Capture Challenges

Packet Capture Challenge - Attacking a Secure Wifi Connection

2 min read

This challenge is complete! Try it yourself or scroll to the solution below.

It’s been awhile since we’ve had a good old fashioned packet capture challenge here at CloudShark. In preparation for our upcoming webinar on packet capture and analysis in wireless networks, we thought we’d throw out a challenge involving a would-be malicious attacker trying to gain access to a secured wifi network.

The Challenge

Take a look at this capture.

The challenge is to answer the following questions:

  1. At what packet does the attack begin?
  2. What is the attacker looking for? In which range of packets do they find it?

The Solution

To produce this attack, we used a combination of airmon-ng, airodump-ng, and aireplay-ng to monitor a wireless link between a station and access point, then pretend that the station is attempting to de-authenticate from the access point using de-authenticate frames.

You can see this begin at frame number 20.

For those of you that guessed any of the early packets containing de-authentication, we marked that as correct (somewhere in the range of 20-30).

The station then attempts to re-authenticate with the access point by performing a four-way handshake. If we successfully sniff this handshake, we can grab the encrypted password and use a dictionary attack to discover the authentication password.

You can see this handshake occur in frames 100 through 109.

Thanks to all who participated; enjoy your p-caps!

News, packet analysis, and other goodies delivered to your inbox: