SlideShare uma empresa Scribd logo

Cracking Wep And Wpa Wireless Networks

G
guestf2e41
Tecnologia
1 de 10
Baixar para ler offline
BUNDLED BY: How to Hack Wireless Internet Connections http://www.aeonity.com/david/how-hack-wireless-internet-connections Cracking WEP and WPA Wireless Networks From Docupedia What else are you gonna do next Friday night? Play Counter Strike? Written By: Bryan Rite Shout out to: Jeff :: (www.lucidinteractive.ca) for using OSX's Airport to try and generate traffic on our first crack Also would like to thank Alkaloid Networks for support To all the noobies: Don't call us and asking about how to crack networks. Like this guy actually did Date: 11/23/2005
Contents [hide] • 1 Overview • 2 Pre-Installation o 2.1 Checklist • 3 WEP Crackin o 3.1 Theory o 3.2 Setting up your tools o 3.3 Finding the Network o 3.4 Capturing IVs o 3.5 Using IVs to Decrypt the Key o 3.6 Anticipated Problems • 4 WPA Crackin o 4.1 Differences o 4.2 WPA Flavours o 4.3 The Handshake o 4.4 Dictionary Brute Force • 5 Using Aireplay o 5.1 WEP Attacks  5.1.1 ARP Injection  5.1.2 Interactive Packet Replay  5.1.3 Fake Authentication Attack o 5.2 WPA Attacks  5.2.1 Deauthentication Attack • 6 Conclusion [edit] Overview This is a good one, let me tell you! There can be so many issues setting up your box to actually get the tools working and i'm not even touching on that, but if you can get everything to work, you'll be cracking wireless networks like a pro in no time. Disclaimer: I'm not a pro. [edit] Pre-Installation [edit] Checklist
• Tools I've been really, really successful with basically one tool set called AirCrack. o Download that. o Kismet is an excellent tool for sniffing out wireless networks as well and could prove useful. • An encrypted wireless network. o We'll be working on WEP encrypted networks as well as static passkey WPA or WPA-PSK Note: Make sure you can get your card into monitor mode (sometimes called raw monitor or rfmon). This is VERY important [edit] WEP Crackin [edit] Theory A little theory first. WEP is a really crappy and old encryption techinque to secure a wireless connection. A 3-byte vector, called an Initalization Vector or IV, is prepended onto packets and its based on a pre-shared key that all the authenticated clients know... think of it as the network key you need to authenticate. Well if its on (almost) every packet generated by the client or AP, then if we collect enough of them, like a few hundred thousand, we should be able to dramatically reduce the keyspace to check and brute force becomes a realistic proposition. A couple of things will cause us some problems. • If the key is not static, then you'll mix up all your IVs and it'll take forever to decrypt the key. • Theres no traffic, therefore no packets - we can fix this. • MAC Address Filtering - we can fix this too. [edit] Setting up your tools We're gonna need 3 or 4 shells open, we have 5 tools: • airodump - Grabbing IVs • aircrack - Cracking the IVs • airdecap - Decoding captured packets • airreplay - (My Favourite) Packet injector to attack APs.
• kismet - Network Sniffer, can grab IVs as well. For a standard WEP hack we'll usally only need airodump, aircrack, and kismet (server and client). If we run into some problems we might have to use airreplay to fiddle about. I'll leave you to config all these tools up, for the most part they should just be defaults with the exception of kismet. [edit] Finding the Network First step is we need to find a netork to crack. Start up kismet and start sniffing for APs. Leave it on for a bit so that it can discover all the important information about the networks around. What we want from kismet is: • Encryption type: Is it WEP 64-bit? 128-bit? • What channel is it on? Can greatly speed up IV collection. • AP's IP Address • BSSID • ESSID All this info isn't required but the more you have, the more options you have later to crack and sniff. We can get a lot of this from airodump as well but I find the channel is important. [edit] Capturing IVs Alright, we know what we wanna crack, so lets start capturing packets. You can use kismet to capture files but I prefer airodump because it keeps a running count of all the IVs I've captured and I can crack and airodump will automatically update aircrack with new IVs as it finds them. Note: kimset can interfere with airodump so make sure you close it down before starting airodump. Airodump is pretty straight forward with its command line looking something like this: ./airodump <interface> <output prefix> [channel] [IVs flag] • interface is your wireless interface to use - required. • output prefix is just the filname it'll prepend, - required. • channel is the specific channel we'll scan, leave blank or use 0 to channel hop. • IVs flag is either 0 or 1, depending on whether you want all packets logged, or just IVs.
My wireless card is ath0, output prefix i'll use quot;lucidquot;, the channel we sniffed from kismet is 6, and IVs flag is 1 because we just want IVs. So we run: ./airodump ath0 lucid 6 1 Airodump will come up with a graph showing us all the APs and their relevant info, as well as client stations connected to any of the APs. BSSID PWR Beacons # Data CH MB ENC ESSID 00:23:1F:55:04:BC 76 21995 213416 6 54. WEP hackme BSSID STATION PWR Packets Probes 00:23:1F:55:04:BC 00:12:5B:4C:23:27 112 8202 hackme 00:23:1F:55:04:BC 00:12:5B:DA:2F:6A 21 1721 hackme The second line shows us some info about the AP as well as the number of beacons and data packets we've collected from the AP. The two last lines show us two authenticated clients. Where they are connected to and the packets they are sending. We won't use this client info in a straight theory hack but in practice we'll need this info to actively attack the AP. This step may take a long time or could be very short. It depends how busy the AP is and how many IVs we are collecting. What we are doing is populating a file quot;lucid.ivsquot; with all the IV important packet info. Next, we'll feed this to aircrack. To move onto the next step, we'll want at least 100,000 packets (under # Data in airodump) but probably more. [edit] Using IVs to Decrypt the Key Ok, pretend you have enough IVs now to attempt a crack. Goto a new terminal (without stopping airodump - remember it'll autoupdate as new IVs are found) and we'll start aircrack. It looks something like this: ./aircrack [options] <input file> There are a lot of options so you can look them up yourself, i'll be using common ones here that should get you a crack. Our input file is quot;lucid.ivsquot;, the options we will use are: • -a 1 : forces a WEP attack mode (2 forces WPA) • either -b for the bssid or -e for the essid : whichever is easier to type but I like using a BSSID because its more unique. • -n 64 or -n 128 : WEP key length, omit if not known by now. So our command will look like: ./aircrack -a 1 -b 00:23:1F:55:04:BC -n 128 lucid.ivs
and off it goes, resembling the picture from the top. Keep an eye on the Unique IV count as it should increase if airodump is still running. For all intents and purposes you are done. That'll pop open most old wireless routers with some traffic on them. [edit] Anticipated Problems There are lots of problems that can come up that will make the above fail, or work very slowly. • No traffic o No traffic is being passed, therefore you can't capture any IVs. o What we need to do is inject some special packets to trick the AP into broadcasting. o Covered below in WEP Attacks • MAC Address filtering o AP is only responding to connected clients. Probably because MAC address filtering is on. o Using airodumps screen you can find the MAC address of authenticated users so just change your MAC to theirs and continue on. o Using the -m option you can specify aircrack to filter packets by MAC Address, ex. -m 00:12:5B:4C:23:27 • Can't Crack even with tons of IVs o Some of the statistical attacks can create false positives and lead you in the wrong direction. o Try using -k N (where N=1..17) or -y to vary your attack method. o Increase the fudge factor. By default it is at 2, by specifying -f N (where N>=2) will increase your chances of a crack, but take much longer. I find that doubling the previous fudge factor is a nice progression if you are having trouble. • Still Nothing o Find the AP by following the signal strength and ask the admin what the WEP key is. [edit] WPA Crackin [edit] Differences WPA is an encryption algorithm that takes care of a lot of the vunerablities inherent in WEP. WEP is, by design, flawed. No matter how good or crappy, long or short, your WEP key is, it can be cracked. WPA is different. A WPA key can be made good enough to make cracking it unfeasible. WPA is also a little more cracker friendly. By capturing the right type of packets, you
can do your cracking offline. This means you only have to be near the AP for a matter of seconds to get what you need. Advantages and disadvantages. [edit] WPA Flavours WPA basically comes in two flavours RADIUS or PSK. PSK is crackable, RADIUS is not so much. PSK uses a user defined password to initialize the TKIP, temporal key integrity protocol. There is a password and the user is involved, for the most part that means it is flawed. The TKIP is not really crackable as it is a per-packet key but upon the initialization of the TKIP, like during an authentication, we get the password (well the PMK anyways). A robust dictionary attack will take care of a lot of consumer passwords. Radius involves physical transferring of the key and encrypted channels blah blah blah, look it up to learn more about it but 90% of commerical APs do not support it, it is more of an enterprise solution then a consumer one. [edit] The Handshake The WPA handshake was designed to occur over insecure channels and in plaintext so the password is not actually sent across. There are some fancy dancy algorithms in the background that turn it into a primary master key, PMK, and the like but none of that really matters cause the PMK is enough to connect to the network. The only step we need to do is capture a full authenication handshake from a real client and the AP. This can prove tricky without some packet injection, but if you are lucky to capture a full handshake, then you can leave and do the rest of the cracking at home. We can force an authenication handshake by launching a Deauthentication Attack, but only if there is a real client already connected (you can tell in airodump). If there are no connected clients, you're outta luck. Like for WEP, we want to know the channel the WPA is sitting on, but the airodump command is slightly different. We don't want just IVs so we don't specify an IV flag. This will produce quot;lucid.capquot; instead of quot;lucid.ivsquot;. Assume WPA is on channel 6 and wireless interface is ath0. ./airodump ath0 lucid 6 [edit] Dictionary Brute Force
The most important part of brute forcing a WPA password is a good dictionary. Check out http://www.openwall.com/wordlists/ for a 'really' good one. It costs money, but its the biggest and best I've ever seen (40 Million words, no duplicates, one .txt file). There is also a free reduced version from the same site but i'm sure resourceful people can figure out where to get a good dictionary from. When you have a good dictionary the crack is a simple brute force attack: ./aircrack -a 2 -b 00:23:1F:55:04:BC -w /path/to/wordlist Either you'll get it or you won't... depends on the strength of the password and if a dictionary attack can crack it. [edit] Using Aireplay Aireplay is the fun part. You get to manipulate packets to trick the network into giving you what you want. [edit] WEP Attacks Attacks used to create more traffic on WEP networks to get more IVs. [edit] ARP Injection ARP Replay is a classic way of getting more IV traffic from the AP. It is the turtle. Slow but steady and almost always works. We need the BSSID of the AP and the BSSID of an associated client. If there are no clients connected, it is possible to create one with another WEP attack explained below: Fake Authentication Attack. With airodump listening, we attack: ./aireplay -3 -b <AP MAC Address> -h <Client MAC Address> ath0 Note: The -3 specifys the type of attack (3=ARP Replay). This will continue to run, and airodump, listening fron another terminal, will pick up any reply IVs. [edit]
Interactive Packet Replay Interactive Packet Reply is quite a bit more advanced and requires capturing packets and constructing your own. It can prove more effective then simple ARP requests but I won't get into packet construction here. A useful attack you might try is the re-send all data attack, basically you are asking the AP to re- send you everything. This only works if the AP re-encrypts the packets before sending them again (and therefore giving you a new IV). Some APs do, some don't. aireplay -2 -b <AP MAC> -h <Client MAC> -n 100 -p 0841 -c FF:FF:FF:FF:FF:FF ath0 [edit] Fake Authentication Attack This attack won't generate any more traffic but it does create an associative client MAC Address useful for the above two attacks. Its definately not as good as having a real, connected client, but you gots to do what you gots to do. This is done easiest with another machine because we need a new MAC address but if you can manually change your MAC then that'll work too. We'll call your new MAC address quot;Fake MACquot;. Now most APs need clients to reassociate every 30 seconds or so or they think they're disconnected. This is pretty arbitrary but I use it and it has worked but if your Fake MAC gets disconnected, reassociate quicker. We need both the essid and bssid and our Fake MAC. ./aireplay -1 30 -e '<ESSID>' -a <BSSID> -h <Fake MAC> ath0 If successful, you should see something like this: 23:47:29 Sending Authentication Request 23:47:29 Authentication successful 23:47:30 Sending Association Request 23:47:30 Association successful :-) Awesome! Now you can use the above two attacks even though there were no clients connected in the first place! If it fails, there may be MAC Address Filtering on so if you really want to use this, you'll have to sniff around until a client provides you with a registered MAC to fake. [edit] WPA Attacks So far, the only way to really crack WPA is to force a re-authentication of a valid client. We need a real, actively connected client to break WPA. You might have to wait a while.
[edit] Deauthentication Attack This is a simple and very effective attack. We just force the connected client to disconnect then we capture the re-connect and authentication, saves time so we don't have to wait for the client to do it themselves (a tad less quot;waiting outside in the carquot; creepiness as well). With airodump running in another console, your attack will look something like this: aireplay -0 5 -a <AP MAC> -c <Client MAC> ath0 After a few seconds the re-authentication should be complete and we can attempt to Dictionary Brute Force the PMK. [edit] Conclusion Well thats that. APs crack fairly often but sometimes there is just nothing you can do. Obviously you are not allowed to illegally crack other people's wireless connections, this is purely for penetration testing purposes and some fun. --- Bryan Rite 13:57, 24 Nov 2005 (PST) Be sure to check out Bryan's Free Travel Photo Blog site Footstops.com. Journals, Maps, Videos, Friends and more, plus all proceeds goto international charities.

Recomendados

232 md5-considered-harmful-slides
232 md5-considered-harmful-slides232 md5-considered-harmful-slides
232 md5-considered-harmful-slidesDan Kaminsky
 
Wi-Foo Ninjitsu Exploitation
Wi-Foo Ninjitsu ExploitationWi-Foo Ninjitsu Exploitation
Wi-Foo Ninjitsu ExploitationPrathan Phongthiproek
 
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)Igalia
 
Breaking ssl
Breaking sslBreaking ssl
Breaking sslVinayak Raghuvamshi
 
Black ops of tcp2005 japan
Black ops of tcp2005 japanBlack ops of tcp2005 japan
Black ops of tcp2005 japanDan Kaminsky
 
Derevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse gameDerevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse gameJaime Sánchez
 
From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13Jaime Sánchez
 
Phreebird Suite 1.0: Introducing the Domain Key Infrastructure
Phreebird Suite 1.0: Introducing the Domain Key InfrastructurePhreebird Suite 1.0: Introducing the Domain Key Infrastructure
Phreebird Suite 1.0: Introducing the Domain Key InfrastructureDan Kaminsky
 

Recomendados

232 md5-considered-harmful-slides
232 md5-considered-harmful-slides232 md5-considered-harmful-slides
232 md5-considered-harmful-slidesDan Kaminsky
 
Wi-Foo Ninjitsu Exploitation
Wi-Foo Ninjitsu ExploitationWi-Foo Ninjitsu Exploitation
Wi-Foo Ninjitsu ExploitationPrathan Phongthiproek
 
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)
DIY Internet: Snappy, Secure Networking with MinimaLT (JSConf EU 2013)Igalia
 
Breaking ssl
Breaking sslBreaking ssl
Breaking sslVinayak Raghuvamshi
 
Black ops of tcp2005 japan
Black ops of tcp2005 japanBlack ops of tcp2005 japan
Black ops of tcp2005 japanDan Kaminsky
 
Derevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse gameDerevolutionizing OS Fingerprinting: The cat and mouse game
Derevolutionizing OS Fingerprinting: The cat and mouse gameJaime Sánchez
 
From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13From Kernel Space to User Heaven #NDH2k13
From Kernel Space to User Heaven #NDH2k13Jaime Sánchez
 
Phreebird Suite 1.0: Introducing the Domain Key Infrastructure
Phreebird Suite 1.0: Introducing the Domain Key InfrastructurePhreebird Suite 1.0: Introducing the Domain Key Infrastructure
Phreebird Suite 1.0: Introducing the Domain Key InfrastructureDan Kaminsky
 
Bastion jump hosts with Teleport
Bastion jump hosts with TeleportBastion jump hosts with Teleport
Bastion jump hosts with TeleportFaelix Ltd
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 
Multi tier-app-network-topology-neutron-final
Multi tier-app-network-topology-neutron-finalMulti tier-app-network-topology-neutron-final
Multi tier-app-network-topology-neutron-finalSadique Puthen
 
Backtrack Manual Part10
Backtrack Manual Part10Backtrack Manual Part10
Backtrack Manual Part10Nutan Kumar Panda
 
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu ExploitationAhmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu Exploitationbarcamp.my
 
Net mcr 2021 05 handout
Net mcr 2021 05 handoutNet mcr 2021 05 handout
Net mcr 2021 05 handoutFaelix Ltd
 
Evolving HTTP and making things QUIC
Evolving HTTP and making things QUICEvolving HTTP and making things QUIC
Evolving HTTP and making things QUICNatasha Rooney
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Pavel Odintsov
 
Mitm(man in the middle) ssl proxy attacks
Mitm(man in the middle) ssl proxy attacksMitm(man in the middle) ssl proxy attacks
Mitm(man in the middle) ssl proxy attacksJaeYeoul Ahn
 
Exploiting WiFi Security
Exploiting WiFi Security Exploiting WiFi Security
Exploiting WiFi Security Hariraj Rathod
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksSecurity Session
 
