wvPasssat Posted December 31, 2023 Share Posted December 31, 2023 Hi, I´m new to this so I´m trying to learn. I tried to decrypt a 4way handshake .hashcat22000 that I got from the pineapple using Hashcat on windows with a wordlist called rockyou, I think.? It didnt work. Now I´m trying to use Wireshark to decrypt the handshake in .pcap. I´ve been looking around on internet but all I find is how to decrypt internet traffic. I would like to understand how I can decrypt and see my password in the caputured handshake, anyone? Pls. Feel free to correct me regarding terms and so on, as I said, im here to learn. Thank you🙂 Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted December 31, 2023 Share Posted December 31, 2023 You can't really decrypt a handshake since it's not reversible that way, but you can crack it. Semantics really... Using Wireshark won't increase your chances. I would ditch that approach fully. Best bet is probably to use Hashcat, but there's no 100% success rate. If the methods used aren't able to find the passphrase, it just simply won't. Since I assume that you're doing this against a network that you have permission to "attack", then you also know the secret already. To get an understanding how things work when it comes to the use of Hashcat, then just create a wordlist that contains the secret/passphrase and run it with Hashcat and it will successfully do the "cracking". Quote Link to comment Share on other sites More sharing options...
wvPasssat Posted January 3 Author Share Posted January 3 On 12/31/2023 at 1:08 PM, dark_pyrro said: You can't really decrypt a handshake since it's not reversible that way, but you can crack it. Semantics really... Using Wireshark won't increase your chances. I would ditch that approach fully. Best bet is probably to use Hashcat, but there's no 100% success rate. If the methods used aren't able to find the passphrase, it just simply won't. Since I assume that you're doing this against a network that you have permission to "attack", then you also know the secret already. To get an understanding how things work when it comes to the use of Hashcat, then just create a wordlist that contains the secret/passphrase and run it with Hashcat and it will successfully do the "cracking". Thank you. Okey Hashcat was a success cuz of adding the pw into the file. So you mean thats more or less the only approach for cracking the pw? I thought it was possible to decrypt the 4 way message or the one containing the pw. This means that you would need to finde the ssid on the router and change yours to the same, so the "victim" auto connects to you. From there you will have the MAC adress and then you could use that one to connect to the router? Or no, i suppose they will still be sending the 4way handshake. If you then have physical access to say an android phone, you should be able to locate the map in the software of the phone containing the pw or? Regarding all testing, its of course done on devices with permission to attack but are mostly theoretically done. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted January 3 Share Posted January 3 24 minutes ago, wvPasssat said: So you mean thats more or less the only approach for cracking the pw? I thought it was possible to decrypt the 4 way message or the one containing the pw. Read the documentation of the tools available and you will get an understanding of what's possible or not. 25 minutes ago, wvPasssat said: This means that you would need to finde the ssid on the router and change yours to the same, so the "victim" auto connects to you. Well, just configuring an "evil twin" to use the same ESSID won't make any target device auto-connect to your fake AP if you don't already know the passphrase for that network. 27 minutes ago, wvPasssat said: From there you will have the MAC adress and then you could use that one to connect to the router? Not sure what you mean here. In what way does the MAC address affect it all? Quote Link to comment Share on other sites More sharing options...
DramaKing Posted February 12 Share Posted February 12 On 1/3/2024 at 7:11 AM, wvPasssat said: Thank you. Okey Hashcat was a success cuz of adding the pw into the file. So you mean thats more or less the only approach for cracking the pw? I thought it was possible to decrypt the 4 way message or the one containing the pw. This means that you would need to finde the ssid on the router and change yours to the same, so the "victim" auto connects to you. From there you will have the MAC adress and then you could use that one to connect to the router? Or no, i suppose they will still be sending the 4way handshake. If you then have physical access to say an android phone, you should be able to locate the map in the software of the phone containing the pw or? Regarding all testing, its of course done on devices with permission to attack but are mostly theoretically done. You can't 'decrypt' handshakes because of what they are, challenge-response authentication. WPA/WPA2 uses shared secrets or 'nonces' composed of random data that are hashed using PBKDF2. Evil Twin attacks are possible, but in order to get the password, you would need an Evil Portal module for WiFi and a brainless victim. As for Android, the device would need to be running like Android 6 or earlier or possibly be rooted to have the appropriate storage permissions. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.