Hi all,
let me for start by saying, yes i am a noob to Kali and all its' wonderful and mystical tool.. and perhaps i have watched too many episodes of Mr. Robot. that said, i have been playing with airbease-ng, airmon-ng, and airodump-ng and having a wonderful time.
Recently i conducted an experiment where i created a fake ESSID called "freeboobs" like so:
Code:
airbase-ng -a AA:AA:AA:AA:AA:AA -e "freeboobs" -c 6 -W 1 -Z 4 wlan1mon
in a second terminal window i started an dump like so:
Code:
airodump-ng -c 6 --output-format pcap -w /root/fakeboobs wlan1mon
I then went over to my phone, and looked for the "freeboobs" network.. there it was! and who doesn't want to connect with 'freeboobs'... so i connected using the password "iloveyou" as i knew it existed in my wordlist 'rockyou.txt'
soon enough i got the two terminal windows to output the following:
Code:
root@kali:~# airbase-ng -a AA:AA:AA:AA:AA:AA -e "freeboobs" -c 6 -W 1 -Z 4 -V 3 wlan1mon
18:14:11 Created tap interface at0
18:14:11 Trying to set MTU on at0 to 1500
18:14:11 Access Point with BSSID AA:AA:AA:AA:AA:AA started.
18:14:17 Client 84:7A:88:5D:0D:DB associated (WPA2;CCMP) to ESSID: "freeboobs"
18:14:17 Client 84:7A:88:5D:0D:DB associated (WPA2;CCMP) to ESSID: "freeboobs"
18:14:17 Client 84:7A:88:5D:0D:DB associated (WPA2;CCMP) to ESSID: "freeboobs"
18:14:17 Client 84:7A:88:5D:0D:DB associated (WPA2;CCMP) to ESSID: "freeboobs"
18:14:17 Client 84:7A:88:5D:0D:DB associated (WPA2;CCMP) to ESSID: "freeboobs"
18:14:17 Client 84:7A:88:5D:0D:DB associated (WPA2;CCMP) to ESSID: "freeboobs"
18:14:17 Client 84:7A:88:5D:0D:DB associated (WPA2;CCMP) to ESSID: "freeboobs"
18:14:17 Client 84:7A:88:5D:0D:DB associated (WPA2;CCMP) to ESSID: "freeboobs"
18:14:17 Client 84:7A:88:5D:0D:DB associated (WPA2;CCMP) to ESSID: "freeboobs"
18:14:17 Client 84:7A:88:5D:0D:DB associated (WPA2;CCMP) to ESSID: "freeboobs"
18:14:17 Client 84:7A:88:5D:0D:DB associated (WPA2;CCMP) to ESSID: "freeboobs"
and...
Code:
CH 6 ][ Elapsed: 1 min ][ 2015-07-30 18:15 ][ WPA handshake: AA:AA:AA:AA:AA:AA
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
AA:AA:AA:AA:AA:AA 0 15 976 509 0 6 54 WPA2 CCMP PSK freeboobs
My question is two part..
1. The phone failed to connect.. it said "authenticating" and then never got authenticated.. i guess this is expected, but is it possible to fake the final part of the hand shake and allow the phone to be connected, so i can explore possible MitM attacks?
2. after i stopped the airodump, i ran cowpatty and got a succes ::
Code:
root@kali:~# cowpatty -r '/root/fakeboobs-02.cap' -c
cowpatty 4.6 - WPA-PSK dictionary attack. <[email protected]>
Collected all necessary data to mount crack against WPA2/PSK passphrase.
but i have been running aircrack:
Code:
aircrack-ng -w /root/rockyou.txt fakeboobs-02.cap
knowing that the password i entered, 'iloveyou' is early in the list, and it is still going for about 2 hours now.. is it possible that it won't crack the password even though it's in the list? if so why?
UPDATE:: it did not crack the password after three hours, so i ran the script again, insuring that i used "iloveyou" as the password and using a txt file that only has 'iloveyou' it did NOT crack the password
any ideas why?
thanks for helping me learn
elidd1