I Inadvertently Left Kali Running a Scan on Local APs Using the Airodump Function in Aircrack Whilst I Was Away for a Couple of Days. Upon My Return I Find That It Has Seemingly Grabbed Shedloads of WPA Handshakes for Various BSSIDs Whilst I've Been Away. As I'm Used to Using the Tutorials on Here (Whereby You Use the -W Command to Create a File for the Captured 'Shakes) I've No Idea Where to Find the Handshakes. I Know I Need to Make a Start on the Linux Basics Tutorials but Any Assistance in the Interim on Locating and Getting to Grips on the 'Shakes I've Grabbed Would Be Appreciated.
Forum Thread: Confused Noob
- Hot
- Active
-
Forum Thread:
How to Track Who Is Sms Bombing Me .
4
Replies
1 mo ago -
Forum Thread:
Removing Pay-as-You-Go Meter on Loan Phones.
1
Replies
1 mo ago -
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
3
Replies
2 mo ago -
Forum Thread:
moab5.Sh Error While Running Metasploit
17
Replies
3 mo ago -
Forum Thread:
Execute Reverse PHP Shell with Metasploit
1
Replies
4 mo ago -
Forum Thread:
Install Metasploit Framework in Termux No Root Needed M-Wiz Tool
1
Replies
5 mo ago -
Forum Thread:
Hack and Track People's Device Constantly Using TRAPE
35
Replies
5 mo ago -
Forum Thread:
When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen.
8
Replies
6 mo ago -
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
6 mo ago -
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
7 mo ago -
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
9 mo ago -
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
9 mo ago -
Metasploit Error:
Handler Failed to Bind
41
Replies
9 mo ago -
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
9 mo ago -
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
9 mo ago -
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
9 mo ago -
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
10 mo ago -
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
10 mo ago -
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
11 mo ago -
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
11 mo ago
-
How To:
Scan for Vulnerabilities on Any Website Using Nikto
-
How To:
Find Identifying Information from a Phone Number Using OSINT Tools
-
Steganography:
How to Hide Secret Data Inside an Image or Audio File in Seconds
-
How to Hack Wi-Fi:
Stealing Wi-Fi Passwords with an Evil Twin Attack
-
How To:
Crack Password-Protected Microsoft Office Files, Including Word Docs & Excel Spreadsheets
-
Hack Like a Pro:
How to Find Directories in Websites Using DirBuster
-
How To:
Make Your Own Bad USB
-
How To:
Spy on Traffic from a Smartphone with Wireshark
-
How To:
Dox Anyone
-
How To:
Set Up a Wi-Fi Spy Camera with an ESP32-CAM
-
How To:
Intercept Images from a Security Camera Using Wireshark
-
How To:
Hack Android Using Kali (Remotely)
-
How To:
Crack SSH Private Key Passwords with John the Ripper
-
How To:
Use the Chrome Browser Secure Shell App to SSH into Remote Devices
-
How To:
Detect Script-Kiddie Wi-Fi Jamming with Wireshark
-
How To:
Bypass File Upload Restrictions on Web Apps to Get a Shell
-
Hack Like a Pro:
Cryptography Basics for the Aspiring Hacker
-
How To:
Scan, Fake & Attack Wi-Fi Networks with the ESP8266-Based WiFi Deauther
-
How To:
Intercept & Analyze LAN Traffic with a Packet Squirrel & Wireshark
-
Hack Like a Pro:
How to Crack Online Web Form Passwords with THC-Hydra & Burp Suite
2 Responses
Ciuffy is correct about the headline - I don't post much and was rushing off to a beer festival. Many thanks for your help.
A few things you can do (assuming you're using Kali):
Open up a terminal and run from the command line:
wpaclean new.cap old.cap
Note that the order in this is the opposite of what you'll usually see -- enter the file name you want to give your clean cap file FIRST, and then the file of the one you have now. e.g.
wpaclean SmallCap.cap HugeCapBecauseILeftAirCrackRunning.cap
This will strip the file down to only the relevant handshakes (you only need two from each set, but they have to be the right two).
pyrit -r Old.cap -o New.cap strip
This will strip it down to just handshakes, but won't pre-select them for you.
After that you can run:
pyrit -r New.cap analyze
This will return a list of all handshakes, and tell you if they're usable ("good spread") or not.
And, finally, you can do it manually by opening the cap file in wireshark and selecting individual packets. See this for an explanation:
http://aircrack-ng.org/doku.php?id=wpa_capture&DokuWiki=074d5917c87bb3032d8c42de85f2e8da
Caveat:
I've only ever used these on cap files that captured handshakes from a single ESSID. Not certain how they'll work if you have dozens of different ESSIDs in there.
What I've done is run pyrit strip on the cap file first, run pyrit analyze on it, and then run it through wpaclean. Then I'll open up the final cap file in wireshark and make sure they all look good. But I think you can get away with just wpaclean.
Share Your Thoughts