Re: free online wpa cracker project idea
When will I learn to copy my posts to clipboard before hitting post?
OK Gitsnik summed up the essay I just lost on passing the hash and to answer your question about rouge aps the victim would have to type his password into an unfamiliar box in his browser or be exploited in some other way once he was on the attackers network. If the user is that dumb casually asking or making up an excuse to need his password might be easier.
A true gentleman, a good hearty guy.
Re: free online wpa cracker project idea
I'm no programmer, but couldn't we (in short) use a rogue ap, deauth them, DOS their wifi, then they will connect to your wifi (same essid and bssid) and have a pop up that asks for password...... once they type in the password, everything shuts down and goes back to normal.
Re: free online wpa cracker project idea
Originally Posted by sLiPpErY
The problem is making an authentic looking pop up that asks for password. It would be possible to direct all browser traffic to a page indicating that they need to re-authenticate but who would trust it? Someone else had the idea of a page telling the user that their browser had a required update and they needed to download it to continue browsing. The download could instead be a meterpreter payload, or script to steal registry hives. In my opinion that would be the most believable option for a rouge AP attack. If your thinking that we can just give the rouge AP WPA flags and force the client to send its password, we could only get the hash because we wouldn't be able to complete the handshake.
I think this is exactly what your talking about
http://www.backtrack-linux.org/forum...r-all-one.html
Last edited by CKing; 10-10-2010 at 08:09 PM. Reason: added link
A true gentleman, a good hearty guy.
Re: free online wpa cracker project idea
no... not a page.. but a pop up... javascript maybe?
I'll just keep quite... WPA is so new to me that I'm just sounding stupid at this point I'm sure...
Re: free online wpa cracker project idea
Definitely a cool idea.
Problem is, if you ever get it up and running, you are going to get an unbelievable amount of traffic. There is a ton of demand for a free WPA cracker. So, just keep that in mind.
Good luck with this project.
Re: free online wpa cracker project idea
Keeping quiet doesn't help anyone, you're right a pop up is doable and more authentic looking to the user. Anything that can be done in a browser is possible. A great idea would be to match the router config login, login pages could even be crafted to match router models based on oui. I think you just found a nice new feature for your fake AP creator script.
A true gentleman, a good hearty guy.
Re: free online wpa cracker project idea
There is a lot to figure out and implement, but in my mind I believe anything is possible, may do some fingerprinting then incorporate that into an automated webpage of the router... just need a few minds.... I've basically quit the rogue ap creator thread, I've moved it to my blog instead, (I have alot of new additons, please run my script and help me test and come up with new additions) I have alot of things in mind, and more than likely the script will be twice as big by the 15 of Nov as I have a class I'm taking that I think this may be useful in. So the more comments and additions I can get I'd love the help, I'm willing to donate to people if they actually do some research and work with me, they will also be a creator of the script and added as such.
EDIT: I will be incorporating SET with Java attack vector after I get the WEP WPA cracking figured out...
Last edited by sLiPpErY; 10-15-2010 at 11:34 PM.
Re: free online wpa cracker project idea
What about Cross Site Scripting?
I (or you) could create PHP based solution PCAP file parser which then can be passed to PHP where PHP can do the rest of the loops and hard work.
The advantage of this is that PHP is the most popular side server application so thus there are lots of (FREE) servers which can run this application.
I don't have time to get down to the nitty gritty of the PCAP file format but in short;
I haven't had much time to time this as I'm in a rush but I'm trying to (with as little words as possible) encourage a PHP WPA Cracker because a central hub can be created and which can share out the work load among others.Code:If anyone makes a PCAP parser I shall do the rest of the script
Thank-you for listening to my scramblers mind
GingerP
Re: free online wpa cracker project idea
I like your use of code tags
Well the idea is new and I'd be interested in seeing a proof of concept and I might even put that parser together for you if I have some time but if your suggesting exploiting flaws in websites to process the information I cant condone it since its obviously not legal.
A true gentleman, a good hearty guy.
Re: free online wpa cracker project idea
I like your use of code tags
Well the idea is new and I'd be interested in seeing a proof of concept and I might even put that parser together for you if I have some time but if your suggesting exploiting flaws in websites to process the information I cant condone it since its obviously not legal.Thank-youI like your use of code tags
Case-study
My idea in more detailCode:I've created a site a few years back now which was for a file hosting website which has now sadly gone off-line. But, the guy who hired me didn't want to pay for web space so instead he hired me for a solution. I managed to create in just PHP & MYSQL a way of hosting files for the same site but over lots of different free web hosting servers. It was dynamic and meant he could create a new account on different web hosts paste the file in and run a one-time install script which let the master server know it had a new branch to work on.
I plan to recreate a similar set up but this time make it more open source so that anyone can download and install the script to there server. Everything will be a little bigger because its only fair that the people who host the files get credit.
Main-Server
This shall be hosted on my paid servers because it has to have a 99.99% uptime for the other servers to work off. When a branch server is installed it shall be added to into a database where a cron job will continually monitor its uptime. The mail server will host the FULL dictionary which will be used.
When a user wants to crack a WPA file it will be parsed to check if it is;
valid, and the ESSID is in the PCAP file. If it is it will be saved in a temporary folder where on the next it shall AJAX call servers to process the file.
Branch Servers
They will contact the main server on install with information about the host. On install it will also download from the main server either the FULL or SEGMENT dictionary.
When the script is called to crack a file it shall be given a URL of the file to download and crack. The file will be SHOULD be deleted when finished. If the server has a FULL dictionary then there shall be two other parameters passed to the server; One is the start line to start reading from the dictionary and the other is the end. This way we can save some CPU by sharing the work load.
The Dictionary's
- Full
The full Dictionary shall have every word and/or numbers that is currently install. It has a large file size more than 1GB and should only be used paid servers or (very) kind free servers.
- Segmented
This dictionary shall be the full one but split up into 70-80MB files which will be designed for free hosts or side projects for paid hosts who don't want to use too much disk space.
And thats all folks for now
This is my idea so far. Anyone who would like to get on board the team please send my your email address via PM and we can talk more in detail. Also I shall start working on this project but I shall not post all results/ideas/code on this forum.
Thank-you for reading and I hope you can take Part
GingerP
Posting Permissions
