Networks named π₯π₯π₯ β βββπ βΆ #49
Comments
|
βCould you please attach the capfile? |
|
I can't actually remember which file it was. Is there a way to figure out
which one it was?
β¦On Fri, May 24, 2019 at 3:19 AM ZerBea ***@***.***> wrote:
βCould you please attach the capfile?
aircrack-ng handshake detection is known as buggy:
aircrack-ng/aircrack-ng#1993
<aircrack-ng/aircrack-ng#1993>
β
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#49?email_source=notifications&email_token=ABDBXC63AZFMW5AMVUEBXHDPW66J3A5CNFSM4HK4NLC2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODWE2OAA#issuecomment-495560448>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABDBXC5MZ2L2S3LOXCIVZTLPW66J3ANCNFSM4HK4NLCQ>
.
|
|
You have a filename: tricky-02.cap. So you can search it by name. |
|
Grrrrr. Google won't let me send the whole thing uncompressed. I zipped
up all the files. Here you go.
β¦On Sun, May 26, 2019 at 1:09 PM ZerBea ***@***.***> wrote:
You have a filename: tricky-02.cap. So you can search it by name.
β
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#49?email_source=notifications&email_token=ABDBXCZGJJUCFVJCNXCSSI3PXLVBBA5CNFSM4HK4NLC2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODWIMRPI#issuecomment-496027837>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABDBXC3TFZISFWXIO64J47LPXLVBBANCNFSM4HK4NLCQ>
.
|
|
Hmmm, why google? That will not work. |
|
tricky-02.zip |
|
Ok, that worked. Thanks. Looks like the AP use emojis within ESSID. That is a new trend: hashcat (hashcat-utils), john (latest) and wpa-sec are able to handle emojis inside an ESSID. Unfortunately, your capfile doesn't contain a PMKID or a handshake. It also doesn't contain an oversized packet. There is nothing to analyze or to hunt for an issue inside. hcxpcaptool will give us more information about the file: |
|
That is so strange. When I did the capture it said it caught a handshake.
If there is no PMKID or handshake then either the capture softare
(aircrack-ng) is the issue or I am imagining things. I should post on the
aircrack-ng site to see if that is the issue.
β¦On Mon, May 27, 2019 at 2:26 AM ZerBea ***@***.***> wrote:
Ok, that worked. Thanks.
Looks like the AP use emojis within ESSID. That is a new trend:
***@***.***/emojify-your-wi-fi-c01f4ac0b0ab
Unfortunately some clients doesn't understand this:
https://www.reddit.com/r/Ubiquiti/comments/7hfusd/using_emoji_characters_in_ssid/
hashcat (hashcat-utils), john (latest) and wpa-sec are able to handle
emojis inside an ESSID.
Unfortunately, your capfile doesn't contain a PMKID or a handshake. It
also doesn't contain an oversized packet. There is nothing to analyze or to
hunt for an issue inside.
So, cap2hccapx is doing it's job as expected:
$ cap2hccapx.bin tricky-02.cap tricky-02.hccapx
Networks detected: 0
hcxpcaptool will give us more information about the file:
$ hcxpcaptool -V tricky-02.cap
reading from tricky-02.cap
summary:
file name....................: tricky-02.cap
file type....................: pcap 2.4
file hardware information....: unknown
file os information..........: unknown
file application information.: unknown
network type.................: DLT_IEEE802_11 (105)
endianness...................: little endian
read errors..................: flawless
packets inside...............: 24304
skipped packets..............: 0
packets with GPS data........: 0
packets with FCS.............: 0
beacons (with ESSID inside)..: 1
probe responses..............: 24303
β
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#49?email_source=notifications&email_token=ABDBXC5Y23PNXDIJTCRKD7TPXOSNBA5CNFSM4HK4NLC2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODWJJOTQ#issuecomment-496146254>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABDBXC4X6AWHVA36WPGIVOTPXOSNBANCNFSM4HK4NLCQ>
.
|
|
same result, running wpapcap2john: BTW: |
|
Just compiled aircrack-ng and it is working like expected, too: $ ./aircrack-ng tricky-02.cap -w testlist Is driver installed in the correct way? |
|
I was able to capture other handshakes so I would assume it is working. At
this point it seems like everything is pointing to the software working.
There is likely an "unknown unknown" variable which caused the initial
blip. The emoji in the SSID may just be Ad hoc ergo roster hoc.
β¦On May 28, 2019 10:55 AM, "ZerBea" ***@***.***> wrote:
Just compiled aircrack-ng and it is working like expected, too:
$ ./aircrack-ng tricky-02.cap -w bekannte
Reading packets, please wait...
Opening tricky-02.cap
Read 24304 packets.
BSSID ESSID Encryption
1 B8:27:EB:36:CE:53 π₯π₯π₯ β
βββπ
βΆ Unknown
Choosing first network as target.
Reading packets, please wait...
Opening tricky-02.cap
Read 24304 packets.
1 potential targets
Packets contained no EAPOL data; unable to process this AP.
Quitting aircrack-ng...
Is driver installed in the correct way?
https://rioasmara.com/2018/09/15/alfa-awus1900-kali-linux-experience/
β
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#49?email_source=notifications&email_token=ABDBXC7QTDIBNCVSA5EIA2LPXVWYXA5CNFSM4HK4NLC2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODWM5WZQ#issuecomment-496622438>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABDBXCYHLPITPRZXI66CC73PXVWYXANCNFSM4HK4NLCQ>
.
|
|
that is a raspberry pi zero w running P4wnP1 aloa |
π₯π₯π₯ β βββπ βΆ is the name of a network in my area. I was curious to see how the special characters affected these tools. I get this message
tricky-02.cap: Oversized packet detected Networks detected: 0when doing
cap2hccapx.exe tricky-02.cap tricky-02.hccapxon a cap file without a handshake.
I tried the 1.9 version on a file where I am certain there was a handshake and simply got this:
Networks detected: 0I know that airodump captured the handshake. Could this be an issue with the odd characters of the ssid or am I missing something?
The text was updated successfully, but these errors were encountered: