Results 1 to 7 of 7

Thread: Question about FakeAP's and WPA/WPA2

  1. #1
    Junior Member
    Join Date
    Feb 2010
    Posts
    26

    Question Question about FakeAP's and WPA/WPA2

    Hey guys, I'm gonna be getting a netcomm wireless router upgrade soon from my ISP, part of the deal etc. I still use a wired connection for the time being.

    I understand about capturing the eapol 4 way is what you use for cracking offline or uploading to the WPA cracker etc etc. (nice job on that one too, just wish I had enough knowledge to do that myself )

    And I've been reading and reading and reading. and I know that according to the guy who initially found the weakness in wpa anything under 20 characters is do-able (provided you have the right GPU i guess.

    But my question is this, with so many ways to skin a cat, by this I mean set up fake ap's for clients to authenticate with wpa, If they authenticate with you, does this only capture the handshake? or worse does capture the hanshake and show what the password is? And if this is the case, I can only imagine that enterprise security or just staying plain old wired would keep you safe in a wireless type of way.......

    cheers guys.

  2. #2
    Junior Member
    Join Date
    Feb 2010
    Posts
    26

    Red face Does anyone please have the answer please

    Hey Guys, I'm hoping this isn't such a stupid/silly question because it's common knowledge.

    But if there is anyone who can answer this it would be gr8


    Thanks

  3. #3
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Someone in power will make mention of it, but don't double post - it's rude and it annoys most of the senior members willing to otherwise provide help.

    In the meantime, go read the entire aircrack-ng website - there are manual pages all over it. Make a special note of focusing on the base tool.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  4. #4
    Junior Member
    Join Date
    Feb 2010
    Posts
    26

    Red face FakeAP's and capturing unhashed handshakes? Possible?

    Quote Originally Posted by Gitsnik View Post
    Someone in power will make mention of it, but don't double post - it's rude and it annoys most of the senior members willing to otherwise provide help.
    Sorry again, I was thinking it was more of a bump so again, sorry.

    Is it o.k after I have read the whole thing if there if there are any unanswered questions, to post them?

    [QUOTE]In the meantime, go read the entire aircrack-ng website - there are manual pages all over it. Make a special note of focusing on the base tool.

    I am still by no means understand fully aircrack-ng suite, but i'm reading and learning and picking up all these awesome scripts etc. But basically my question was still not directly about aircrack, but for example SAP(satanic access point) the concept of creating a FAKEAP, and then having a client WPA authenticate. Is the EAPOL still hashed or do these types of attacks actually take out the hard work of running an aircrack or crunch etc. attack? because I'm guessing it's probably going to be hashed even if you do capture an authentication (am I on the right track with that thinking?)

    @Gitsnik;169217 thanks for the advice, it's a good heads up. double posting is what i thought was bumping. And I kind of thought it was a dumb question so i wasn't sure if it was overlooked, considering there are much better questions to be answered. so yeah cheers

    thanks again, to the BT4 community and the moderators(covering my bases) it's a lot of effort so yeah cool.

  5. #5
    Member
    Join Date
    Feb 2010
    Posts
    204

    Default

    the FAKEAP's are usually unencrypted

    it used to fool the user into connecting to an AP, then exploiting him/her is various other ways.

  6. #6
    Senior Member Nick_the_Greek's Avatar
    Join Date
    Jan 2010
    Location
    Greece
    Posts
    181

    Default

    Quote Originally Posted by hm2075 View Post
    the FAKEAP's are usually unencrypted
    Agree with hm2075.

    FakeAPs are usually unencrypted. With airbase-ng you can setup a FakeAP at most with WEP encryption. If a wifi-card supports master mode then you can setup a fakeAP with WPA encryption but it's a little bit more complicated to do this.

  7. #7
    Junior Member
    Join Date
    Feb 2010
    Posts
    26

    Wink Thanks heaps - it's clear now

    Quote Originally Posted by Nick_the_Greek View Post
    Agree with hm2075.

    FakeAPs are usually unencrypted. With airbase-ng you can setup a FakeAP at most with WEP encryption. If a wifi-card supports master mode then you can setup a fakeAP with WPA encryption but it's a little bit more complicated to do this.
    whoa! i've got a lot of reading to do........... So really they are more for clients to connect for "free internet" and you sniff their traffic etc. still very cool, but I thought it even more sinister (prolly is hehe you guys know ur stuff) and under the right scenario it would steal the keys on a machine and you wouldn't have run a brute force on wpa/wpa2

    Oh BTW Nick the Greek - thanks for writing that particular script, even though I don't know how to use it yet you can guarantee once I learn how to use it the thanks would be rolling in anyway,.

    thanks for the PM @ Gitsnik made at least i'll be reading up on the right tool now

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •