Wifi everywhere! When you are using wifi no matter it is a public or private hotspot, you are at the risk of being attacked.
When access point and client communicate, they will carrying out a four-way handshake in which the encrypted passphrase will also be transmitted between them. When attacker captures the four-way handshake, the encrypted passphrase is also captured in which it can get the passphrase by wordlists brute forcing.
However, we do not know the one who at the building or parking lot opposite your home or office is a hacker. Fortunately, we can inspect the suspicious or malicious packets in the air, it is the tool namely WAIDPS which stands for Wireless Auditing, Intrusion Detection and Prevention System.
You can leave this tool running and it will report back if there is any suspicious activity in the air near you. You can even fight back to the attacker. However, in my opinion, it is too late for that as the attacker may already have your encrypted passphrase with the four-way handshake.
If you observe any attack such as deauthentication, you can reset your passphrase to a stronger one in order to stop the attack on your wifi router.
By the way, MAC address filtering and hidden SSID mean nothing to attacker. The best way to defense is to have a very strong passphrase.
Reference
[1] WAIDPS - Wireless Auditing, Intrusion Detection and Prevention System
[2] Kali Linux
That's all! See you.
Open Source is a great idea and it has changed the world!
Open Source forever ....
While you do not know attack, how can you know about defense? (未知攻,焉知防?)
Do BAD things .... for the RIGHT reasons -- OWASP ZAP
It is easier to port a shell than a shell script. -- Larry Wall
Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris. -- Larry Wall
为天地立心, 为生民立命, 为往圣继绝学, 为万世开太平。 -- 王炜
Monday, December 18, 2017
Tuesday, December 05, 2017
HOWTO : Wifi Penetration Testing Without Tears
Wifi everywhere! There are a lot of private and public wifi access points around you. Almost everyone will use wifi at anytime. The security of wifi should be taken into account.
The most common wifi frequencies are 2.4GHz and 5GHz at the time of this writing. 2.4GHz frequency channel range is between 1 and 14 while 5GHz frequency channel range is between 34 and 165. That's include a/b/g/n/ac modes.
You can even find some access points still using WEP but it is not common. Almost all access points are using WPA/WPA2. To get passphrase of WEP from access point is very easy. However, WPA/WPA2 is not very hard indeed.
When access point and client communicate, they will carrying out a four-way handshake in which the encrypted passhrase will also be transmitted between them. When attacker captures the four-way handshake, the encrypted passphrase is also captured in which it can get the passphrase by wordlists brute forcing.
To complete the capture steps, you need a tool namely Aircrack-ng. It is a very powerful wifi auditing tool. Furthermore, there is a good tool to brute forcing WPA/WPA2 key, it is Hashcat. Hashcat is very powerful tool for password recovery. Hashcat requires GPU to do the brute forcing job. The more powerful the GPU, the faster the process of brute forcing.
However, to carry out the wifi penetration testing is somehow very hard for some people. It is because it will involve a lot of steps and procedure to complete. In addition, you also need a workable wifi USB dongle or card to make the job done.
Current version of Aircrack-ng 1.2 RC4 does not fully compatible to 5GHz frequency. It is required to patch it and compile it yourself in Kali Linux.
Realtek 8812au chipset wifi USB dongle is ready for 5GHz frequency and penetration testing. The driver is required to compile and install on Kali Linux yourself too.
One of the automated tools for penetration testing wifi is WAIDPS. It also can act as intrusion detection and prevention system for wifi. It just a few keystrokes to complete the wifi penetration testing.
Reference
[1] List of WLAN channels
[2] Kali Linux
[3] Aircrack-ng Official Site
[4] WAIDPS - Wireless Auditing, Intrusion Detection and Prevention System
[5] Install Realtek 8812au Linux Driver
[6] Patch Aircrack-ng For 5GHz Band On Kali Linux 2017.3
[7] Hashcat Official Site
[8] Install Hashcat on Ubuntu 16.04.3
[9] TP-Link Archer T4UHP (Realtek 8812au chipset)
[10] ALFA AWUS036NH (Realtek 8812au chipset)
[11] D-Link DWA-171 Nano USB Adapter (Realtek 8812au chipset)
That's all! See you.
