Forensics - Security Rocks
Medium
Description

Downloads
Solution
Go to 'Wireless -> WLAN Traffic' in WireShark to see the number of 'Auths' packets.


To filter out a specific SSID, use the following filter:
wlan.fc.type_subtype==0x08 || wlan.fc.type_subtype==0x05

Using the EAPOL filter, we can see that the entire 4-way handshake is captured.

We just need the Wi-fi passphrase to decrypt the traffic.
Use aircrack-ng
to do dictionary attack on the passphrase.

With the passphrase found, to decrypt the data in WireShark, add the wpa-pwd key as follows.

Use the following filter to get all the data packets.

Found the transfer of secret.txt.




Flag turns out to be base62 encoded: TUCTF{w1f1_15_d3f1n173ly_53cure3}
Last updated