WPA-ing Out - HackMD

1. From hint: *Aircrack-ng can make a pcap file catch big air...and crack a password*, I search for the usage of `aircrack-ng` and found [this usage example](https://www.kali.org/tools/aircrack-ng/): ```shell aircrack-ng -w password.lst wpa.cap ``` so I gave up the idea of using wireshark 2. Since the question description mentioned `rockyou.txt`, so we have to crack it with `rockyou.txt`, and the location of it in Kali is `/usr/share/wordlists/rockyou.txt.gz` ([ref](https://www.kaggle.com/datasets/wjburns/common-password-list-rockyoutxt)). 3. However, we have to [extract it](https://www.geeksforgeeks.org/how-to-extract-rockyou-txt-gz-file-in-kali-linux/) before using, so: ```shell ┌──(kali㉿kali)-[/usr/share/wordlists] └─$ sudo su [sudo] password for kali: ┌──(root㉿kali)-[/usr/share/wordlists] └─# gzip -d rockyou.txt.gz ``` Note that you have to [switch to su (super user)](https://www.kali.org/docs/general-use/enabling-root/), or you won't be able to unzip it, like this: ```shell ┌──(kali㉿kali)-[/usr/share/wordlists] └─$ gzip -d rockyou.txt.gz gzip: rockyou.txt: Permission denied ┌──(kali㉿kali)-[/usr/share/wordlists] └─$ chmod +x rockyou.txt.gz chmod: changing permissions of 'rockyou.txt.gz': Operation not permitted ``` After extracting `rockyou.txt`, make sure that it's extracted successfully by using `ls` ```shell ┌──(root㉿kali)-[/usr/share/wordlists] └─# ls amass dirbuster fern-wifi legion nmap.lst sqlmap.txt wifite.txt dirb fasttrack.txt john.lst metasploit rockyou.txt wfuzz ``` 4. Final step: crack it! ```shell ┌──(kali㉿kali)-[~/code] └─$ aircrack-ng -w /usr/share/wordlists/rockyou.txt wpa-ing_out.pcap Reading packets, please wait... Opening wpa-ing_out.pcap Resetting EAPOL Handshake decoder state. Resetting EAPOL Handshake decoder state. Read 23523 packets. # BSSID ESSID Encryption 1 00:5F:67:4F:6A:1A Gone_Surfing WPA (1 handshake) Choosing first network as target. Reading packets, please wait... Opening wpa-ing_out.pcap Resetting EAPOL Handshake decoder state. Resetting EAPOL Handshake decoder state. Read 23523 packets. 1 potential targets Aircrack-ng 1.7 [00:00:00] 1331/10303727 keys tested (3426.37 k/s) Time left: 50 minutes, 6 seconds 0.01% KEY FOUND! [ mickeymouse ] Master Key : 61 64 B9 5E FC 6F 41 70 70 81 F6 40 80 9F AF B1 4A 9E C5 C4 E1 67 B8 AB 58 E3 E8 8E E6 66 EB 11 Transient Key : 62 37 2F 54 3B 7B B4 43 9B 37 F4 57 40 FD D1 91 86 7F FE 26 85 7B AC DD 2C 44 E6 06 18 03 B0 0F F2 75 A2 32 63 F7 35 74 2D 18 10 1C 25 F9 14 BC 41 DA 58 52 48 86 B0 D6 14 89 F6 77 00 8E F7 EB EAPOL HMAC : 65 2F 6C 0E 75 F0 49 27 6A AA 6A 06 A7 24 B9 A9 ``` and wrap the key with picoCTF{}