The most common wifi frequencies are 2.4GHz and 5GHz at the time of this writing. 2.4GHz frequency channel range is between 1 and 14 while 5GHz frequency channel range is between 34 and 165. That's include a/b/g/n/ac modes.
You can even find some access points still using WEP but it is not common. Almost all access points are using WPA/WPA2. To get passphrase of WEP from access point is very easy. However, WPA/WPA2 is not very hard indeed.
When access point and client communicate, they will carrying out a four-way handshake in which the encrypted passhrase will also be transmitted between them. When attacker captures the four-way handshake, the encrypted passphrase is also captured in which it can get the passphrase by wordlists brute forcing.
To complete the capture steps, you need a tool namely Aircrack-ng. It is a very powerful wifi auditing tool. Furthermore, there is a good tool to brute forcing WPA/WPA2 key, it is Hashcat. Hashcat is very powerful tool for password recovery. Hashcat requires GPU to do the brute forcing job. The more powerful the GPU, the faster the process of brute forcing.
However, to carry out the wifi penetration testing is somehow very hard for some people. It is because it will involve a lot of steps and procedure to complete. In addition, you also need a workable wifi USB dongle or card to make the job done.
Current version of Aircrack-ng 1.2 RC4 does not fully compatible to 5GHz frequency. It is required to patch it and compile it yourself in Kali Linux.
Realtek 8812au chipset wifi USB dongle is ready for 5GHz frequency and penetration testing. The driver is required to compile and install on Kali Linux yourself too.
One of the automated tools for penetration testing wifi is WAIDPS. It also can act as intrusion detection and prevention system for wifi. It just a few keystrokes to complete the wifi penetration testing.
Reference
[1] List of WLAN channels
[2] Kali Linux
[3] Aircrack-ng Official Site
[4] WAIDPS - Wireless Auditing, Intrusion Detection and Prevention System
[5] Install Realtek 8812au Linux Driver
[6] Patch Aircrack-ng For 5GHz Band On Kali Linux 2017.3
[7] Hashcat Official Site
[8] Install Hashcat on Ubuntu 16.04.3
[9] TP-Link Archer T4UHP (Realtek 8812au chipset)
[10] ALFA AWUS036NH (Realtek 8812au chipset)
[11] D-Link DWA-171 Nano USB Adapter (Realtek 8812au chipset)
That's all! See you.
Labels:
Aircrack-ng,
hashcat,
Kali Linux,
Realtek,
WAIDPS
HOWTO : Patch AirCrack-NG For 5GHz Band On Kali Linux 2017.3
Since AirCrack-NG release 1.2rc4 and github repository commit number 7552fdc do not detect 5GHz channel number properly, you need to use jpmv27's repository for the workaround till official is patched in the next release.
The following is the best way than this as it uses the latest source of AirCrack-NG from GitHub.
Step 1 :
Step 2 :
To patch for 5GHz band :
Step 3 :
To fix a typo :
Replace line 709 where
to
Step 4 :
Important
Make sure not to uninstall aircrack-ng by "apt" command as it will also uninstall some useful packages at the same time.
Kali Linux's Aircrack-ng is installed at /usr/bin and /usr/sbin while GitHub's Aircrack-ng is installed at /usr/local/bin and /usr/local/sbin. The $PATH will search for /usr/local first. Therefore, you will run GitHub version instead of original one.
When Kali Linux updated AirCrack-ng, you can uninstall the GitHub version by the following command when the source code is still there :
Remarks :
If using WAIDPS, make sure to use v1.0 R.6d (or newer) as it fixed for the newer aireplay-ng display.
Reference
5GHz Patch
Typo Patch
That's all! See you.
The following is the best way than this as it uses the latest source of AirCrack-NG from GitHub.
Step 1 :
apt install pkg-config libssl-dev libsqlite3-dev libnl-3-dev libnl-genl-3-dev libpcre3-dev
Step 2 :
To patch for 5GHz band :
git clone https://github.com/aircrack-ng/aircrack-ng
cd aircrack-ng/src
wget https://github.com/jpmv27/aircrack-ng/commit/8199c04357ea05daaf2de2ae7eebb28d30baef87.patch
patch < 8199c04357ea05daaf2de2ae7eebb28d30baef87.patch
Step 3 :
To fix a typo :
nano bessid-ng.c
Replace line 709 where
err(1, "wi_wirte()");
to
err(1, "wi_write()");
Step 4 :
make
make install
Important
Make sure not to uninstall aircrack-ng by "apt" command as it will also uninstall some useful packages at the same time.