08 tcp-dns
08 tcp-dns08 tcp-dns
08 tcp-dnspantu_1961
 
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-SecurityFeb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-SecurityCasey Dunham
 
Be Mean to Your Code
Be Mean to Your CodeBe Mean to Your Code
Be Mean to Your CodeJames Wickett
 
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...Felipe Prado
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
Bh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsBh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsDan Kaminsky
 
Hiding in plain sight
Hiding in plain sightHiding in plain sight
Hiding in plain sightRob Gillen
 
Wifi cracking
Wifi crackingWifi cracking
Wifi crackingAbhashKumarJha
 
Dhcp security #netseckh
Dhcp security #netseckhDhcp security #netseckh
Dhcp security #netseckhHEM Sothon
 
Hackers
HackersHackers
Hackersguesta04f59b
 
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015 Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015 lokeshpidawekar
 

Mais conteúdo relacionado

Mais procurados

Bastion jump hosts with Teleport
Bastion jump hosts with TeleportBastion jump hosts with Teleport
Bastion jump hosts with TeleportFaelix Ltd
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 
Multi tier-app-network-topology-neutron-final
Multi tier-app-network-topology-neutron-finalMulti tier-app-network-topology-neutron-final
Multi tier-app-network-topology-neutron-finalSadique Puthen
 
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu ExploitationAhmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu Exploitationbarcamp.my
 
Net mcr 2021 05 handout
Net mcr 2021 05 handoutNet mcr 2021 05 handout
Net mcr 2021 05 handoutFaelix Ltd
 
Evolving HTTP and making things QUIC
Evolving HTTP and making things QUICEvolving HTTP and making things QUIC
Evolving HTTP and making things QUICNatasha Rooney
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Pavel Odintsov
 
Mitm(man in the middle) ssl proxy attacks
Mitm(man in the middle) ssl proxy attacksMitm(man in the middle) ssl proxy attacks
Mitm(man in the middle) ssl proxy attacksJaeYeoul Ahn
 
Exploiting WiFi Security
Exploiting WiFi Security Exploiting WiFi Security
Exploiting WiFi Security Hariraj Rathod
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksSecurity Session
 
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-SecurityFeb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-SecurityCasey Dunham
 
Be Mean to Your Code
Be Mean to Your CodeBe Mean to Your Code
Be Mean to Your CodeJames Wickett
 
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...Felipe Prado
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
Bh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsBh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsDan Kaminsky
 
Hiding in plain sight
Hiding in plain sightHiding in plain sight
Hiding in plain sightRob Gillen
 
Dhcp security #netseckh
Dhcp security #netseckhDhcp security #netseckh
Dhcp security #netseckhHEM Sothon
 

Mais procurados (20)

Bastion jump hosts with Teleport
Bastion jump hosts with TeleportBastion jump hosts with Teleport
Bastion jump hosts with Teleport
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool
 
Multi tier-app-network-topology-neutron-final
Multi tier-app-network-topology-neutron-finalMulti tier-app-network-topology-neutron-final
Multi tier-app-network-topology-neutron-final
 
Backtrack Manual Part10
Backtrack Manual Part10Backtrack Manual Part10
Backtrack Manual Part10
 
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu ExploitationAhmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
 
Net mcr 2021 05 handout
Net mcr 2021 05 handoutNet mcr 2021 05 handout
Net mcr 2021 05 handout
 
Evolving HTTP and making things QUIC
Evolving HTTP and making things QUICEvolving HTTP and making things QUIC
Evolving HTTP and making things QUIC
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
 
Mitm(man in the middle) ssl proxy attacks
Mitm(man in the middle) ssl proxy attacksMitm(man in the middle) ssl proxy attacks
Mitm(man in the middle) ssl proxy attacks
 
Exploiting WiFi Security
Exploiting WiFi Security Exploiting WiFi Security
Exploiting WiFi Security
 
Practical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacksPractical steps to mitigate DDoS attacks
Practical steps to mitigate DDoS attacks
 
08 tcp-dns
08 tcp-dns08 tcp-dns
08 tcp-dns
 
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-SecurityFeb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-Security
 
Be Mean to Your Code
Be Mean to Your CodeBe Mean to Your Code
Be Mean to Your Code
 
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...
DEF CON 27 - MAKSIM SHUDRAK - zero bugs found hold my beer afl how to improve...
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
 
Bh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsBh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackops
 
Hiding in plain sight
Hiding in plain sightHiding in plain sight
Hiding in plain sight
 
Wifi cracking
Wifi crackingWifi cracking
Wifi cracking
 
Dhcp security #netseckh
Dhcp security #netseckhDhcp security #netseckh
Dhcp security #netseckh
 

Destaque

Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015 Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015 lokeshpidawekar
 
4 System For Information Security
4 System For Information Security4 System For Information Security
4 System For Information SecurityAna Meskovska
 
Kasım\' 2010 İnci YAMAN-GENÇLİK KOROSU KONSERİ
Kasım\' 2010 İnci YAMAN-GENÇLİK KOROSU KONSERİKasım\' 2010 İnci YAMAN-GENÇLİK KOROSU KONSERİ
Kasım\' 2010 İnci YAMAN-GENÇLİK KOROSU KONSERİTangül Müdok
 
2009 The Edelman Trust Barometer Korea Report
2009 The Edelman Trust Barometer Korea Report2009 The Edelman Trust Barometer Korea Report
2009 The Edelman Trust Barometer Korea ReportEdelmankorea
 
Broederlijk delen Campagne 2009
Broederlijk delen Campagne 2009Broederlijk delen Campagne 2009
Broederlijk delen Campagne 2009sint.al.jo
 
金属期货交易策略
金属期货交易策略金属期货交易策略
金属期货交易策略sqhuang0328
 
Gopenflow demo v1 (english)
Gopenflow demo v1 (english)Gopenflow demo v1 (english)
Gopenflow demo v1 (english)Hiroaki Kawai
 
The Monarchs Of Great Britain And The United
The Monarchs Of Great Britain And The UnitedThe Monarchs Of Great Britain And The United
The Monarchs Of Great Britain And The Unitedmaarja204
 
Trade Adjustment Assistance 2015
Trade Adjustment Assistance 2015Trade Adjustment Assistance 2015
Trade Adjustment Assistance 2015Timothy Theberge
 
Udhezues I Ilustruar Mbi Islamin _ Albanian
Udhezues I Ilustruar Mbi Islamin _ AlbanianUdhezues I Ilustruar Mbi Islamin _ Albanian
Udhezues I Ilustruar Mbi Islamin _ AlbanianAbdullah Baspren
 
Sneeuwklassen 2009 Terugkomdag Vol Met Teksten2
Sneeuwklassen 2009 Terugkomdag Vol Met Teksten2Sneeuwklassen 2009 Terugkomdag Vol Met Teksten2
Sneeuwklassen 2009 Terugkomdag Vol Met Teksten2sint.al.jo
 
Silver Oak Advisors - Statement Of Qualifications
Silver Oak Advisors - Statement Of QualificationsSilver Oak Advisors - Statement Of Qualifications
Silver Oak Advisors - Statement Of Qualificationsglennwilliams
 
Ladd Research Group
Ladd Research GroupLadd Research Group
Ladd Research Groupsallylund
 
1. Managing a Social & Environmental Auditor Training Program
1. Managing a Social & Environmental Auditor Training Program1. Managing a Social & Environmental Auditor Training Program
1. Managing a Social & Environmental Auditor Training ProgramISEAL Alliance
 
5. Trainer Qualification and Calibration
5. Trainer Qualification and Calibration5. Trainer Qualification and Calibration
5. Trainer Qualification and CalibrationISEAL Alliance
 
Portfolio 1
Portfolio 1Portfolio 1
Portfolio 1mcjim
 

Destaque (20)

Hackers
HackersHackers
Hackers
 
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015 Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015
 
4 System For Information Security
4 System For Information Security4 System For Information Security
4 System For Information Security
 
Kasım\' 2010 İnci YAMAN-GENÇLİK KOROSU KONSERİ
Kasım\' 2010 İnci YAMAN-GENÇLİK KOROSU KONSERİKasım\' 2010 İnci YAMAN-GENÇLİK KOROSU KONSERİ
Kasım\' 2010 İnci YAMAN-GENÇLİK KOROSU KONSERİ
 
Kalkhedon' 2010 kasim
Kalkhedon' 2010 kasimKalkhedon' 2010 kasim
Kalkhedon' 2010 kasim
 
2009 The Edelman Trust Barometer Korea Report
2009 The Edelman Trust Barometer Korea Report2009 The Edelman Trust Barometer Korea Report
2009 The Edelman Trust Barometer Korea Report
 
Broederlijk delen Campagne 2009
Broederlijk delen Campagne 2009Broederlijk delen Campagne 2009
Broederlijk delen Campagne 2009
 
Flogolf
FlogolfFlogolf
Flogolf
 
金属期货交易策略
金属期货交易策略金属期货交易策略
金属期货交易策略
 
Gopenflow demo v1 (english)
Gopenflow demo v1 (english)Gopenflow demo v1 (english)
Gopenflow demo v1 (english)
 
The Monarchs Of Great Britain And The United
The Monarchs Of Great Britain And The UnitedThe Monarchs Of Great Britain And The United
The Monarchs Of Great Britain And The United
 
Trade Adjustment Assistance 2015
Trade Adjustment Assistance 2015Trade Adjustment Assistance 2015
Trade Adjustment Assistance 2015
 
Udhezues I Ilustruar Mbi Islamin _ Albanian
Udhezues I Ilustruar Mbi Islamin _ AlbanianUdhezues I Ilustruar Mbi Islamin _ Albanian
Udhezues I Ilustruar Mbi Islamin _ Albanian
 
Prophet Yusuf
Prophet YusufProphet Yusuf
Prophet Yusuf
 
Sneeuwklassen 2009 Terugkomdag Vol Met Teksten2
Sneeuwklassen 2009 Terugkomdag Vol Met Teksten2Sneeuwklassen 2009 Terugkomdag Vol Met Teksten2
Sneeuwklassen 2009 Terugkomdag Vol Met Teksten2
 
Silver Oak Advisors - Statement Of Qualifications
Silver Oak Advisors - Statement Of QualificationsSilver Oak Advisors - Statement Of Qualifications
Silver Oak Advisors - Statement Of Qualifications
 
Ladd Research Group
Ladd Research GroupLadd Research Group
Ladd Research Group
 
1. Managing a Social & Environmental Auditor Training Program
1. Managing a Social & Environmental Auditor Training Program1. Managing a Social & Environmental Auditor Training Program
1. Managing a Social & Environmental Auditor Training Program
 
5. Trainer Qualification and Calibration
5. Trainer Qualification and Calibration5. Trainer Qualification and Calibration
5. Trainer Qualification and Calibration
 
Portfolio 1
Portfolio 1Portfolio 1
Portfolio 1
 

Semelhante a Cracking Wep And Wpa Wireless Networks

Cracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless NetworksCracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless NetworksHammam Samara
 
Fundamentals of network hacking
Fundamentals of network hackingFundamentals of network hacking
Fundamentals of network hackingPranshu Pareek
 
How to Hack WiFi on Windows
How to Hack WiFi on Windows How to Hack WiFi on Windows
How to Hack WiFi on Windows Vrushank Narola
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2ratnalajaggu
 
How to WRAPS like Snoop Dogg
How to WRAPS like Snoop DoggHow to WRAPS like Snoop Dogg
How to WRAPS like Snoop DoggAlex Kim
 
Cracking wep and wpa wireless networks
Cracking wep and wpa wireless networksCracking wep and wpa wireless networks
Cracking wep and wpa wireless networksMaghan Das
 
