Prompt

We have created a packet capture from our test lab to see if you can handle the challenges of wireless password cracking.

PCAP1.pcap12873.4KB

Walk-Through

The aircrack-ng Linux tool can be used to solve this challenge.

Questions 1, 2, and 4 can be solved by simply running aircrack-ng on the packet capture. The summary lists the number of IVs that were found in the packet capture along with the WEP key. The key size can be determined by counting the number of bits in the key text (5 bytes * 8 bits per byte = 40 bits) and comparing that to the possible WEP key sizes (64 bit WEP contains a 40-bit key and a 24-bit initialization vector which forms the final 64-bit RC4-based key for WEP).

💡

Note: WEP keys are larger than the password input size.

You can run this command to crack the password.

aircrack-ng PCAP1.pcap

Question 3 can be solved by viewing the packet capture in Wireshark and using the wlan.wep.iv filter.

Question 5 can be solved by using the previously acquired WEP key to decrypt traffic in Wireshark. This can be done by selecting “Edit → Preferences → Protocols → IEEE 802.11” and then checking “Enable decryption” and adding the decryption key.

You can access these settings from Wireshark by going to Edit → Preferences → Protocols

Saving the WEP password will allow Wireshark to decrypt the traffic

Once the WiFi traffic has been decrypted, you can access the TCP fields in the first packet

WiFi PCAP 1

Prompt

Walk-Through

Questions

How many IVs are in the packet capture?

What is the key size of the wireless network data encryption method in bits?

What is the IV for the first packet in the capture in hexadecimal representation?

What is the WEP key?

What is the TCP checksum of the first packet in the capture (in hex)?