack-ng wpa943050264305852656243865.cap
Reading packets, please waitโ€ฆ
Opening wpa943050264305852656243865.cap
Read 13 packets.

BSSID ESSID Encryption

1 00:0D:93:EB:B0:8C test WPA (1 handshake)

Choosing first network as target.

Reading packets, please waitโ€ฆ
Opening wpa943050264305852656243865.cap
Read 13 packets.

1 potential targets

Please specify a dictionary (option -w).

โ”Œโ”€[root@yoninetanyahu]โ”€[/home/yoninetanyahu/Downloads]
โ””โ”€โ”€โ•ผ #
|

Exploiting
We tried the rockyou list in the kali Linux distribution to crack the password

| โ”Œโ”€[root@yoninetanyahu]โ”€[/home/yoninetanyahu/Downloads]
โ””โ”€โ”€โ•ผ #aircrack-ng wpa943050264305852656243865.cap -w /usr/share/wordlists/rockyou.txt
|

| Aircrack-ng 1.6

โ€‹โ€‹โ€‹โ€‹  [00:00:29] 147022/14344392 keys tested (5004.02 k/s) 

โ€‹โ€‹โ€‹โ€‹  Time left: 47 minutes, 17 seconds                          1.02%

โ€‹โ€‹โ€‹โ€‹                       KEY FOUND! [XXXXXXXX]


โ€‹โ€‹โ€‹โ€‹  Master Key     : CD D7 9A 5A CF B0 70 C7 E9 D1 02 3B 87 02 85 D6 
โ€‹โ€‹โ€‹โ€‹                   39 E4 30 B3 2F 31 AA 37 AC 82 5A 55 B5 55 24 EE 

โ€‹โ€‹โ€‹โ€‹  Transient Key  : 33 55 0B FC 4F 24 84 F4 9A 38 B3 D0 89 83 D2 49 
โ€‹โ€‹โ€‹โ€‹                   73 F9 DE 89 67 A6 6D 2B 8E 46 2C 07 47 6A CE 08 
โ€‹โ€‹โ€‹โ€‹                   AD FB 65 D6 13 A9 9F 2C 65 E4 A6 08 F2 5A 67 97 
โ€‹โ€‹โ€‹โ€‹                   D9 6F 76 5B 8C D3 DF 13 2F BC DA 6A 6E D9 62 CD 

โ€‹โ€‹โ€‹โ€‹  EAPOL HMAC     : 28 A8 C8 95 B7 17 E5 72 27 B6 A7 EE E3 E5 34 45 

|

Finally The Key Found Is Our Flag!!!

SECOND CHALLENGE >>>NAME: VERSION~25 Points
Description
Can you find the web server version
Flag format Xxxxxxy.y.yy
Target IP: 35.156.4.248

This is a very easy challenge with 25 points!

| โ”€[root@yoninetanyahu]โ”€[/home/yoninetanyahu]
โ””โ”€โ”€โ•ผ #nmap 35.156.4.248
Starting Nmap 7.91 ( https://nmap.org ) at 2021-07-16 22:09 EAT
Nmap scan report for ec2-35-156-4-248.eu-central-1.compute.amazonaws.com (35.156.4.248)
Host is up (0.16s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http

Nmap done: 1 IP address (1 host up) scanned in 11.62 seconds
โ”Œโ”€[root@yoninetanyahu]โ”€[/home/yoninetanyahu]
โ””โ”€โ”€โ•ผ #nmap 35.156.4.248 -Pn -p 80 -sV
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2021-07-16 22:13 EAT
Nmap scan report for ec2-35-156-4-248.eu-central-1.compute.amazonaws.com (35.156.4.248)
Host is up (0.16s latency).

PORT STATE SERVICE VERSION
80/tcp open http Apache httpd y.y.yy ((Ubuntu))

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.65 seconds
โ”Œโ”€[root@yoninetanyahu]โ”€[/home/yoninetanyahu]
โ””โ”€โ”€โ•ผ #
|
Here our flag in the format Apachey.y.yy
!!!Smooth