Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: Advanced WPA(2) attack methods?

  1. #1
    Junior Member
    Join Date
    Jun 2012
    Posts
    42

    Default Advanced WPA(2) attack methods?

    I'm somewhat obsessively auditing all the Wi-Fi networks I administer (around 5), trying to crack into them with the methods available. They all run WPA2/CCMP.

    I've run all the handshakes through the usual wordlists successfully (darkc0de, Church of Wifi, numeric, etc.)

    WPS is disabled, but the passphrases certainly aren't as complex as they could be. They're not dictionary words or common variations of them, but they're not random symbols 20 characters long either.

    How would you continue the attack when the easy methods have failed? Does WPA cracking really just boil down to the quality of the wordlist?

  2. #2
    Just burned his ISO codekiddy's Avatar
    Join Date
    Oct 2011
    Posts
    6

    Default Re: Advanced WPA(2) attack methods?

    There is a new method on how to crack WPA/WPA2, and that's WPS cracking

    Backtrack5 R2 already has required tools installed, their names are "wash" and "reaver".
    with wash tool you scan all the routers that have WPS enabled.
    and with reaver tool you crack the PIN of the WPS enabled router.

    It's about brute forcing router's PIN and takes about 10 hours to complete

  3. #3
    Just burned his ISO Magnet0's Avatar
    Join Date
    Jun 2012
    Posts
    11

    Default Re: Advanced WPA(2) attack methods?

    it nice to here that, but its better if you can provide us tutorials too.

  4. #4
    Member
    Join Date
    Feb 2010
    Location
    Somewhere in the hell
    Posts
    91

    Default Re: Advanced WPA(2) attack methods?

    @ternarybit,

    WPA/WP2 can be brute forcing using suitable hardware and software. The limitation is time only.

    Samiux

  5. #5
    Member
    Join Date
    Sep 2010
    Location
    Eastern Island
    Posts
    96

    Default Re: Advanced WPA(2) attack methods?

    Quote Originally Posted by codekiddy View Post
    There is a new method on how to crack WPA/WPA2, and that's WPS cracking

    Backtrack5 R2 already has required tools installed, their names are "wash" and "reaver".
    with wash tool you scan all the routers that have WPS enabled.
    and with reaver tool you crack the PIN of the WPS enabled router.

    It's about brute forcing router's PIN and takes about 10 hours to complete
    +1 for this...

  6. #6
    Senior Member
    Join Date
    Feb 2012
    Location
    Cyberspace
    Posts
    174

    Default Re: Advanced WPA(2) attack methods?

    Quote Originally Posted by codekiddy View Post
    There is a new method on how to crack WPA/WPA2, and that's WPS cracking

    All nice but ternarybit mentioned that he got WPS disabled.

    As samiux mentioned to crack WPA/WPA2, limitation is time only. However if the pass phrase is good one you are in pretty good shape.

  7. #7
    Member stepking2's Avatar
    Join Date
    May 2012
    Posts
    83

    Default Re: Advanced WPA(2) attack methods?

    I have some wordlist hosted on ThePirateBay :-)

    http://thepiratebay.se/user/stepking2

  8. #8
    Junior Member
    Join Date
    Jun 2012
    Location
    127.0.0.1
    Posts
    25

    Default Re: Advanced WPA(2) attack methods?

    Quote Originally Posted by codekiddy View Post
    There is a new method on how to crack WPA/WPA2, and that's WPS cracking
    It's Right, the WPS, now, is the only way for a strong WPA.

  9. #9
    Junior Member
    Join Date
    Jun 2012
    Posts
    42

    Default Re: Advanced WPA(2) attack methods?

    @everyone Thanks for the info. Keep WPS disabled and use strong PSKs == mostly secure, at least from a purely cryptographic standpoint.

    Does anyone have information about some techniques that exploit the human element? Is there a way, perhaps, to set up a rogue AP with identical settings as the target AP, except that whatever PSK a client enters it accepts and logs?

  10. #10
    Junior Member
    Join Date
    Jun 2012
    Location
    127.0.0.1
    Posts
    25

    Default Re: Advanced WPA(2) attack methods?

    You can create a rougue AP with same ssid (and mac) of the target AP and capture the handshake for the WPA or the data for the WEP (caffe-latte attack). You can simulate the AP and share your internet connection. You can simulate the AP and exploit the victim to find password or configuration. But you can't simply log the password: is the 4 way handshake security.

Page 1 of 3 123 LastLast

Similar Threads

  1. Replies: 1
    Last Post: 01-23-2011, 01:57 PM
  2. VBScript Infection Methods
    By AngryCockroach in forum Beginners Forum
    Replies: 0
    Last Post: 04-19-2010, 09:28 AM
  3. Replies: 4
    Last Post: 03-04-2010, 09:26 AM
  4. why many methods to start networking ?!
    By code1101 in forum Beginners Forum
    Replies: 7
    Last Post: 02-13-2010, 12:53 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •