Académique Documents
Professionnel Documents
Culture Documents
Sys sec
CVF 1083
1.
Went to terminal and typed wireshark and hit enter. Lua error showed up, clicked ok and wireshark
opens successfully.
2.
Went to file system> tmp folder
3.
4.
Went from captures folder to plain-01.cap file and selected it for wireshark.
5.
Selected the 2nd frame and navigated through the frame by going tagged parameters>Tag: vendor
specific WPA Information element.
6.
I scrolled up to the filter section and typed ‘dns’ in the filter and applied it.
7.
8.
Selected Packet number 1089 with the name of cookie-monster-cupcake.jpg and selected save as> then
saved it as a default name in the place /tmp/captures.
9.
I viewed the image by going to places>recent documents> the file cookie-monster-cupcake.jpg and
opened it viewing it.
10.
Image of the cookie monster.jpg and I closed it after viewing.
11.
Went back to wireshark, cleared the filter and typed a new filter labled ‘ftp-data and frame contains
PK’>right clicked frame number 21207 and selected Follow TCP Stream.
12.
Results of clicking on the TCP Stream option. I then clicked save as.
13.
I saved the file as a zip with a name file.zip in /tmp/captures.
14.
Went into terminal> typed unzip /tmp/camptures/file.zip to unzip the file I saved.
15.
1.
Opened wireshark by typing ‘wireshark’ in terminal>closed the lua error and popped up>went to
file>open> /tmp/captures and opened the WEP1.cap file in wireshark.
2.
Went into filters and typed ‘dns’ and applied the filter. Nothing showed up due to encryption.
3.
Typed the command ‘aircrack-ng /tmp/captures/WEP1/cap’ and hit enter>Used the number 5 as a
target Network due to it being a WEP 43210 IVs.
4.
A key popped up as AA:AA:AA:AA:AA and was 100% decrypted.
5.
7.
8.
Went to file > export objects> HTTP.
9.
10.
Navigate to Places>Recent documents> NFL jpg that was saved and open it.
11.
12.
Went back to wireshark and typed ‘ftp’ in the filter and applied> it shows possible confidential
information such as usernames and passwords.
13.
Typed in the filter ‘ftp-data and frame contains JFIF’ and applied it>right clicked frame 8347 and selected
‘Follow TCP Stream’.
14.
This pops up as a result and select save as.
15.
Saved the file in /tmp/captures with the name of ‘pic.jpg’.
16.
Went to places>recent documents and opened the image as a result and closed it afterwards.
1.
Opened wireshark>file>open> navigate to /tmp/captures and opened WPA-01/cap.
2.
Typed ftp in the filters and applied, the data was encrypted, so no results showed up.
3.
Typed the command ‘aircrack-ng /tmp/captures/WPA-01 -w /tmp/wordlists/passlist’ hit enter, options
showed up and typed 3 as an index number for target network because of the WPA had a result of the 3
way handshake.
4.
5.
Used the command airdecap-ng /tmp/captures/WPA-01.cap -e TOWSON333 -p breezeless’ and results
were shown above.
6.
Went to wireshark>file>open /tmp/captures/WPA-01-dec.cap and opened it. Applied the filter ‘dns’
afterwards.
7.
Navigated to file> export objects> selected HTTP>selected save as on file number 10349.
8.
Navigated to location ‘root’ and saved it as a default name and as a .jpg file ext.
9.
10.
Go to file>open> /tmp/captures then open WPA-01-dec.cap>filter the results using ‘fpt-data and frame
contains PK’ and click apply.
11.
Right click packet 421 and select ‘follow TCP stream’
12.
Tcp stream opens, select save as.
13.
14.
Go to terminal and type ‘pwd’ (means print working directory, shows current location).
15.
16.
Results of command ‘unzip /tmp/captures/elmo.zip’ and previous commands as well.