Jump to content

How do I decrypt WPA-Handshakes using Pineapple and Wireshark


wvPasssat

Recommended Posts

Hi,

I´m new to this so I´m trying to learn.

I tried to decrypt a 4way handshake .hashcat22000 that I got from the pineapple using Hashcat on windows with a wordlist called rockyou, I think.? It didnt work.

Now I´m trying to use Wireshark to decrypt the handshake in .pcap. I´ve been looking around on  internet but all I find is how to decrypt internet traffic.


I would like to understand how I can decrypt and see my password in the caputured handshake, anyone?

Pls. Feel free to correct me regarding terms and so on, as I said, im here to learn.  Thank you🙂

Link to comment
Share on other sites

You can't really decrypt a handshake since it's not reversible that way, but you can crack it. Semantics really...

Using Wireshark won't increase your chances. I would ditch that approach fully.

Best bet is probably to use Hashcat, but there's no 100% success rate. If the methods used aren't able to find the passphrase, it just simply won't.

Since I assume that you're doing this against a network that you have permission to "attack", then you also know the secret already. To get an understanding how things work when it comes to the use of Hashcat, then just create a wordlist that contains the secret/passphrase and run it with Hashcat and it will successfully do the  "cracking".

Link to comment
Share on other sites

On 12/31/2023 at 1:08 PM, dark_pyrro said:

You can't really decrypt a handshake since it's not reversible that way, but you can crack it. Semantics really...

Using Wireshark won't increase your chances. I would ditch that approach fully.

Best bet is probably to use Hashcat, but there's no 100% success rate. If the methods used aren't able to find the passphrase, it just simply won't.

Since I assume that you're doing this against a network that you have permission to "attack", then you also know the secret already. To get an understanding how things work when it comes to the use of Hashcat, then just create a wordlist that contains the secret/passphrase and run it with Hashcat and it will successfully do the  "cracking".

Thank you.

Okey Hashcat was a success cuz of adding the pw into the file. So you mean thats more or less the only approach for cracking the pw? I thought it was possible to decrypt the 4 way message or the one containing the pw.  


This means that you would need to finde the ssid on the router and change yours to the same, so the "victim" auto connects to you. From there you will have the MAC adress and then you could use that one to connect to the router? Or no, i suppose they will still be sending the 4way handshake. 
If you then have physical access to say an android phone, you should be able to locate the map in the software of the phone containing the pw or?

Regarding all testing, its of course done on devices with permission to attack but are mostly theoretically done.
 

Link to comment
Share on other sites

24 minutes ago, wvPasssat said:

So you mean thats more or less the only approach for cracking the pw? I thought it was possible to decrypt the 4 way message or the one containing the pw. 

Read the documentation of the tools available and you will get an understanding of what's possible or not.

25 minutes ago, wvPasssat said:

This means that you would need to finde the ssid on the router and change yours to the same, so the "victim" auto connects to you.

Well, just configuring an "evil twin" to use the same ESSID won't make any target device auto-connect to your fake AP if you don't already know the passphrase for that network.

27 minutes ago, wvPasssat said:

From there you will have the MAC adress and then you could use that one to connect to the router?

Not sure what you mean here. In what way does the MAC address affect it all?

Link to comment
Share on other sites

  • 1 month later...
On 1/3/2024 at 7:11 AM, wvPasssat said:

Thank you.

Okey Hashcat was a success cuz of adding the pw into the file. So you mean thats more or less the only approach for cracking the pw? I thought it was possible to decrypt the 4 way message or the one containing the pw.  


This means that you would need to finde the ssid on the router and change yours to the same, so the "victim" auto connects to you. From there you will have the MAC adress and then you could use that one to connect to the router? Or no, i suppose they will still be sending the 4way handshake. 
If you then have physical access to say an android phone, you should be able to locate the map in the software of the phone containing the pw or?

Regarding all testing, its of course done on devices with permission to attack but are mostly theoretically done.
 

You can't 'decrypt' handshakes because of what they are, challenge-response authentication. WPA/WPA2 uses shared secrets or 'nonces' composed of random data that are hashed using PBKDF2.

Evil Twin attacks are possible, but in order to get the password, you would need an Evil Portal module for WiFi and a brainless victim.

As for Android, the device would need to be running like Android 6 or earlier or possibly be rooted to have the appropriate storage permissions. 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...