Wep Trace WalkThrough

The following CTF can be found at: Contextis WEP Trace I did not create this CTF.

You have sniffed out a wireless network stream. Can you determine the encryption key used and identify any sensitive data?

wep_trace.zip
File Size:	3727 kb
File Type:	zip

Download File

---

Before starting this challenge I advise spinning up a Kali Virtual Machine as it will make this process much more fluid. After you download the file and unzip it, the following should display.

The first thing I notice is that it is a *.pcapng file extension, which I have never worked with. So I begin to do a bit of research and discover that it stands for pcap Next Generation. Now normally I wouldn't care too much, but after I tried to attack the file I received this error:

After doing some more research I discover a tool called editcap that whenever using the libpcap library allows you to convert *.pcapng file types back to *.pcap. After I converted the file, aircrack-ng was happy to begin the PTW attack and below is the deciphered key: [DE:AD:BE:EF:01]

Next, I began to decrypt the WEP packets with airdecap-ng.

I then opened up the file, set the expression to follow the TCP stream and low and behold the username and password were displayed!