I Inadvertently Left Kali Running a Scan on Local APs Using the Airodump Function in Aircrack Whilst I Was Away for a Couple of Days. Upon My Return I Find That It Has Seemingly Grabbed Shedloads of WPA Handshakes for Various BSSIDs Whilst I've Been Away. As I'm Used to Using the Tutorials on Here (Whereby You Use the -W Command to Create a File for the Captured 'Shakes) I've No Idea Where to Find the Handshakes. I Know I Need to Make a Start on the Linux Basics Tutorials but Any Assistance in the Interim on Locating and Getting to Grips on the 'Shakes I've Grabbed Would Be Appreciated.
Forum Thread: Confused Noob
- Hot
- Active
-
Forum Thread:
Meterpreter Session Stage Failing
2
Replies
6 hrs ago -
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
165
Replies
1 wk ago -
Problem with Msfvenom:
Windows 7 64-Bit Exe - The Version of This File Is Not Compatible.
6
Replies
1 wk ago -
Forum Thread:
After Executing Search Command in "Wifite" My Laptops Wifi Disconnected.
5
Replies
1 wk ago -
Forum Thread:
Is There a Tool or Machine Used to Hack Password
0
Replies
1 wk ago -
Forum Thread:
Is There a Tool or Machine Used to Hack Password
0
Replies
1 wk ago -
Forum Thread:
How Do I Hack WPS Locked Wifi
9
Replies
1 wk ago -
Forum Thread:
How to Run and Install Kali Linux on a Chromebook
16
Replies
1 wk ago -
Forum Thread:
Learn to Hack an Android Device Over the Internet Remotely
0
Replies
1 wk ago -
Forum Thread:
Hack a Specific Program
0
Replies
1 wk ago -
Forum Thread:
Why Can't I Boot into Kali Graphical Mode After a Fresh Installation??
0
Replies
2 wks ago -
How to:
Spoof E-Mail Using SendEmail and Postfix
0
Replies
2 wks ago -
Forum Thread:
Gain Access to (Data on) Locked Android 9 Phone (LG G6)
1
Replies
2 wks ago -
Forum Thread:
Difficulty with Kali Linux Commands
0
Replies
2 wks ago -
Forum Thread:
Kali linux command error. Kindly help
0
Replies
2 wks ago -
Forum Thread:
Airdump-Ng Can't Find Any Network in Monitor Mode
10
Replies
2 wks ago -
Forum Thread:
Unicorn Framework (iOS, macOS, Linux Post-Exploitation)
0
Replies
2 wks ago -
Forum Thread:
Does rtl8814au Is Still Work For Wireless Hacking?
0
Replies
2 wks ago -
Forum Thread:
Awesome Keylogging Script - BeeLogger
28
Replies
2 wks ago -
Forum Thread:
Veil-Evasion Problem ( Kali Linux )
18
Replies
3 wks ago
-
How To:
Scan Websites for Potential Vulnerabilities Using the Vega Vulnerability Scanner in Kali Linux
-
How To:
13 Black Friday Deals on Courses That Will Beef Up Your Hacking & Programming Skill Set
-
How To:
Hack Computers Over Wi-Fi with the WiFi Duck Payload Deliverer
-
How To:
Hack Android Using Kali (Remotely)
-
How To:
Extract Bitcoin Wallet Addresses & Balances from Websites with SpiderFoot CLI
-
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
How To:
Top 10 Things to Do After Installing Kali Linux
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
-
How To:
Phish for Social Media & Other Account Passwords with BlackEye
-
How To:
Scan for Vulnerabilities on Any Website Using Nikto
-
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
-
How To:
Get Started with Python with This One-Hour Course for Just $14.99
-
How To:
Gain SSH Access to Servers by Brute-Forcing Credentials
-
How To:
Create Custom Wordlists for Password Cracking Using the Mentalist
-
How To:
Hunt Down Social Media Accounts by Usernames with Sherlock
-
How To:
Write an XSS Cookie Stealer in JavaScript to Steal Passwords
-
Hack Like a Pro:
How to Hack Facebook (Facebook Password Extractor)
-
How To:
Use Ettercap to Intercept Passwords with ARP Spoofing
-
How To:
Brute-Force Nearly Any Website Login with Hatch
-
How To:
Crack Password-Protected ZIP Files, PDFs & More with Zydra
2 Responses
Ciuffy is correct about the headline - I don't post much and was rushing off to a beer festival. Many thanks for your help.
A few things you can do (assuming you're using Kali):
Open up a terminal and run from the command line:
wpaclean new.cap old.cap
Note that the order in this is the opposite of what you'll usually see -- enter the file name you want to give your clean cap file FIRST, and then the file of the one you have now. e.g.
wpaclean SmallCap.cap HugeCapBecauseILeftAirCrackRunning.cap
This will strip the file down to only the relevant handshakes (you only need two from each set, but they have to be the right two).
pyrit -r Old.cap -o New.cap strip
This will strip it down to just handshakes, but won't pre-select them for you.
After that you can run:
pyrit -r New.cap analyze
This will return a list of all handshakes, and tell you if they're usable ("good spread") or not.
And, finally, you can do it manually by opening the cap file in wireshark and selecting individual packets. See this for an explanation:
http://aircrack-ng.org/doku.php?id=wpa_capture&DokuWiki=074d5917c87bb3032d8c42de85f2e8da
Caveat:
I've only ever used these on cap files that captured handshakes from a single ESSID. Not certain how they'll work if you have dozens of different ESSIDs in there.
What I've done is run pyrit strip on the cap file first, run pyrit analyze on it, and then run it through wpaclean. Then I'll open up the final cap file in wireshark and make sure they all look good. But I think you can get away with just wpaclean.
Share Your Thoughts