A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!edwardo
 
Wired equivalent privacy by SecArmour
Wired equivalent privacy by SecArmour Wired equivalent privacy by SecArmour
Wired equivalent privacy by SecArmourSec Armour
 
Wireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPWireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPJoe McCray
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...idsecconf
 
04-post-connection-attacks.pdf
04-post-connection-attacks.pdf04-post-connection-attacks.pdf
04-post-connection-attacks.pdfxasako1838
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hackingAmanpreet Singh
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hackingMihir Shah
 
Bh fed-03-kaminsky
Bh fed-03-kaminskyBh fed-03-kaminsky
Bh fed-03-kaminskyDan Kaminsky
 
[CB20] Reverse Engineering archeology : Reverse engineering multiple devices ...
[CB20] Reverse Engineering archeology : Reverse engineering multiple devices ...[CB20] Reverse Engineering archeology : Reverse engineering multiple devices ...
[CB20] Reverse Engineering archeology : Reverse engineering multiple devices ...CODE BLUE
 
WiFi practical hacking "Show me the passwords!"
WiFi practical hacking "Show me the passwords!"WiFi practical hacking "Show me the passwords!"
WiFi practical hacking "Show me the passwords!"DefCamp
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminarNilesh Sapariya
 
Ceh v8 labs module 15 hacking wireless networks
Ceh v8 labs module 15 hacking wireless networksCeh v8 labs module 15 hacking wireless networks
Ceh v8 labs module 15 hacking wireless networksMehrdad Jingoism
 
Securing the network for VMs or Containers
Securing the network for VMs or ContainersSecuring the network for VMs or Containers
Securing the network for VMs or ContainersMarian Marinov
 

Semelhante a Cracking Wep And Wpa Wireless Networks (20)

Cracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless NetworksCracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless Networks
 
Aircrack
AircrackAircrack
Aircrack
 
Fundamentals of network hacking
Fundamentals of network hackingFundamentals of network hacking
Fundamentals of network hacking
 
How to Hack WiFi on Windows
How to Hack WiFi on Windows How to Hack WiFi on Windows
How to Hack WiFi on Windows
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2
 
How to WRAPS like Snoop Dogg
How to WRAPS like Snoop DoggHow to WRAPS like Snoop Dogg
How to WRAPS like Snoop Dogg
 
Cracking wep and wpa wireless networks
Cracking wep and wpa wireless networksCracking wep and wpa wireless networks
Cracking wep and wpa wireless networks
 
A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!
 
Wired equivalent privacy by SecArmour
Wired equivalent privacy by SecArmour Wired equivalent privacy by SecArmour
Wired equivalent privacy by SecArmour
 
Wireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEPWireless Pentesting: It's more than cracking WEP
Wireless Pentesting: It's more than cracking WEP
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
 
04-post-connection-attacks.pdf
04-post-connection-attacks.pdf04-post-connection-attacks.pdf
04-post-connection-attacks.pdf
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hacking
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
 
Bh fed-03-kaminsky
Bh fed-03-kaminskyBh fed-03-kaminsky
Bh fed-03-kaminsky
 
[CB20] Reverse Engineering archeology : Reverse engineering multiple devices ...
[CB20] Reverse Engineering archeology : Reverse engineering multiple devices ...[CB20] Reverse Engineering archeology : Reverse engineering multiple devices ...
[CB20] Reverse Engineering archeology : Reverse engineering multiple devices ...
 
WiFi practical hacking "Show me the passwords!"
WiFi practical hacking "Show me the passwords!"WiFi practical hacking "Show me the passwords!"
WiFi practical hacking "Show me the passwords!"
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
Ceh v8 labs module 15 hacking wireless networks
Ceh v8 labs module 15 hacking wireless networksCeh v8 labs module 15 hacking wireless networks
Ceh v8 labs module 15 hacking wireless networks
 
Securing the network for VMs or Containers
Securing the network for VMs or ContainersSecuring the network for VMs or Containers
Securing the network for VMs or Containers
 

Último

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Último (20)

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Cracking Wep And Wpa Wireless Networks

