I have posted the original article with links on my website:
http://technicdynamic.com/2011/12/ha...no-bruteforce/
Note that however you should still conduct your recon,
as that's your basis for making this attack realistic.
Printable View
I have posted the original article with links on my website:
http://technicdynamic.com/2011/12/ha...no-bruteforce/
Note that however you should still conduct your recon,
as that's your basis for making this attack realistic.
nice method .........!! can this method work on others AP with WPA/WPA2??? but you did a good job
happy hunting!!
Yes, this is intended for WPA/WPA2...
We get the key by tricking the victim!
Thanks for the feedback & be safe! ;]
great video. very useful.
can you just explane steps. do I create database first, or create while working??
and, do I need to be connected to the internet to instal dhcp3-server or not??
Just like any other attack, you should be comfortable before execution.
Set up apache, make sure it works nicely with the database; have your "service page" ready.
Then go by steps.
If you're a beginner don't try to do everything at once because it's a lot,
and it's hard to do things right if you don't understand what you're doing.
Try covering each one of the 4 steps individually,
once comfortable, put them all together.
yes i'm beginner but i'll take it slow. i know a bit of linux but very little. i'm here to learn.
tnx for video. if any problem appears i'll ask :D
What prevents us from faking an AP with exactly the same SSID and then capturing the WPA key when the victim's computer try to automatically connect?
Of course I don't know how to do it, but it seems to be an easy idea, so I'd like to know if someone knows the answer.
Thanks in advance :o
Hey iRiKi!
I'm glad you bring that up, because that was the original idea behind the attack. =)
However, when trying to implement it, I realized (after looking through many packets on wireshark) that the password works much like a hash.
The router simply compares the two "hashes" for a match.
All of this would boil down to the same method already known of capturing the 4-way handshake and bruteforcing/wordlist the password.
Sorry if my explanation doesn't make too much sense, but if you run Wireshark & analyze the process you will see what I'm talking about...
Appreciate the feedback. ;]
Have developed this method since the old times.(hadn't posted since ages...)
Some personal tweaks.
For de-authenticating use airdrop-ng it has far more options and its perfect for the situation.(you can de-authenticate everyone that connects to a certain access-point automatically without your intervention)
Then i personally try to guess the router vendor by the mac or by the ssid(mostly here ssid's are standard) and use a modified router page as a key enter page.Justifying everything with a router firmware update going on and the need to enter the key to continue navigation.
Hi Deathcrops, ty for this method...really great..! i want you u somethink.. You can add a higher-resolution video for me? Thanks in advance .