Page 3 of 7 FirstFirst 12345 ... LastLast
Results 21 to 30 of 66

Thread: free online wpa cracker project idea

  1. #21
    Member CKing's Avatar
    Join Date
    Mar 2010
    Location
    downtown, riverfront
    Posts
    83

    Default Re: free online wpa cracker project idea


    When will I learn to copy my posts to clipboard before hitting post?

    OK Gitsnik summed up the essay I just lost on passing the hash and to answer your question about rouge aps the victim would have to type his password into an unfamiliar box in his browser or be exploited in some other way once he was on the attackers network. If the user is that dumb casually asking or making up an excuse to need his password might be easier.
    A true gentleman, a good hearty guy.

  2. #22
    Junior Member
    Join Date
    Aug 2010
    Posts
    64

    Default Re: free online wpa cracker project idea

    I'm no programmer, but couldn't we (in short) use a rogue ap, deauth them, DOS their wifi, then they will connect to your wifi (same essid and bssid) and have a pop up that asks for password...... once they type in the password, everything shuts down and goes back to normal.

  3. #23
    Member CKing's Avatar
    Join Date
    Mar 2010
    Location
    downtown, riverfront
    Posts
    83

    Default Re: free online wpa cracker project idea

    Quote Originally Posted by sLiPpErY View Post
    I'm no programmer, but couldn't we (in short) use a rogue ap, deauth them, DOS their wifi, then they will connect to your wifi (same essid and bssid) and have a pop up that asks for password...... once they type in the password, everything shuts down and goes back to normal.

    The problem is making an authentic looking pop up that asks for password. It would be possible to direct all browser traffic to a page indicating that they need to re-authenticate but who would trust it? Someone else had the idea of a page telling the user that their browser had a required update and they needed to download it to continue browsing. The download could instead be a meterpreter payload, or script to steal registry hives. In my opinion that would be the most believable option for a rouge AP attack. If your thinking that we can just give the rouge AP WPA flags and force the client to send its password, we could only get the hash because we wouldn't be able to complete the handshake.

    I think this is exactly what your talking about
    http://www.backtrack-linux.org/forum...r-all-one.html
    Last edited by CKing; 10-10-2010 at 08:09 PM. Reason: added link
    A true gentleman, a good hearty guy.

  4. #24
    Junior Member
    Join Date
    Aug 2010
    Posts
    64

    Default Re: free online wpa cracker project idea

    no... not a page.. but a pop up... javascript maybe?

    I'll just keep quite... WPA is so new to me that I'm just sounding stupid at this point I'm sure...

  5. #25
    Junior Member
    Join Date
    Aug 2010
    Posts
    34

    Default Re: free online wpa cracker project idea

    Definitely a cool idea.

    Problem is, if you ever get it up and running, you are going to get an unbelievable amount of traffic. There is a ton of demand for a free WPA cracker. So, just keep that in mind.

    Good luck with this project.

  6. #26
    Member CKing's Avatar
    Join Date
    Mar 2010
    Location
    downtown, riverfront
    Posts
    83

    Default Re: free online wpa cracker project idea

    Quote Originally Posted by sLiPpErY View Post
    no... not a page.. but a pop up... javascript maybe?

    I'll just keep quite... WPA is so new to me that I'm just sounding stupid at this point I'm sure...
    Keeping quiet doesn't help anyone, you're right a pop up is doable and more authentic looking to the user. Anything that can be done in a browser is possible. A great idea would be to match the router config login, login pages could even be crafted to match router models based on oui. I think you just found a nice new feature for your fake AP creator script.
    A true gentleman, a good hearty guy.

  7. #27
    Junior Member
    Join Date
    Aug 2010
    Posts
    64

    Default Re: free online wpa cracker project idea

    Quote Originally Posted by CKing View Post
    Keeping quiet doesn't help anyone, you're right a pop up is doable and more authentic looking to the user. Anything that can be done in a browser is possible. A great idea would be to match the router config login, login pages could even be crafted to match router models based on oui. I think you just found a nice new feature for your fake AP creator script.

    There is a lot to figure out and implement, but in my mind I believe anything is possible, may do some fingerprinting then incorporate that into an automated webpage of the router... just need a few minds.... I've basically quit the rogue ap creator thread, I've moved it to my blog instead, (I have alot of new additons, please run my script and help me test and come up with new additions) I have alot of things in mind, and more than likely the script will be twice as big by the 15 of Nov as I have a class I'm taking that I think this may be useful in. So the more comments and additions I can get I'd love the help, I'm willing to donate to people if they actually do some research and work with me, they will also be a creator of the script and added as such.

    EDIT: I will be incorporating SET with Java attack vector after I get the WEP WPA cracking figured out...
    Last edited by sLiPpErY; 10-15-2010 at 11:34 PM.

  8. #28
    Just burned his ISO
    Join Date
    Jan 2011
    Location
    Great Britain
    Posts
    9

    Default Re: free online wpa cracker project idea

    What about Cross Site Scripting?

    I (or you) could create PHP based solution PCAP file parser which then can be passed to PHP where PHP can do the rest of the loops and hard work.