  • 1. BUNDLED BY: How to Hack Wireless Internet Connections http://www.aeonity.com/david/how-hack-wireless-internet-connections Cracking WEP and WPA Wireless Networks From Docupedia What else are you gonna do next Friday night? Play Counter Strike? Written By: Bryan Rite Shout out to: Jeff :: (www.lucidinteractive.ca) for using OSX's Airport to try and generate traffic on our first crack Also would like to thank Alkaloid Networks for support To all the noobies: Don't call us and asking about how to crack networks. Like this guy actually did Date: 11/23/2005
  • 2. Contents [hide] • 1 Overview • 2 Pre-Installation o 2.1 Checklist • 3 WEP Crackin o 3.1 Theory o 3.2 Setting up your tools o 3.3 Finding the Network o 3.4 Capturing IVs o 3.5 Using IVs to Decrypt the Key o 3.6 Anticipated Problems • 4 WPA Crackin o 4.1 Differences o 4.2 WPA Flavours o 4.3 The Handshake o 4.4 Dictionary Brute Force • 5 Using Aireplay o 5.1 WEP Attacks  5.1.1 ARP Injection  5.1.2 Interactive Packet Replay  5.1.3 Fake Authentication Attack o 5.2 WPA Attacks  5.2.1 Deauthentication Attack • 6 Conclusion [edit] Overview This is a good one, let me tell you! There can be so many issues setting up your box to actually get the tools working and i'm not even touching on that, but if you can get everything to work, you'll be cracking wireless networks like a pro in no time. Disclaimer: I'm not a pro. [edit] Pre-Installation [edit] Checklist
  • 3. Tools I've been really, really successful with basically one tool set called AirCrack. o Download that. o Kismet is an excellent tool for sniffing out wireless networks as well and could prove useful. • An encrypted wireless network. o We'll be working on WEP encrypted networks as well as static passkey WPA or WPA-PSK Note: Make sure you can get your card into monitor mode (sometimes called raw monitor or rfmon). This is VERY important [edit] WEP Crackin [edit] Theory A little theory first. WEP is a really crappy and old encryption techinque to secure a wireless connection. A 3-byte vector, called an Initalization Vector or IV, is prepended onto packets and its based on a pre-shared key that all the authenticated clients know... think of it as the network key you need to authenticate. Well if its on (almost) every packet generated by the client or AP, then if we collect enough of them, like a few hundred thousand, we should be able to dramatically reduce the keyspace to check and brute force becomes a realistic proposition. A couple of things will cause us some problems. • If the key is not static, then you'll mix up all your IVs and it'll take forever to decrypt the key. • Theres no traffic, therefore no packets - we can fix this. • MAC Address Filtering - we can fix this too. [edit] Setting up your tools We're gonna need 3 or 4 shells open, we have 5 tools: • airodump - Grabbing IVs • aircrack - Cracking the IVs • airdecap - Decoding captured packets • airreplay - (My Favourite) Packet injector to attack APs.
  • 4. kismet - Network Sniffer, can grab IVs as well. For a standard WEP hack we'll usally only need airodump, aircrack, and kismet (server and client). If we run into some problems we might have to use airreplay to fiddle about. I'll leave you to config all these tools up, for the most part they should just be defaults with the exception of kismet. [edit] Finding the Network First step is we need to find a netork to crack. Start up kismet and start sniffing for APs. Leave it on for a bit so that it can discover all the important information about the networks around. What we want from kismet is: • Encryption type: Is it WEP 64-bit? 128-bit? • What channel is it on? Can greatly speed up IV collection. • AP's IP Address • BSSID • ESSID All this info isn't required but the more you have, the more options you have later to crack and sniff. We can get a lot of this from airodump as well but I find the channel is important. [edit] Capturing IVs Alright, we know what we wanna crack, so lets start capturing packets. You can use kismet to capture files but I prefer airodump because it keeps a running count of all the IVs I've captured and I can crack and airodump will automatically update aircrack with new IVs as it finds them. Note: kimset can interfere with airodump so make sure you close it down before starting airodump. Airodump is pretty straight forward with its command line looking something like this: ./airodump <interface> <output prefix> [channel] [IVs flag] • interface is your wireless interface to use - required. • output prefix is just the filname it'll prepend, - required. • channel is the specific channel we'll scan, leave blank or use 0 to channel hop. • IVs flag is either 0 or 1, depending on whether you want all packets logged, or just IVs.
  • 5. My wireless card is ath0, output prefix i'll use quot;lucidquot;, the channel we sniffed from kismet is 6, and IVs flag is 1 because we just want IVs. So we run: ./airodump ath0 lucid 6 1 Airodump will come up with a graph showing us all the APs and their relevant info, as well as client stations connected to any of the APs. BSSID PWR Beacons # Data CH MB ENC ESSID 00:23:1F:55:04:BC 76 21995 213416 6 54. WEP hackme BSSID STATION PWR Packets Probes 00:23:1F:55:04:BC 00:12:5B:4C:23:27 112 8202 hackme 00:23:1F:55:04:BC 00:12:5B:DA:2F:6A 21 1721 hackme The second line shows us some info about the AP as well as the number of beacons and data packets we've collected from the AP. The two last lines show us two authenticated clients. Where they are connected to and the packets they are sending. We won't use this client info in a straight theory hack but in practice we'll need this info to actively attack the AP. This step may take a long time or could be very short. It depends how busy the AP is and how many IVs we are collecting. What we are doing is populating a file quot;lucid.ivsquot; with all the IV important packet info. Next, we'll feed this to aircrack. To move onto the next step, we'll want at least 100,000 packets (under # Data in airodump) but probably more. [edit] Using IVs to Decrypt the Key Ok, pretend you have enough IVs now to attempt a crack. Goto a new terminal (without stopping airodump - remember it'll autoupdate as new IVs are found) and we'll start aircrack. It looks something like this: ./aircrack [options] <input file> There are a lot of options so you can look them up yourself, i'll be using common ones here that should get you a crack. Our input file is quot;lucid.ivsquot;, the options we will use are: • -a 1 : forces a WEP attack mode (2 forces WPA) • either -b for the bssid or -e for the essid : whichever is easier to type but I like using a BSSID because its more unique. • -n 64 or -n 128 : WEP key length, omit if not known by now. So our command will look like: ./aircrack -a 1 -b 00:23:1F:55:04:BC -n 128 lucid.ivs
