aircrack question

[levisiccard]

Hello guys,

This question is about capturing the handshake.cap file on the pineapple to have it decrypted on a later time on my Kali machine

In my kali machine this would look like:

# airodump-ng --bssid xx:xx:xx:xx:xx:xx -c [channel] -w handshake.cap

after capturing the handshake wich will be in the .cap file I could run

# aircrack-ng handshake.cap -o wordlist

I think this needs no further explanation...

1st question: where will the capfile be saved on the pineapple, so I can run it on a later time on my kali machine using aircrack?

2nd question: If I find a device probing for a WPA2 AP and I run

#airbase-ng --essid [the WPA2 AP] -c [channel] -W 1 -Z 2 mon0 (wich would be a twin for the real acces point)

will I still be able to catch the capfile when the device tries to connect to the WPA2 rogue acces point and run it thru aircrack at a later time

-> #aircrack-ng handshake.cap -o wordlist

This could be done when the actual AP is not around but only a device that is probing for it.

Hoping this discribes my question. So far I have no experience writing infusions but if it's possible I think it would be nice to have an infusion that

- enables to easily make twins of WEP/WPA/WPA2 AP's and

-capture the PSK for WEP, produce enough packets to crack WEP and crack with aircrack. I think the pineapple would be able to do so

# aireplay-ng -3 -b xx:xx:xx:xx:xx:xx -h xx:xx:xx:xx:xx:xx mon0

-capture the handshake file for WPA/WPA2 to have it cracked at a later time using aircrack.

I guess this would be better to do on a linux machine with a better processor then the pineapple

Something to think about i guess,

regards!

Edited November 6, 2013 by LeeVai

[1337]

Answer to your first question: Whatever currently directory you are in when you run that airodump-ng command will be the directory where that capture file will be saved at. If you are unsure of where this file wil be located, type the pwd command to show the current working directory.

Answer to your second question: Some wifi cards will listen to probe requests at the same time its doing something else. Keep in mind, the wireless card is still in managed mode (hense you are just using a relay interface to turn it into monitor mode and then master mode aka access point). I don't see why the card wouldn't capture a handshake as long as you are zero in on the channel. As long as you have the .cap file, you can copy that to any machine and crack it.

You dont want to decrypt the .cap file at the same time you running everything else. The pineapple is powerful for its size, but doesn't necessary have 4GB of ram and a 2Ghz processor either. Lol