Page 1 of 2 12 LastLast
Results 1 to 10 of 24

Thread: Advanced WPA(2) attack methods?

Hybrid View

  1. #1
    Junior Member
    Join Date
    Jun 2012
    Posts
    42

    Default Advanced WPA(2) attack methods?

    I'm somewhat obsessively auditing all the Wi-Fi networks I administer (around 5), trying to crack into them with the methods available. They all run WPA2/CCMP.

    I've run all the handshakes through the usual wordlists successfully (darkc0de, Church of Wifi, numeric, etc.)

    WPS is disabled, but the passphrases certainly aren't as complex as they could be. They're not dictionary words or common variations of them, but they're not random symbols 20 characters long either.

    How would you continue the attack when the easy methods have failed? Does WPA cracking really just boil down to the quality of the wordlist?

  2. #2
    Just burned his ISO codekiddy's Avatar
    Join Date
    Oct 2011
    Posts
    6

    Default Re: Advanced WPA(2) attack methods?

    There is a new method on how to crack WPA/WPA2, and that's WPS cracking

    Backtrack5 R2 already has required tools installed, their names are "wash" and "reaver".
    with wash tool you scan all the routers that have WPS enabled.
    and with reaver tool you crack the PIN of the WPS enabled router.

    It's about brute forcing router's PIN and takes about 10 hours to complete

  3. #3
    Member
    Join Date
    Sep 2010
    Location
    Eastern Island
    Posts
    96

    Default Re: Advanced WPA(2) attack methods?

    Quote Originally Posted by codekiddy View Post
    There is a new method on how to crack WPA/WPA2, and that's WPS cracking

    Backtrack5 R2 already has required tools installed, their names are "wash" and "reaver".
    with wash tool you scan all the routers that have WPS enabled.
    and with reaver tool you crack the PIN of the WPS enabled router.

    It's about brute forcing router's PIN and takes about 10 hours to complete
    +1 for this...

  4. #4
    Senior Member
    Join Date
    Feb 2012
    Location
    Cyberspace
    Posts
    174

    Default Re: Advanced WPA(2) attack methods?

    Quote Originally Posted by codekiddy View Post
    There is a new method on how to crack WPA/WPA2, and that's WPS cracking

    All nice but ternarybit mentioned that he got WPS disabled.

    As samiux mentioned to crack WPA/WPA2, limitation is time only. However if the pass phrase is good one you are in pretty good shape.

  5. #5
    Junior Member
    Join Date
    Jun 2012
    Location
    127.0.0.1
    Posts
    25

    Default Re: Advanced WPA(2) attack methods?

    Quote Originally Posted by codekiddy View Post
    There is a new method on how to crack WPA/WPA2, and that's WPS cracking
    It's Right, the WPS, now, is the only way for a strong WPA.

  6. #6
    Junior Member
    Join Date
    Jun 2012
    Posts
    42

    Default Re: Advanced WPA(2) attack methods?

    @everyone Thanks for the info. Keep WPS disabled and use strong PSKs == mostly secure, at least from a purely cryptographic standpoint.

    Does anyone have information about some techniques that exploit the human element? Is there a way, perhaps, to set up a rogue AP with identical settings as the target AP, except that whatever PSK a client enters it accepts and logs?

  7. #7
    Junior Member
    Join Date
    Jun 2012
    Location
    127.0.0.1
    Posts
    25

    Default Re: Advanced WPA(2) attack methods?

    You can create a rougue AP with same ssid (and mac) of the target AP and capture the handshake for the WPA or the data for the WEP (caffe-latte attack). You can simulate the AP and share your internet connection. You can simulate the AP and exploit the victim to find password or configuration. But you can't simply log the password: is the 4 way handshake security.

  8. #8
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: Advanced WPA(2) attack methods?

    @SilicaG about the rogue AP not helping... Forgot to quote sorry...

    You actually wrong on that. If you create a rogue AP with the same SSID and MAC, then Deauth the client and have him connect to your AP, since you choose the nonce you can decrypt the key immediately. That is the accepted way to hack WPA via human element. Another way would be to use the PRGA stream along with TKIP (not necessary in this case of CCMP) and set up a captive portal with a fake page that asks for the wifi passwrd again.The is a script somewhere out there in forumland that does this for you.
    World Domination is such an ugly phrase. I prefer the term World Optimization.

  9. #9
    Member
    Join Date
    Feb 2010
    Location
    Somewhere in the hell
    Posts
    91

    Default Re: Advanced WPA(2) attack methods?

    @ternarybit,

    Rogue AP is one of the methods to get your strong passpharse.

    Samiux

  10. #10
    Moderated Member
    Join Date
    Oct 2011
    Posts
    44

    Default Re: Advanced WPA(2) attack methods?

    Quote Originally Posted by samiux View Post
    @ternarybit,

    Rogue AP is one of the methods to get your strong passpharse.

    Samiux
    Or you could use random generator in HackPack... (bump for the toolkit )

    I am willing to possibly make some tables for WPA like an OPH if anyone is willing to work with me on it..... I mean after all its just a mix and match game.

Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 1
    Last Post: 01-23-2011, 01:57 PM
  2. VBScript Infection Methods
    By AngryCockroach in forum Beginners Forum
    Replies: 0
    Last Post: 04-19-2010, 09:28 AM
  3. Replies: 4
    Last Post: 03-04-2010, 09:26 AM
  4. why many methods to start networking ?!
    By code1101 in forum Beginners Forum
    Replies: 7
    Last Post: 02-13-2010, 12:53 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •