Introduction
In this lab, you will step into the final phase of a captive portal attack. We will assume that a tool like Fluxion has already been used to create a fake Wi-Fi network and a captive portal, and a user has submitted their credentials. Your task is to analyze the results of this simulated attack. You will learn how to locate the file containing the captured credentials, examine its contents, and verify the password. This process is crucial for confirming the success of a credential harvesting attack in a penetration testing scenario.
Wait for a User to Enter a Password on the Portal
In this step, we will simulate the waiting period of a captive portal attack. In a real-world scenario, after setting up the fake access point and captive portal, the attacker would monitor the Fluxion tool's terminal window. You would be waiting for a victim to connect to your fake Wi-Fi network, be redirected to the captive portal login page, and enter their network password.
This lab simulates that this event has already occurred. There are no commands to execute in this step. We are simply setting the stage for the analysis that follows. Proceed to the next step to see what a successful capture looks like.
Observe the Fluxion Window for a 'KEY FOUND' Message
In this step, we'll discuss the confirmation signal of a successful attack. When a user submits their password through the captive portal, Fluxion verifies it and, if successful, displays a clear message in its terminal window.
You would typically see a message similar to the following, indicating that the password (WPA key) has been captured:
[+] KEY FOUND! [ password123 ]
This message is your cue that the credentials have been successfully harvested and saved. Fluxion automatically stores the captured network name (ESSID) and the password in a text file for later review. In the next step, you will learn how to find this file.
Locate the 'fluxion_capture.txt' File
In this step, you will locate the file where Fluxion stores the captured credentials. Fluxion organizes its attack data in a structured directory. For a captive portal attack, the data is saved in a file named fluxion_capture.txt inside the fluxion/attacks/Captive Portal/ directory.
To find this file within our simulated environment in the ~/project directory, you can use the find command. This command searches for files and directories that match a given name.
Execute the following command in your terminal:
find ~/project -name fluxion_capture.txt
The command will search inside the ~/project directory for a file named fluxion_capture.txt and print its full path.
Expected Output:
/home/labex/project/fluxion/attacks/Captive Portal/fluxion_capture.txt
Now that you have located the file, you are ready to inspect its contents.
Open the File to View the Captured ESSID and Password
In this step, you will open the capture file to view the credentials. Now that you know the exact location of fluxion_capture.txt from the previous step, you can use a command like cat to display its contents directly in the terminal.
Use the cat command followed by the full path to the file:
cat /home/labex/project/fluxion/attacks/"Captive\ Portal"/fluxion_capture.txt
Note: The space in the "Captive Portal" directory name requires you to either enclose the path in quotes or use a backslash
\to escape the space, as shown above.
Expected Output:
ESSID: LabEx-WiFi
KEY: password123
As you can see, the file clearly lists the ESSID (the name of the Wi-Fi network) and the captured KEY (the password).
Verify the Captured Password against the Known Correct Password
In this final step, you will perform the last piece of analysis: verification. In a real penetration test, capturing a password is not the end. You must verify that it is the correct password.
For the purpose of this lab, let's assume we know that the correct password for the LabEx-WiFi network is indeed password123.
By comparing the output from the fluxion_capture.txt file in the previous step with this known information, you can confirm the following:
- Captured ESSID:
LabEx-WiFi(Matches the target network) - Captured KEY:
password123(Matches the known correct password)
This comparison confirms that the captive portal attack was successful and that you have obtained valid credentials for the target network. This concludes the analysis of the captured data. There are no commands to execute in this step.
Summary
In this lab, you learned the process of analyzing credentials captured from a simulated captive portal attack. You walked through the final stages of a Wi-Fi penetration test, starting from the point after a user has submitted their password.
You learned how to locate the specific capture file generated by Fluxion, view its contents to identify the network's ESSID and the captured password, and conceptually verify the password's validity. This analytical process is a critical skill for confirming the success of a credential harvesting attack and reporting the findings.