CSC2023 - [Forensics] - Bad Signals

Challenge Description

Team RootXRAN got this capture file from person who likes rock music. They don't know what to do with this file. Can you help them in finding secret.

Solution

Protocol Hierarchy shows that most of the packets are related to 802.11 wireless

Also there is a handshake in the capture file

Extract bssid from one packet

aircrack-ng -w rockyou.txt -b 54:B1:21:26:9D:38 forensics.cap

Password is banana123

Decrypting Traffic

We would use airdecap-ng to decrypt the traffic

Check packets for essid CYBERSLEUTH - 1337

airdecap-ng -e "CYBERSLEUTH - 1337" forensics.cap -p banana123 -o decryptedtraffic.cap

Open decryptedtraffic.cap in wireshark

Flag

CSC{Int3r3tin6_s7uFF_u5ing_WiFi_Cr4ck1ng_T00ls}

Writeups 2023 © RootxRAN.