I Inadvertently Left Kali Running a Scan on Local APs Using the Airodump Function in Aircrack Whilst I Was Away for a Couple of Days. Upon My Return I Find That It Has Seemingly Grabbed Shedloads of WPA Handshakes for Various BSSIDs Whilst I've Been Away. As I'm Used to Using the Tutorials on Here (Whereby You Use the -W Command to Create a File for the Captured 'Shakes) I've No Idea Where to Find the Handshakes. I Know I Need to Make a Start on the Linux Basics Tutorials but Any Assistance in the Interim on Locating and Getting to Grips on the 'Shakes I've Grabbed Would Be Appreciated.
Forum Thread: Confused Noob
- Hot
- Active
-
Forum Thread:
REVERSE ENGINEERING on ANDROID | CAP 1
0
Replies
1 hr ago -
Forum Thread:
m
2
Replies
3 hrs ago -
Forum Thread:
Hacking Terminals via Web !!!!! By: [ Mohamed Ahmed ]
0
Replies
3 hrs ago -
Forum Thread:
Network Infrastructure and Hacking Techniques [Theory Theory] [Part 1] by : Mohamed Ahmed .
0
Replies
3 hrs ago -
Forum Thread:
Ichidan, Shodan Clone in the Deep Web
0
Replies
3 hrs ago -
Forum Thread:
How to Hack a Facebook Account Using Kali Linux 2.0 ?
21
Replies
13 hrs ago -
Forum Thread:
Thoughts on Buying Hacking Gear and Anonymity
0
Replies
15 hrs ago -
Forum Thread:
Best Book to Read on Hacking
8
Replies
19 hrs ago -
Forum Thread:
Cdr File Damaged
0
Replies
1 day ago -
Forum Thread:
Arpspoof - No Connectivity on Physical Machine
2
Replies
2 days ago -
Forum Thread:
How to Build Cheapest Password Cracker on Multiple GPUs?
0
Replies
2 days ago -
Forum Thread:
Active White-Hat Forums?
14
Replies
2 days ago -
Forum Thread:
Apis for Trojans [ a gift from me ]
0
Replies
2 days ago -
Forum Thread:
Creating a Ransomware for Android from 0! By [ Mohamed Ahmed ]
0
Replies
2 days ago -
Forum Thread:
Hack Cheating Wife's Windows 7 Admin Password
12
Replies
2 days ago -
Forum Thread:
BlueBorne - Kali Linux Script?
9
Replies
2 days ago -
Forum Thread:
How to Install This Custom Metasploit?
0
Replies
2 days ago -
Forum Thread:
Building a TAP ( Passive Sniffer ) By: [ Mohamed Ahmed ]
0
Replies
2 days ago -
Forum Thread:
Pentesting with Shodan & Functional Exploits By [Mohamed Ahmed ]
0
Replies
3 days ago -
Forum Thread:
Hello,need help with PDF . how remove hack password ?
2
Replies
3 days ago
-
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
-
How To:
Exploring Kali Linux Alternatives: How to Get Started with BlackArch, a More Up-to-Date Pentesting Distro
-
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
-
How To:
Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
-
How To:
Crack Any Master Combination Lock in 8 Tries or Less Using This Calculator
-
How To:
Set Up a Headless Raspberry Pi Hacking Platform Running Kali Linux
-
How To:
Use a Virtual Burner Phone to Protect Your Identity & Security
-
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
-
Hack Like a Pro:
How to Secretly Hack Into, Switch On, & Watch Anyone's Webcam Remotely
-
How To:
Hack Android Using Kali (Remotely)
-
Hack Like a Pro:
How to Spy on Anyone, Part 1 (Hacking Computers)
-
Hack Like a Pro:
How to Crack Passwords, Part 1 (Principles & Technologies)
-
Hack Like a Pro:
How to Crack Passwords, Part 4 (Creating a Custom Wordlist with Crunch)
-
How To:
Successfully Hack a Website in 2016!
-
How to Hack Wi-Fi:
Capturing WPA Passwords by Targeting Users with a Fluxion Attack
-
How To:
Hack Windows 7 (Become Admin)
-
Hack Like a Pro:
How to Find Vulnerabilities for Any Website Using Nikto
-
How To:
Install Kali Live on a USB Drive (With Persistence, Optional)
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2017
-
Hack Like a Pro:
How to Crack Online Web Form Passwords with THC-Hydra & Burp Suite
2 Responses
Ciuffy is correct about the headline - I don't post much and was rushing off to a beer festival. Many thanks for your help.
A few things you can do (assuming you're using Kali):
Open up a terminal and run from the command line:
wpaclean new.cap old.cap
Note that the order in this is the opposite of what you'll usually see -- enter the file name you want to give your clean cap file FIRST, and then the file of the one you have now. e.g.
wpaclean SmallCap.cap HugeCapBecauseILeftAirCrackRunning.cap
This will strip the file down to only the relevant handshakes (you only need two from each set, but they have to be the right two).
pyrit -r Old.cap -o New.cap strip
This will strip it down to just handshakes, but won't pre-select them for you.
After that you can run:
pyrit -r New.cap analyze
This will return a list of all handshakes, and tell you if they're usable ("good spread") or not.
And, finally, you can do it manually by opening the cap file in wireshark and selecting individual packets. See this for an explanation:
http://aircrack-ng.org/doku.php?id=wpa_capture&DokuWiki=074d5917c87bb3032d8c42de85f2e8da
Caveat:
I've only ever used these on cap files that captured handshakes from a single ESSID. Not certain how they'll work if you have dozens of different ESSIDs in there.
What I've done is run pyrit strip on the cap file first, run pyrit analyze on it, and then run it through wpaclean. Then I'll open up the final cap file in wireshark and make sure they all look good. But I think you can get away with just wpaclean.
Share Your Thoughts