The Return of the Yeti

破解WIFI密码

tcpdump -r VanSpy.pcapng -w VanSpy_converted.pcap

╰─ aircrack-ng VanSpy.pcapng -w ~/CTF/tools/rockyou.txt
Reading packets, please wait...
Opening VanSpy.pcapng
Unsupported file format (not a pcap or IVs file).
Read 0 packets.

No networks found, exiting.


Quitting aircrack-ng...

先转换成pcap

上面的命令不行,用wireshark

                     Aircrack-ng 1.7

[00:00:02] 34656/10303727 keys tested (19250.10 k/s)

Time left: 8 minutes, 53 seconds                           0.34%

                     KEY FOUND! [ Christmas ]


Master Key     : A8 3F 1D 1D 1D 1F 2D 06 8E D4 47 CE E9 FD 3A AA
                 B2 86 42 89 FA F8 49 93 D7 C1 A0 29 97 3D 44 9F

Transient Key  : AA 24 81 FA 38 12 C3 42 F1 B3 12 0C E1 16 71 4F
                 D1 90 1C 7B 0F AF CE 67 29 02 53 EB 4B 28 3A E7
                 AC B6 2F 4A 32 28 5E BF 83 52 AF 00 00 00 00 00
                 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

EAPOL HMAC     : C1 0A 70 D9 65 94 5B 57 F2 98 8A E0 FC FD 2B 22

Christmas
名称是SSID,也就是FreeWifiBFC

破解完了密码就解密

airdecap-ng Vanspy.pcap -e FreeWifiBFC -p Christmas
得到Vanspy-dec.pcap

逆天

pfx文件

用pfx来解密tls
cat key.pfx | base64 -d > cert.pfx

默认的密码是mimikatz

openssl pkcs12 -in cert.pfx -nocerts -out server_key.pem -nodes
openssl rsa -in server_key.pem -out server.key

导入wireshark

很莫名其妙

拿不到数据,没用windows,败笔了

选这个导出
pyrdp-convert -f replay ext.pcap

np

pyrdp-player 20231125145052_10.0.0.2:55510-10.1.1.1:3389.pyrdp

太强了