Steiner254
Twitter:https://twitter.com/steiner254
Github:
โ-CyberTalents Writeups
MACHINE CHALLENGES
FIRST CHALLENGE >>>NAME: WPA CRACK~100 Points
https://cybertalents.com/challenges/machines/wpa-crack
[ You are conducting a WIFI pentest, Handshake has been captured and your task is to crack it
Flag format is just the password
"We are given a link that contains a cap file containing WPA network sniffed packet"
| Get Ready:)
โโ[root@yoninetanyahu]โ[/home/yoninetanyahu]
โโโโผ #
|
This Challenge will help us understand Cracking WPA PCAP file
We will learn WPA Crackingโฆ
In the captured traffic was also a handshake between a Client and the test Network. It is possible to bruteforce the password of a WPA Network as we have captured a handshake.
| โโ[root@yoninetanyahu]โ[/home/yoninetanyahu/Downloads]
โโโโผ #ls
Steiner254.jpeg wpa943050264305852656243865.cap
โโ[root@yoninetanyahu]โ[/home/yoninetanyahu/Downloads]
โโโโผ #aircrack-ng wpa943050264305852656243865.cap
Reading packets, please waitโฆ
Opening wpa943050264305852656243865.cap
Read 13 packets.
1 00:0D:93:EB:B0:8C test WPA (1 handshake)
Choosing first network as target.
Reading packets, please waitโฆ
Opening wpa943050264305852656243865.cap
Read 13 packets.
1 potential targets
Please specify a dictionary (option -w).
โโ[root@yoninetanyahu]โ[/home/yoninetanyahu/Downloads]
โโโโผ #
|
Exploiting
We tried the rockyou list in the kali Linux distribution to crack the password
| โโ[root@yoninetanyahu]โ[/home/yoninetanyahu/Downloads]
โโโโผ #aircrack-ng wpa943050264305852656243865.cap -w /usr/share/wordlists/rockyou.txt
|
| Aircrack-ng 1.6
โโโโ [00:00:29] 147022/14344392 keys tested (5004.02 k/s)
โโโโ Time left: 47 minutes, 17 seconds 1.02%
โโโโ KEY FOUND! [XXXXXXXX]
โโโโ Master Key : CD D7 9A 5A CF B0 70 C7 E9 D1 02 3B 87 02 85 D6
โโโโ 39 E4 30 B3 2F 31 AA 37 AC 82 5A 55 B5 55 24 EE
โโโโ Transient Key : 33 55 0B FC 4F 24 84 F4 9A 38 B3 D0 89 83 D2 49
โโโโ 73 F9 DE 89 67 A6 6D 2B 8E 46 2C 07 47 6A CE 08
โโโโ AD FB 65 D6 13 A9 9F 2C 65 E4 A6 08 F2 5A 67 97
โโโโ D9 6F 76 5B 8C D3 DF 13 2F BC DA 6A 6E D9 62 CD
โโโโ EAPOL HMAC : 28 A8 C8 95 B7 17 E5 72 27 B6 A7 EE E3 E5 34 45
|
Finally The Key Found Is Our Flag!!!
SECOND CHALLENGE >>>NAME: VERSION~25 Points
Description
Can you find the web server version
Flag format Xxxxxxy.y.yy
Target IP: 35.156.4.248
This is a very easy challenge with 25 points!
| โ[root@yoninetanyahu]โ[/home/yoninetanyahu]
โโโโผ #nmap 35.156.4.248
Starting Nmap 7.91 ( https://nmap.org ) at 2021-07-16 22:09 EAT
Nmap scan report for ec2-35-156-4-248.eu-central-1.compute.amazonaws.com (35.156.4.248)
Host is up (0.16s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 11.62 seconds
โโ[root@yoninetanyahu]โ[/home/yoninetanyahu]
โโโโผ #nmap 35.156.4.248 -Pn -p 80 -sV
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2021-07-16 22:13 EAT
Nmap scan report for ec2-35-156-4-248.eu-central-1.compute.amazonaws.com (35.156.4.248)
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd y.y.yy ((Ubuntu))
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.65 seconds
โโ[root@yoninetanyahu]โ[/home/yoninetanyahu]
โโโโผ #
|
Here our flag in the format Apachey.y.yy
!!!Smooth