    The advantage of this is that PHP is the most popular side server application so thus there are lots of (FREE) servers which can run this application.

    I don't have time to get down to the nitty gritty of the PCAP file format but in short;
    Code:
    If anyone makes a PCAP parser I shall do the rest of the script
    I haven't had much time to time this as I'm in a rush but I'm trying to (with as little words as possible) encourage a PHP WPA Cracker because a central hub can be created and which can share out the work load among others.

    Thank-you for listening to my scramblers mind
    GingerP

  9. #29
    Member CKing's Avatar
    Join Date
    Mar 2010
    Location
    downtown, riverfront
    Posts
    83

    Default Re: free online wpa cracker project idea

    Quote Originally Posted by GingerP View Post
    What about Cross Site Scripting?

    I (or you) could create PHP based solution PCAP file parser which then can be passed to PHP where PHP can do the rest of the loops and hard work.

    The advantage of this is that PHP is the most popular side server application so thus there are lots of (FREE) servers which can run this application.

    I don't have time to get down to the nitty gritty of the PCAP file format but in short;
    Code:
    If anyone makes a PCAP parser I shall do the rest of the script
    I haven't had much time to time this as I'm in a rush but I'm trying to (with as little words as possible) encourage a PHP WPA Cracker because a central hub can be created and which can share out the work load among others.

    Thank-you for listening to my scramblers mind
    GingerP
    I like your use of code tags
    Well the idea is new and I'd be interested in seeing a proof of concept and I might even put that parser together for you if I have some time but if your suggesting exploiting flaws in websites to process the information I cant condone it since its obviously not legal.
    A true gentleman, a good hearty guy.

  10. #30
    Just burned his ISO
    Join Date
    Jan 2011
    Location
    Great Britain
    Posts
    9

    Question Re: free online wpa cracker project idea

    Quote Originally Posted by CKing View Post
    I like your use of code tags
    Well the idea is new and I'd be interested in seeing a proof of concept and I might even put that parser together for you if I have some time but if your suggesting exploiting flaws in websites to process the information I cant condone it since its obviously not legal.
    Quote Originally Posted by CKing View Post
    I like your use of code tags
    Thank-you

    Case-study
    Code:
    I've created a site a few years back now which was for a file hosting website which has now sadly gone off-line. But, the guy who hired me didn't want to pay for web space so instead he hired me for a solution.
    
    I managed to create in just PHP & MYSQL a way of hosting files for the same site but over lots of different free web hosting servers. It was dynamic and meant he could create a new account on different web hosts paste the file in and run a one-time install script which let the master server know it had a new branch to work on.
    My idea in more detail
    I plan to recreate a similar set up but this time make it more open source so that anyone can download and install the script to there server. Everything will be a little bigger because its only fair that the people who host the files get credit.

    Main-Server
    This shall be hosted on my paid servers because it has to have a 99.99% uptime for the other servers to work off. When a branch server is installed it shall be added to into a database where a cron job will continually monitor its uptime. The mail server will host the FULL dictionary which will be used.
    When a user wants to crack a WPA file it will be parsed to check if it is;
    valid, and the ESSID is in the PCAP file. If it is it will be saved in a temporary folder where on the next it shall AJAX call servers to process the file.


    Branch Servers
    They will contact the main server on install with information about the host. On install it will also download from the main server either the FULL or SEGMENT dictionary.
    When the script is called to crack a file it shall be given a URL of the file to download and crack. The file will be SHOULD be deleted when finished. If the server has a FULL dictionary then there shall be two other parameters passed to the server; One is the start line to start reading from the dictionary and the other is the end. This way we can save some CPU by sharing the work load.

    The Dictionary's
    - Full
    The full Dictionary shall have every word and/or numbers that is currently install. It has a large file size more than 1GB and should only be used paid servers or (very) kind free servers.

    - Segmented
    This dictionary shall be the full one but split up into 70-80MB files which will be designed for free hosts or side projects for paid hosts who don't want to use too much disk space.

    And thats all folks for now
    This is my idea so far. Anyone who would like to get on board the team please send my your email address via PM and we can talk more in detail. Also I shall start working on this project but I shall not post all results/ideas/code on this forum.

    Thank-you for reading and I hope you can take Part
    GingerP

Page 3 of 7 FirstFirst 12345 ... LastLast

Similar Threads

  1. Replies: 13
    Last Post: 03-14-2011, 05:39 PM
  2. online wpa cracker
    By purehate in forum OLD General IT Discussion
    Replies: 103
    Last Post: 12-31-2009, 08:46 AM
  3. Project: What about WPA online cracking?
    By RaginRob in forum OLD Wireless
    Replies: 7
    Last Post: 03-12-2009, 03:00 PM
  4. Stanford offers free courses online
    By Back|Track_user in forum OLD General IT Discussion
    Replies: 2
    Last Post: 09-26-2008, 08:37 PM
  5. New Project To End Stupidity Online
    By thorin in forum OLD General IT Discussion
    Replies: 5
    Last Post: 12-07-2007, 09:53 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •