How to Crack SSID Passwords in Wireshark

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

welcome back to the channel I'm so glad you're here because today I'm going to be showing you something in wik that I think is really really fun I'm going to be demonstrating for you how to take a wi shark capture and pull out a password that somebody input when they were authenticating to a local Wi-Fi it's actually not that hard but we're going to be using some techniques of brute forcing and we're actually going to go through a little bit of the wire shirt capture to identify some key pieces of information that will help us as we try to find this password also in this video I'm going to be showing you how to use a SS ID and a password to decrypt traffic so this is a this is a condensed um capture so it it really is just just the data that we want so in a normal situation we would actually have like thousands upon thousands of packets that have been captured and we would have to then filter to get down down to the point where we can actually see this particular data so we're we're assuming that we've rooted through and we've got to the point when we have actually acquired some important information you could actually do this with without that but you would then be assuming that there's a wireless authentication that has happened now I'm going to show you something really quick here that can actually validate that authentication did occur it's really really quite cool let's jump over over to our our panel up here and if we go over to wireless we have an option to go down to the WLAN traffic and over here we can see some really important information so we actually we can see the SSID of the wireless network we can also see a bunch of columns so if we zoom over to this column right here it's oths so some authentication actually occurred in this this capture which is great because some somebody put in a password to authenticate into this network now we can take this particular capture and brute force it to figure out what was that password what we need to do now is actually use our capture but we need to put it in an environment where we can use aircrack-ng I use aircrack-ng in my Cali environment so I'm going to open up my Cali here and we're going to go to a this capture that I've actually already put inside my Cal I'm going to navigate to where I saved my pcap that I moved over and we've got it right here wies shark. pcap let's take a quick look at the some of the aspects of aircrack-ng because I I'm going to be using a couple switches in this particular command I'm do man aircrack-ng and I want to actually filter on the B here so the dashb we're going to be doing select the target network based on the access point uh or the MAC address let's go and grab the MAC address that is associated with the SSI ID that we're trying to grab the password authentication from okay so we know that we have this here that's our our wireless network there I want to go specifically down into the details window and grab the MAC address from there aircraft dng word list user share wordlists rock.tx T and then the bsid we're going to use the the MAC address here paste for the clipboard that's the MAC address of the the the network that we want and it was wire shark pcap and now let's let's run it and see what comes back from it it's very very fast but you can see what we what we did here we did we did it we did a ton um it comes back that the key was F and the W the password in this particular case was wire shark okay so we actually brute forced this thing to figure out what password was actually input at this moment in time it's great okay so now let's go back to our our original wiar capture and I'm going to show you how to take this password and the SSID and decrypt the traffic that is inside of this capture because right now it's it's sort of hidden from us first thing we're going to do is we're going to rightclick on a packet that has my SSID you could probably do that anywhere but I like to do it on the one that I know has the SS ID right click on the on the packet and we're going to go down to our protocol preferences and slide on over to the wireless LAN and then we're going to do we're going to select decryption keys and it opens up for us a window here where I can actually input the the password and the SSID into this so that when I want to decrypt things wi shark will just do that work for me automatically and it's specifically relevant to this capture you could have a whole stack of them if you've got some regular data that you're going to be decrypting but in this case we only need one so we're going to hit the plus button and we're going to choose uh WPA password so in this case we have a format to to use and it's going to be the password colon the SS ID so wi shark was our password colon then I'm going to type in the SSID ik r i r i- 5G bingo bango we like it we're going to hit okay okay so nothing's really changed just yet okay so let's look at the main window again I haven't asked wire shark to decrypt anything let's go and ask it to do that now before I did this using the right clicking on on a packet let's go and actually do that through a different way let's head on over to edit and then go down to preferences that opens up for us the preferences window now we are decrypting some traffic so I want to go to the protocol that's relevant to this particular task and in this case it's iple e 80211 so I'm GNA quickly jump down there with tapping an i and we're going to select protocol that's relevant so that's right here 802.11 and now I've got the keys let's double check the keys are in there there they are great now we want to enable decryption select it and we're going to hit okay and before we do that I want you to take a look at what changes on the screen ah we are we still have 16 packets but we are seeing something different we've got a DHCP AC and we've got a membership query now this doesn't reveal much like from a security side of things okay however it does tell us something that was happening in this capture on this network that was previously hidden to us okay so we did decrypt this this traffic to reveal something of Interest now if you're doing this on your own home network this is going to reveal quite a quite different kind of traffic thank you so much for watching this video I really appreciate it if you're enjoying my content I've actually got exciting news I've got a merchandise shop and if you want go check out take a look at it if you want to support the channel That would be great and then I also have some other videos that are going to be on the screen here that I would encourage you to go and watch I think you might like them and again thanks for thanks for coming [Music]

Info

Channel: RedBlue Labs

Views: 724

Rating: undefined out of 5

Keywords:

Id: 0XxbdZGH-78

Channel Id: undefined

Length: 9min 5sec (545 seconds)

Published: Fri Feb 16 2024