Introduction
Welcome to this lab on managing handshake files within the Fluxion directory. Fluxion is a popular tool used for Wi-Fi security auditing. When it successfully captures a WPA/WPA2 handshake, it saves the data into a .cap file. These files are crucial as they contain the information needed to attempt a password crack.
Properly managing these files is an essential skill. You need to know where to find them, how to identify them, and how to perform basic file operations like renaming for clarity, deleting old captures, and creating backups before attempting any modifications.
In this lab, you will learn how to use fundamental Linux commands such as cd, ls, mv, rm, and cp to manage handshake files in a simulated Fluxion environment.
Navigate to the 'handshakes' Subdirectory in the Fluxion Folder
In this step, you will navigate to the directory where Fluxion typically stores captured handshake files. By default, these are located within a subdirectory structure inside the main fluxion folder. Your starting point is the ~/project directory.
First, you need to change your current directory to the handshakes folder. The path is fluxion/attacks/Handshake Snooper/handshakes. Since the directory name Handshake Snooper contains a space, you must "escape" it with a backslash (\) when typing it in the terminal.
Use the cd (change directory) command to enter the directory:
cd fluxion/attacks/Handshake\ Snooper/handshakes
To confirm that you are in the correct location, use the pwd (print working directory) command.
pwd
You should see the following output, confirming your current path:
/home/labex/project/fluxion/attacks/Handshake Snooper/handshakes
List the Contents to See Saved .cap and .db Files
In this step, you will list the files within the handshakes directory to see what has been captured. This is a common first action after navigating to a directory.
We will use the ls -l command. The ls command lists directory contents, and the -l flag formats the output as a long list, providing more details like permissions, owner, size, and modification date.
In the handshakes directory, you will typically find two types of files for each capture:
.cap: This is the packet capture file itself, containing the raw handshake data..db: This is a database file used by Fluxion to store metadata about the access point and the capture session.
Now, run the command to list the files:
ls -l
The output will show the dummy files created for this lab, simulating a real Fluxion environment:
total 8
-rw-r--r-- 1 labex labex 25 Mar 11 10:00 MyHomeWiFi_00-11-22-33-44-55.cap
-rw-r--r-- 1 labex labex 0 Mar 11 10:00 MyHomeWiFi_00-11-22-33-44-55.db
-rw-r--r-- 1 labex labex 30 Mar 11 10:00 OldCafeWiFi_AA-BB-CC-DD-EE-FF.cap
-rw-r--r-- 1 labex labex 0 Mar 11 10:00 OldCafeWiFi_AA-BB-CC-DD-EE-FF.db
Use the 'mv' Command to Rename a Handshake File
In this step, you will learn how to rename a file. The default filenames generated by Fluxion, which include the network name (SSID) and MAC address, are informative but can be long. Renaming them to something simpler can make them easier to manage.
The mv (move) command in Linux is used for both moving files and renaming them. If you use mv with a source file and a destination name within the same directory, it effectively renames the file.
Let's rename MyHomeWiFi_00-11-22-33-44-55.cap to a more user-friendly name, captured_home.cap.
Execute the following command:
mv MyHomeWiFi_00-11-22-33-44-55.cap captured_home.cap
To verify that the file has been renamed, list the contents of the directory again using ls -l.
ls -l
You will see that the original filename is gone and the new filename is present:
total 8
-rw-r--r-- 1 labex labex 25 Mar 11 10:00 captured_home.cap
-rw-r--r-- 1 labex labex 0 Mar 11 10:00 MyHomeWiFi_00-11-22-33-44-55.db
-rw-r--r-- 1 labex labex 30 Mar 11 10:00 OldCafeWiFi_AA-BB-CC-DD-EE-FF.cap
-rw-r--r-- 1 labex labex 0 Mar 11 10:00 OldCafeWiFi_AA-BB-CC-DD-EE-FF.db
Use the 'rm' Command to Delete an Old Handshake File
In this step, you will learn how to delete files that are no longer needed. Over time, your handshakes directory might fill up with old or unsuccessful captures. Removing them helps keep your workspace organized.
The command for deleting files is rm (remove). Be very careful with this command, as it permanently deletes files without moving them to a trash bin. There is no easy way to undo this action.
Let's say the OldCafeWiFi_AA-BB-CC-DD-EE-FF.cap file is from an old session and is no longer needed. Use the rm command to delete it.
rm OldCafeWiFi_AA-BB-CC-DD-EE-FF.cap
Now, run ls -l one more time to confirm that the file has been successfully deleted.
ls -l
The output should no longer list the OldCafeWiFi_AA-BB-CC-DD-EE-FF.cap file.
total 4
-rw-r--r-- 1 labex labex 25 Mar 11 10:00 captured_home.cap
-rw-r--r-- 1 labex labex 0 Mar 11 10:00 MyHomeWiFi_00-11-22-33-44-55.db
-rw-r--r-- 1 labex labex 0 Mar 11 10:00 OldCafeWiFi_AA-BB-CC-DD-EE-FF.db
Create a Backup of an Important Handshake File
In this step, you will create a backup of an important file. Before you use a tool to crack a handshake file, it's a good practice to create a copy. This ensures that if the tool corrupts the file or if you make a mistake, you still have the original data intact.
The cp (copy) command is used for this purpose. It creates an exact duplicate of a file with a new name.
Let's create a backup of our important captured_home.cap file. We will name the backup captured_home.cap.bak. The .bak extension is a common convention for backup files.
Execute the cp command as follows:
cp captured_home.cap captured_home.cap.bak
This command reads captured_home.cap and creates a new file, captured_home.cap.bak, with the same content.
To see the result, list the files in the directory.
ls -l
You will now see both the original file and its backup in the directory listing.
total 8
-rw-r--r-- 1 labex labex 25 Mar 11 10:00 captured_home.cap
-rw-r--r-- 1 labex labex 25 Mar 11 10:00 captured_home.cap.bak
-rw-r--r-- 1 labex labex 0 Mar 11 10:00 MyHomeWiFi_00-11-22-33-44-55.db
-rw-r--r-- 1 labex labex 0 Mar 11 10:00 OldCafeWiFi_AA-BB-CC-DD-EE-FF.db
Summary
In this lab, you have successfully learned the essential skills for managing handshake files within the Fluxion directory structure. You practiced using fundamental Linux commands to perform common file operations.
You covered the following key commands:
cd: To navigate into the correct directory.ls -l: To list and inspect the files in the directory.mv: To rename files for better organization.rm: To delete old or unnecessary files.cp: To create backups of important data before processing.
These basic file management skills are not only crucial for working with tools like Fluxion but are also fundamental for any task you perform on a Linux system.