Steiner254
Twitter:https://twitter.com/steiner254
Github:
–-CyberTalents Writeups
MACHINE CHALLENGES
FIRST CHALLENGE >>>NAME: WPA CRACK~100 Points
https://cybertalents.com/challenges/machines/wpa-crack
[ You are conducting a WIFI pentest, Handshake has been captured and your task is to crack it
Flag format is just the password
"We are given a link that contains a cap file containing WPA network sniffed packet"
| Get Ready:)
┌─[root@yoninetanyahu]─[/home/yoninetanyahu]
└──╼ #
|
This Challenge will help us understand Cracking WPA PCAP file
We will learn WPA Cracking…
In the captured traffic was also a handshake between a Client and the test Network. It is possible to bruteforce the password of a WPA Network as we have captured a handshake.
| ┌─[root@yoninetanyahu]─[/home/yoninetanyahu/Downloads]
└──╼ #ls
Steiner254.jpeg wpa943050264305852656243865.cap
┌─[root@yoninetanyahu]─[/home/yoninetanyahu/Downloads]
└──╼ #aircrack-ng wpa943050264305852656243865.cap
Reading packets, please wait…
Opening wpa943050264305852656243865.cap
Read 13 packets.
1 00:0D:93:EB:B0:8C test WPA (1 handshake)
Choosing first network as target.
Reading packets, please wait…
Opening wpa943050264305852656243865.cap
Read 13 packets.
1 potential targets
Please specify a dictionary (option -w).
┌─[root@yoninetanyahu]─[/home/yoninetanyahu/Downloads]
└──╼ #
|
Exploiting
We tried the rockyou list in the kali Linux distribution to crack the password
| ┌─[root@yoninetanyahu]─[/home/yoninetanyahu/Downloads]
└──╼ #aircrack-ng wpa943050264305852656243865.cap -w /usr/share/wordlists/rockyou.txt
|
| Aircrack-ng 1.6
[00:00:29] 147022/14344392 keys tested (5004.02 k/s)
Time left: 47 minutes, 17 seconds 1.02%
KEY FOUND! [XXXXXXXX]
Master Key : CD D7 9A 5A CF B0 70 C7 E9 D1 02 3B 87 02 85 D6
39 E4 30 B3 2F 31 AA 37 AC 82 5A 55 B5 55 24 EE
Transient Key : 33 55 0B FC 4F 24 84 F4 9A 38 B3 D0 89 83 D2 49
73 F9 DE 89 67 A6 6D 2B 8E 46 2C 07 47 6A CE 08
AD FB 65 D6 13 A9 9F 2C 65 E4 A6 08 F2 5A 67 97
D9 6F 76 5B 8C D3 DF 13 2F BC DA 6A 6E D9 62 CD
EAPOL HMAC : 28 A8 C8 95 B7 17 E5 72 27 B6 A7 EE E3 E5 34 45
|
Finally The Key Found Is Our Flag!!!
SECOND CHALLENGE >>>NAME: VERSION~25 Points
Description
Can you find the web server version
Flag format Xxxxxxy.y.yy
Target IP: 35.156.4.248
This is a very easy challenge with 25 points!
| ─[root@yoninetanyahu]─[/home/yoninetanyahu]
└──╼ #nmap 35.156.4.248
Starting Nmap 7.91 ( https://nmap.org ) at 2021-07-16 22:09 EAT
Nmap scan report for ec2-35-156-4-248.eu-central-1.compute.amazonaws.com (35.156.4.248)
Host is up (0.16s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 11.62 seconds
┌─[root@yoninetanyahu]─[/home/yoninetanyahu]
└──╼ #nmap 35.156.4.248 -Pn -p 80 -sV
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2021-07-16 22:13 EAT
Nmap scan report for ec2-35-156-4-248.eu-central-1.compute.amazonaws.com (35.156.4.248)
Host is up (0.16s latency).
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd y.y.yy ((Ubuntu))
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.65 seconds
┌─[root@yoninetanyahu]─[/home/yoninetanyahu]
└──╼ #
|
Here our flag in the format Apachey.y.yy
!!!Smooth