Infosec and security research projects. It behooves every engineer to be a security professional and better understand systems we rely on.
Below is some simple mobile wifi recon utilizing pwnagotchi. Beyond the basic WPA handshake capture, the software will identify other pwnogotchi's and record them as peers/friends. Mine came back with 16 new friends from Defcon 29. Beyond that, this shows us how important it is to utilize high-entropy passwords, e.g. not something shows up in rockyou.
As with many security projects, it is important you understand local laws/regulations, and obtain permission from network owners if required.
- Build a pwnogotchi (or better yet, four) on a Raspberry Pi Zero W platform.
- Collect handshakes. Go mobile, but putting one in your car or your backpack, after checking with your local laws and regulations.
- Utilize
cap2hccapxto convert and append your collected.pcapfiles from pwnogotch to the.hccapxHashcat format. This will remove partial captures. In this projectprocessHandshakes.shprocesses them.
- Boot up and AWS GPU/accelerated-computing optimized EC2 instance (
porg). - Prep the instance with Nvidia drivers/configs, copy up your
.hccapxfile, then run hashcat to get get your cracked hashes list. e.g.hashcat --force -D 2,1 -m 2500 ./hccapx/final.hccapx ./dict/rockyou.txt -o cracked.txt -r ./dict/my-rules.rul - Don't forget to stop your AWS EC2 instance (accelerated computing instance range from $.90/hr to $32/hr)
- Grab another Raspberry Pi Zero W, scp up
recon.shand your cracked hashes file from the step above, throw it on a 60/5 crontab, and go in to mobile mode. The device will join any of the cracked hash networks, scan, and log network info.