PicoCTF - WPA-ing Out

tags: PicoCTF CTF Misc

Challenge: WPA-ing Out

Background

Day 26 Wireless Attacks-無線攻擊(aircrack-ng)

Description & Hint

I thought that my password was super-secret, but it turns out that passwords passed over the AIR can be CRACKED, especially if I used the same wireless network password as one in the `rockyou.txt` credential dump. Use this pcap file and the rockyou wordlist. The flag should be entered in the picoCTF{XXXXXX} format.

Hint 1: Finding the IEEE 802.11 wireless protocol used in the wireless traffic packet capture is easier with wireshark, the JAWS of the network. Hint 2: Aircrack-ng can make a pcap file catch big air…and crack a password.

Exploit - aircrack-ng

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

$ aircrack-ng wpa-ing_out.pcap -w ./rockyou.txt Reading packets, please wait... Opening wpa-ing_out.pcap Read 23523 packets. # BSSID ESSID Encryption 1 00:5F:67:4F:6A:1A Gone_Surfing WPA (1 handshake) Choosing first network as target. Reading packets, please wait... Opening wpa-ing_out.pcap Read 23523 packets. 1 potential targets Aircrack-ng 1.6 [00:00:00] 1183/10303727 keys tested (22306.13 k/s) Time left: 7 minutes, 41 seconds 0.01% KEY FOUND! [ mickeymouse ] Master Key : 61 64 B9 5E FC 6F 41 70 70 81 F6 40 80 9F AF B1 4A 9E C5 C4 E1 67 B8 AB 58 E3 E8 8E E6 66 EB 11 Transient Key : 26 85 7B AC DD 2C 44 E6 06 18 03 B0 0F F2 75 A2 32 63 F7 35 74 2D 18 10 1C 25 F9 14 BC 41 DA 58 52 48 86 B0 D6 14 89 F6 77 00 67 E0 AD 10 1B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EAPOL HMAC : 65 2F 6C 0E 75 F0 49 27 6A AA 6A 06 A7 24 B9 A9

So…The flag is picoCTF{mickeymouse}

Reference

• Install tshark
• Some error you may encounter
• ubuntu下安装lex,yacc
• WU1 - WPA-ing Out