--- # System prepended metadata title: BSSID ESSID Encryption --- **Steiner254** Twitter:https://twitter.com/steiner254 Github: ---**CyberTalents Writeups** *MACHINE CHALLENGES* ![](https://i.imgur.com/MbU86D8.jpg) **FIRST CHALLENGE >>>NAME: WPA CRACK**~100 Points >>>https://cybertalents.com/challenges/machines/wpa-crack [ You are conducting a WIFI pentest, Handshake has been captured and your task is to crack it Flag format is just the password "We are given a link that contains a cap file containing WPA network sniffed packet" | Get Ready:) ┌─[root@yoninetanyahu]─[/home/yoninetanyahu] └──╼ # | This Challenge will help us understand Cracking WPA PCAP file We will learn WPA Cracking... >>> In the captured traffic was also a handshake between a Client and the test Network. It is possible to bruteforce the password of a WPA Network as we have captured a handshake. | ┌─[root@yoninetanyahu]─[/home/yoninetanyahu/Downloads] └──╼ #ls Steiner254.jpeg wpa943050264305852656243865.cap ┌─[root@yoninetanyahu]─[/home/yoninetanyahu/Downloads] └──╼ #aircrack-ng wpa943050264305852656243865.cap Reading packets, please wait... Opening wpa943050264305852656243865.cap Read 13 packets. # BSSID ESSID Encryption 1 00:0D:93:EB:B0:8C test WPA (1 handshake) Choosing first network as target. Reading packets, please wait... Opening wpa943050264305852656243865.cap Read 13 packets. 1 potential targets Please specify a dictionary (option -w). ┌─[root@yoninetanyahu]─[/home/yoninetanyahu/Downloads] └──╼ # | **Exploiting** We tried the rockyou list in the kali Linux distribution to crack the password | ┌─[root@yoninetanyahu]─[/home/yoninetanyahu/Downloads] └──╼ #aircrack-ng wpa943050264305852656243865.cap -w /usr/share/wordlists/rockyou.txt | | Aircrack-ng 1.6 [00:00:29] 147022/14344392 keys tested (5004.02 k/s) Time left: 47 minutes, 17 seconds 1.02% KEY FOUND! [XXXXXXXX] Master Key : CD D7 9A 5A CF B0 70 C7 E9 D1 02 3B 87 02 85 D6 39 E4 30 B3 2F 31 AA 37 AC 82 5A 55 B5 55 24 EE Transient Key : 33 55 0B FC 4F 24 84 F4 9A 38 B3 D0 89 83 D2 49 73 F9 DE 89 67 A6 6D 2B 8E 46 2C 07 47 6A CE 08 AD FB 65 D6 13 A9 9F 2C 65 E4 A6 08 F2 5A 67 97 D9 6F 76 5B 8C D3 DF 13 2F BC DA 6A 6E D9 62 CD EAPOL HMAC : 28 A8 C8 95 B7 17 E5 72 27 B6 A7 EE E3 E5 34 45 | Finally The Key Found Is Our Flag!!! **SECOND CHALLENGE >>>NAME: VERSION**~25 Points *Description* Can you find the web server version Flag format Xxxxxxy.y.yy Target IP: 35.156.4.248 This is a very easy challenge with 25 points! | ─[root@yoninetanyahu]─[/home/yoninetanyahu] └──╼ #nmap 35.156.4.248 Starting Nmap 7.91 ( https://nmap.org ) at 2021-07-16 22:09 EAT Nmap scan report for ec2-35-156-4-248.eu-central-1.compute.amazonaws.com (35.156.4.248) Host is up (0.16s latency). Not shown: 998 filtered ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http Nmap done: 1 IP address (1 host up) scanned in 11.62 seconds ┌─[root@yoninetanyahu]─[/home/yoninetanyahu] └──╼ #nmap 35.156.4.248 -Pn -p 80 -sV Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower. Starting Nmap 7.91 ( https://nmap.org ) at 2021-07-16 22:13 EAT Nmap scan report for ec2-35-156-4-248.eu-central-1.compute.amazonaws.com (35.156.4.248) Host is up (0.16s latency). PORT STATE SERVICE VERSION 80/tcp open http Apache httpd y.y.yy ((Ubuntu)) Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 8.65 seconds ┌─[root@yoninetanyahu]─[/home/yoninetanyahu] └──╼ # | Here our flag in the format Apachey.y.yy !!!Smooth