PICOCTF- WPA-ing Out

Unleashing the Power of Aircrack-ng: The Art of Wi-Fi Key Recovery

Greetings, readers! Hammaz here.🙋 Exciting news: I've just embarked on a fresh challenge courtesy of Pico CTF, aptly named "WPA-ing Out" Our weapon of choice for this digital adventure is none other than Aircrack-ng—a powerful tool designed for cracking passwords. This ingenious software employs captured data packets in a quest to unveil the elusive pre-shared key (PSK) safeguarding Wi-Fi networks. Its capabilities extend to cracking both WEP and WPA/WPA2-PSK keys, making it a versatile ally in the realm of cybersecurity challenges. Below is a snapshot of the actual challenge from Pico CTF website. 

Write-up

1. To start, armed with a pcap file, we've got all the necessary details for our password-cracking mission. The BSSID (Basic Service Set Identifier). The SSID (Service Set Identifier), vital for Aircrack-ng, is conveniently laid out in clear text within the pcap file. Let the decryption journey begin!
   
   
   
   
   
2. A helpful hint in the question points us to the indispensable "rockyou.txt" credential dump file, a gem we can readily locate on GitHub. Navigate through this link for seamless access: https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt. This treasure trove of passwords will undoubtedly play a crucial role in our quest.
3. Begin the process by executing the command `aircrack-ng wpa-ing_out.pcap` on Linux. The ensuing results will unveil valuable details such as the BSSID, SSID, and the encryption type, which, in this case, is WPA. This preliminary step sets the stage for our subsequent actions in the pursuit of cracking the password.
   
   
   
   
   
   
   
4. Now comes the main command, which is 'Aircrack-ng -w /home/kali/Downloads/rockyou.txt -b 00:5F:67:4F:6A:1A -e Gone_Surfing /home/kali/Downloads/wpa-ing_out.pcap. Lets break down this command furthur. 

• aircrack-ng: This is the command itself, invoking the Aircrack-ng tool.
• -w /home/kali/Downloads/rockyou.txt: The -w option specifies the wordlist to be used for the dictionary attack. In this case, the wordlist is located at "/home/kali/Downloads/rockyou.txt".
• -b 00:5F:67:4F:6A:1A: The -b option is followed by the BSSID (Basic Service Set Identifier) of the target Wi-Fi network. In this example, it's "00:5F:67:4F:6A:1A".
• -e Gone_Surfing: The -e option specifies the ESSID (Extended Service Set Identifier) or the name of the target Wi-Fi network. In this example, it's "Gone_Surfing".
• /home/kali/Downloads/wpa-ing_out.pcap: The last part of the command is the path to the capture file (in PCAP format) that contains the data packets captured from the target Wi-Fi network. In this case, it's located at "/home/kali/Downloads/wpa-ing_out.pcap".
  
  

   5. The aircrack-ng uses the wordlist of rockyou.txt and gives us an output shown below.             We can see key was found to be "mickey mouse". After putting the flag                                     picoCTF{mickeymouse} we get our points. 

Conclusion

Navigating Pico CTF's "WPA-ing Out" challenge, we utilized Aircrack-ng's prowess for Wi-Fi key recovery. Armed with a pcap file, we strategically decrypted BSSID and SSID details, set the stage for a robust dictionary attack, and expanded our arsenal with the rockyou.txt file. Executing `aircrack-ng wpa-ing_out.pcap` unveiled vital network information. The main command, `aircrack-ng -w /home/kali/Downloads/rockyou.txt -b 00:5F:67:4F:6A:1A -e Gone_Surfing /home/kali/Downloads/wpa-ing_out.pcap`, orchestrated a meticulous attack, revealing the password "mickey mouse" as picoCTF{mickeymouse}. Success hinges on the artful fusion of knowledge and technique in this dynamic interplay. Here's to cracked Wi-Fi keys and the thrill of cyber adventures!