Page 1 of 4 123 ... LastLast
Results 1 to 10 of 31

Thread: Hacking WPA-2 Key - Evil Twin Method (No Bruteforcing)

Hybrid View

  1. #1
    Just burned his ISO deathcorps's Avatar
    Join Date
    Dec 2010
    Posts
    12

    Default Hacking WPA-2 Key - Evil Twin Method (No Bruteforcing)

    Hey guys!

    This is a technique I've been using recently. It's a little more complex than usual, however, if you play the cards rights you have pretty good chances.

    This technique doesn't involve capturing handshakes at all. Check out the steps:

    1. Identify target & do recon;
    2. Clone the target network;
    3. Redirect traffic on cloned AP to a service page (asking for the WPA-2 Key) -- this page has to be on point, convincing;
    4. Deauthenticate the hosts on the original network, and wait 'till they connect to our cloned network;

    Check out the video: http://vimeo.com/34309678

    * Video made under controlled circumstances for educational purposes. ;]

  2. #2
    Senior Member cgelici's Avatar
    Join Date
    Feb 2010
    Location
    /root
    Posts
    121

    Default Re: Hacking WPA-2 Key - Evil Twin Method (No Bruteforcing)

    Nice video ! However it relies on some social engineering in which I have little trust in. But then you never know.....

    Good post !

  3. #3
    Just burned his ISO deathcorps's Avatar
    Join Date
    Dec 2010
    Posts
    12

    Default Re: Hacking WPA-2 Key - Evil Twin Method (No Bruteforcing)

    Thanks man, appreciate the feedback!

    I know how you feel about the social engineering... but bruteforcing is quite frustrating imo lol

    Originally I wanted to find a way to clone a WPA-2 AP with the same BSSID and ESSID on a Karma-like router.
    and Just register the authentication key they tried to use... then I came up with this idea.

    But yea... timing is key for this method =)

    Happy new years guys

  4. #4
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: Hacking WPA-2 Key - Evil Twin Method (No Bruteforcing)

    hello
    thanks for the great video and for the idea)
    the only thing (perhaps only me) since I installed the dhcp3-server my "alpha" begins to have some problems ... sometimes it goes down !!!!& have little ""driver-crash!""
    thanks bye!
    zimmaro the goat-brain!!

  5. #5
    Just burned his ISO deathcorps's Avatar
    Join Date
    Dec 2010
    Posts
    12

    Default Re: Hacking WPA-2 Key - Evil Twin Method (No Bruteforcing)

    Hey Zimmaro!
    Thanks for the feedback.
    I have an Alfa also, the AWUS036NH - what I noticed is that the card locks on a channel if you don't specify otherwise.
    That's why I restart the monitor interface in the middle of the video, using the following command:

    airmon-ng start wlan0 [channel]

    That way we can host the fake access point and do the deauthentication on the same card using the at0 and mon0 interfaces..
    Hope that helps =)

  6. #6
    Senior Member LHYX1's Avatar
    Join Date
    Sep 2010
    Location
    Belgium
    Posts
    127

    Default Re: Hacking WPA-2 Key - Evil Twin Method (No Bruteforcing)

    Hey very nice video !
    Could you give a little more explanation regarding these commands please ?

    iptables --table nat --append POSTROUTING --out-interface [internet connection] -j MASQUERADE
    iptables --append FORWARD --in-interface at0 -j ACCEPT
    Redirect traffic:
    iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination [IP address:80]
    iptables -t nat -A POSTROUTING -j MASQUERADE
    I understand that you redirect all tcp trafic to port 80 but where does DNS come in ?
    Because you type google.com and you get redirected to your evil page
    Do the domain names get resolved via your connection to the internet ?
    And do you redirect your victims once they initialize the http connection ? Am I correct ?

    Please help me understand this
    Last edited by LHYX1; 01-03-2012 at 03:47 PM.
    (\ /)
    ( . .)
    c(")(")

    This is bunny.
    Copy and paste bunny into your signature to help him gain world domination.

  7. #7
    Just burned his ISO deathcorps's Avatar
    Join Date
    Dec 2010
    Posts
    12

    Default Re: Hacking WPA-2 Key - Evil Twin Method (No Bruteforcing)

    Hey LHYX1!
    You pretty much answered all your questions lol
    We have one wireless connection to the internet and we want to bridge it with the cloned access point to give it internet access, so we use network address translation.

    Just to clear it up, each number corresponds to command:

    1) We specify the internet connection -- in my case, I used a tethered connection from my phone. That's our output interface. Think of packets heading out from the interface.

    2) We forward the packets to our cloned access point.

    Note: At this point, if you access the cloned ap you should have normal internet connection. That's desirable, because you might want to implement sslstrip and such after the victim has given you the key... The cool part is we don't need to do ARP spoofing

    3) Like you said, here we just redirect all tcp traffic to the evil page (our hosted apache). I have also used dnsspoof to do this and it worked (again, no need for arp spoofing). However, if you try to use ettercap you might break the cloned AP due to it altering iptables.

    Basically the packets are altered when they arrive in the cloned AP from the AP connected to the internet.
    Hope it helped! =)

  8. #8
    Senior Member LHYX1's Avatar
    Join Date
    Sep 2010
    Location
    Belgium
    Posts
    127

    Default Re: Hacking WPA-2 Key - Evil Twin Method (No Bruteforcing)

    Thanx for your help
    (\ /)
    ( . .)
    c(")(")

    This is bunny.
    Copy and paste bunny into your signature to help him gain world domination.

  9. #9
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    2

    Default Re: Hacking WPA-2 Key - Evil Twin Method (No Bruteforcing)

    good work

  10. #10
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    1

    Default 回复: Hacking WPA-2 Key - Evil Twin Method (No Bruteforcing)

    Where can we download the ''service page'' ? and mssql datebase TKS

Page 1 of 4 123 ... LastLast

Similar Threads

  1. Ejacoolas, the Evil Java Applet COOL Automation Script
    By torpedo48 in forum BackTrack 5 General Topics
    Replies: 5
    Last Post: 10-07-2012, 12:08 PM
  2. Help about bruteforcing url
    By alkado in forum Beginners Forum
    Replies: 0
    Last Post: 06-29-2010, 04:45 AM
  3. USB HDD: Install with USB method or HDD method?
    By floepie in forum Beginners Forum
    Replies: 0
    Last Post: 03-12-2010, 12:17 AM
  4. Could apps like download managers be evil
    By kutchbhi in forum OLD General IT Discussion
    Replies: 2
    Last Post: 01-04-2010, 07:40 AM
  5. Evil modern hardware - C2D wireless, 5100AGN
    By RageLtMan in forum OLD BackTrack 3 Final
    Replies: 0
    Last Post: 11-21-2008, 05:17 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •