Post on 06-Jun-2015
description
transcript
By
Swaroop YermalkaR
Changing the
world
through Wireless
Communication!
Dj Akhil Talreja
BT5 r3 laptop with wifi card
Dlink router Galaxy
pop
Simple WPA/2 Cracking Technique Brute-Force attack Understanding WPS [ Wi-Fi Protected Setup ] Exploring Reaver
1. Start Sniffing 2. Capture WPA Handshake 3. Apply Dictionary 4. Crack the password!
Supplicant Authenticator
Probe req,resp
Authentication RR, Association RR
Pre-shared key 256bit Pre-shared key 256bit
PTK PTK Message 2
Snounce + MIC
Message 4
Key install Acknowledgement
Snounce
Source: securitytube.net
Step 1
Step 2
Step 3
Step 4
1. Monitor air for a new client trying to associate with the access point (passive)
2. De-authentication one or all clients and monitor reconnection (active)
De-authentication Packet
Legitimate client AP
Wi-Fi Protected Setup (WPS; originally Wi-Fi Simple Config) is a computing standard that attempts to allow easy establishment of a secure wireless home network. Created by the Wi-Fi Alliance and introduced in 2007, the goal of the protocol is to allow home users who know little of wireless security and may be intimidated by the available security options to set up Wi-Fi Protected Access, as well as making it easy to add new devices to an existing network without entering long passphrases.
Source: wikipedia
Reaver is fantastic tool to crack this WPS pin written by Craig Heffner. It performs a brute force attack against the AP, attempting every possible combination in order to guess the AP's 8 digit pin number. Since the pin numbers are all numeric, there are 10^8 (100,000,000) possible values for any given pin number.
Source: Tactical Network Solutions articles
n0nEc@nhaCkthi$pa$sw0rd!!!
…use pin as master key!
Ex: R0ck$t@R
Keep non-dictionary, combination of symbols, digits and numbers.
1. Tactical Network Solutions 2. WiFi Security Megaprimer by Vivek Ramchandran
Feedback, questions and suggestions:
swaroop.wireless@gmail.com
Swaroop D. YermalkaR