  • 6. and off it goes, resembling the picture from the top. Keep an eye on the Unique IV count as it should increase if airodump is still running. For all intents and purposes you are done. That'll pop open most old wireless routers with some traffic on them. [edit] Anticipated Problems There are lots of problems that can come up that will make the above fail, or work very slowly. • No traffic o No traffic is being passed, therefore you can't capture any IVs. o What we need to do is inject some special packets to trick the AP into broadcasting. o Covered below in WEP Attacks • MAC Address filtering o AP is only responding to connected clients. Probably because MAC address filtering is on. o Using airodumps screen you can find the MAC address of authenticated users so just change your MAC to theirs and continue on. o Using the -m option you can specify aircrack to filter packets by MAC Address, ex. -m 00:12:5B:4C:23:27 • Can't Crack even with tons of IVs o Some of the statistical attacks can create false positives and lead you in the wrong direction. o Try using -k N (where N=1..17) or -y to vary your attack method. o Increase the fudge factor. By default it is at 2, by specifying -f N (where N>=2) will increase your chances of a crack, but take much longer. I find that doubling the previous fudge factor is a nice progression if you are having trouble. • Still Nothing o Find the AP by following the signal strength and ask the admin what the WEP key is. [edit] WPA Crackin [edit] Differences WPA is an encryption algorithm that takes care of a lot of the vunerablities inherent in WEP. WEP is, by design, flawed. No matter how good or crappy, long or short, your WEP key is, it can be cracked. WPA is different. A WPA key can be made good enough to make cracking it unfeasible. WPA is also a little more cracker friendly. By capturing the right type of packets, you
  • 7. can do your cracking offline. This means you only have to be near the AP for a matter of seconds to get what you need. Advantages and disadvantages. [edit] WPA Flavours WPA basically comes in two flavours RADIUS or PSK. PSK is crackable, RADIUS is not so much. PSK uses a user defined password to initialize the TKIP, temporal key integrity protocol. There is a password and the user is involved, for the most part that means it is flawed. The TKIP is not really crackable as it is a per-packet key but upon the initialization of the TKIP, like during an authentication, we get the password (well the PMK anyways). A robust dictionary attack will take care of a lot of consumer passwords. Radius involves physical transferring of the key and encrypted channels blah blah blah, look it up to learn more about it but 90% of commerical APs do not support it, it is more of an enterprise solution then a consumer one. [edit] The Handshake The WPA handshake was designed to occur over insecure channels and in plaintext so the password is not actually sent across. There are some fancy dancy algorithms in the background that turn it into a primary master key, PMK, and the like but none of that really matters cause the PMK is enough to connect to the network. The only step we need to do is capture a full authenication handshake from a real client and the AP. This can prove tricky without some packet injection, but if you are lucky to capture a full handshake, then you can leave and do the rest of the cracking at home. We can force an authenication handshake by launching a Deauthentication Attack, but only if there is a real client already connected (you can tell in airodump). If there are no connected clients, you're outta luck. Like for WEP, we want to know the channel the WPA is sitting on, but the airodump command is slightly different. We don't want just IVs so we don't specify an IV flag. This will produce quot;lucid.capquot; instead of quot;lucid.ivsquot;. Assume WPA is on channel 6 and wireless interface is ath0. ./airodump ath0 lucid 6 [edit] Dictionary Brute Force
  • 8. The most important part of brute forcing a WPA password is a good dictionary. Check out http://www.openwall.com/wordlists/ for a 'really' good one. It costs money, but its the biggest and best I've ever seen (40 Million words, no duplicates, one .txt file). There is also a free reduced version from the same site but i'm sure resourceful people can figure out where to get a good dictionary from. When you have a good dictionary the crack is a simple brute force attack: ./aircrack -a 2 -b 00:23:1F:55:04:BC -w /path/to/wordlist Either you'll get it or you won't... depends on the strength of the password and if a dictionary attack can crack it. [edit] Using Aireplay Aireplay is the fun part. You get to manipulate packets to trick the network into giving you what you want. [edit] WEP Attacks Attacks used to create more traffic on WEP networks to get more IVs. [edit] ARP Injection ARP Replay is a classic way of getting more IV traffic from the AP. It is the turtle. Slow but steady and almost always works. We need the BSSID of the AP and the BSSID of an associated client. If there are no clients connected, it is possible to create one with another WEP attack explained below: Fake Authentication Attack. With airodump listening, we attack: ./aireplay -3 -b <AP MAC Address> -h <Client MAC Address> ath0 Note: The -3 specifys the type of attack (3=ARP Replay). This will continue to run, and airodump, listening fron another terminal, will pick up any reply IVs. [edit]
  • 9. Interactive Packet Replay Interactive Packet Reply is quite a bit more advanced and requires capturing packets and constructing your own. It can prove more effective then simple ARP requests but I won't get into packet construction here. A useful attack you might try is the re-send all data attack, basically you are asking the AP to re- send you everything. This only works if the AP re-encrypts the packets before sending them again (and therefore giving you a new IV). Some APs do, some don't. aireplay -2 -b <AP MAC> -h <Client MAC> -n 100 -p 0841 -c FF:FF:FF:FF:FF:FF ath0 [edit] Fake Authentication Attack This attack won't generate any more traffic but it does create an associative client MAC Address useful for the above two attacks. Its definately not as good as having a real, connected client, but you gots to do what you gots to do. This is done easiest with another machine because we need a new MAC address but if you can manually change your MAC then that'll work too. We'll call your new MAC address quot;Fake MACquot;. Now most APs need clients to reassociate every 30 seconds or so or they think they're disconnected. This is pretty arbitrary but I use it and it has worked but if your Fake MAC gets disconnected, reassociate quicker. We need both the essid and bssid and our Fake MAC. ./aireplay -1 30 -e '<ESSID>' -a <BSSID> -h <Fake MAC> ath0 If successful, you should see something like this: 23:47:29 Sending Authentication Request 23:47:29 Authentication successful 23:47:30 Sending Association Request 23:47:30 Association successful :-) Awesome! Now you can use the above two attacks even though there were no clients connected in the first place! If it fails, there may be MAC Address Filtering on so if you really want to use this, you'll have to sniff around until a client provides you with a registered MAC to fake. [edit] WPA Attacks So far, the only way to really crack WPA is to force a re-authentication of a valid client. We need a real, actively connected client to break WPA. You might have to wait a while.
  • 10. [edit] Deauthentication Attack This is a simple and very effective attack. We just force the connected client to disconnect then we capture the re-connect and authentication, saves time so we don't have to wait for the client to do it themselves (a tad less quot;waiting outside in the carquot; creepiness as well). With airodump running in another console, your attack will look something like this: aireplay -0 5 -a <AP MAC> -c <Client MAC> ath0 After a few seconds the re-authentication should be complete and we can attempt to Dictionary Brute Force the PMK. [edit] Conclusion Well thats that. APs crack fairly often but sometimes there is just nothing you can do. Obviously you are not allowed to illegally crack other people's wireless connections, this is purely for penetration testing purposes and some fun. --- Bryan Rite 13:57, 24 Nov 2005 (PST) Be sure to check out Bryan's Free Travel Photo Blog site Footstops.com. Journals, Maps, Videos, Friends and more, plus all proceeds goto international charities.