Kali Linux's Aircrack-ng is installed at /usr/bin and /usr/sbin while GitHub's Aircrack-ng is installed at /usr/local/bin and /usr/local/sbin. The $PATH will search for /usr/local first. Therefore, you will run GitHub version instead of original one.
When Kali Linux updated AirCrack-ng, you can uninstall the GitHub version by the following command when the source code is still there :
cd aircrack-ng
make clean
make uninstall
Remarks :
If using WAIDPS, make sure to use v1.0 R.6d (or newer) as it fixed for the newer aireplay-ng display.
Reference
5GHz Patch
Typo Patch
That's all! See you.
Labels:
Aircrack-ng,
Kali Linux
Monday, December 04, 2017
HOWTO : Install HashCat on Ubuntu 16.04.3
hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking.
Step 1 :
Step 2 :
To crack WPA/WPA2 passphrase, convert cap to hccapx :
If using WAIDPS, copy the "cap" file to "~/infosec" :
If you are using Kali Linux 2017.3, "cap2hccapx.bin" is located at the following :
Step 3 :
The following are the example usgaes of hashcat to crack WPA/WPA2 passphrase:
To crack with rockyou dictionary :
To crack up to 8 digits :
To crack up to 8 characters for all available characters including space :
To crack with rules and rockyou dictionary :
The WPA/WPA2 crack on MacBook Pro (Retina Mid 2012 - NVIDIA GeForce GT 650M and Intel HD Graphics 4000) with hashcat required about half an hour for captioned first 2 examples. The third example requires over 305 years to complete on my MacBook Pro. The forth example requires 1 day and 13 hours to complete on my MacBook Pro.
Reference
How to Perform a Mask Attack Using hashcat
That's all! See you.
Step 1 :
sudo apt install ocl-icd-libopencl1 git build-essential
mkdir ~/infosec
cd infosec
git clone https://github.com/hashcat/hashcat
cd hashcat
git submodule update --init
make
cd ~/infosec
git clone https://github.com/hashcat/hashcat-utils
cd hashcat-utils/src
make
cp *.bin ../bin
Step 2 :
To crack WPA/WPA2 passphrase, convert cap to hccapx :
If using WAIDPS, copy the "cap" file to "~/infosec" :
cp /.SYWorks/Saved/Handshake_F92A673ED5C2_hihi_StrictFull.cap ~/infosec
cd ~/infosec
hachcat-utils/bin/cap2hccapx.bin Handshake_F92A673ED5C2_hihi_StrictFull.cap hihi.hccapx
If you are using Kali Linux 2017.3, "cap2hccapx.bin" is located at the following :
/usr/lib/hashcat-utils/cap2hccapx.bin
Step 3 :
The following are the example usgaes of hashcat to crack WPA/WPA2 passphrase:
To crack with rockyou dictionary :
cd ~/infosec/hashcat
./hashcat -m 2500 ~/infosec/hihi.hccapx ~/rockyou.txt
To crack up to 8 digits :
./hashcat -m 2500 ~/infosec/hihi.hccapx -a 3 ?d,?d?d?d?d?d?d?d?d --increment-min 1 --increment-max 8 --increment
To crack up to 8 characters for all available characters including space :
./hashcat -m 2500 ~/infosec/hihi.hccapx -a 3 ?a,?a?a?a?a?a?a?a?a --increment-min 1 --increment-max 8 --increment
To crack with rules and rockyou dictionary :
./hashcat -m 2500 -r rules/best64.rule ~/infosec/hihi.hccapx ~/rockyou.txt
The WPA/WPA2 crack on MacBook Pro (Retina Mid 2012 - NVIDIA GeForce GT 650M and Intel HD Graphics 4000) with hashcat required about half an hour for captioned first 2 examples. The third example requires over 305 years to complete on my MacBook Pro. The forth example requires 1 day and 13 hours to complete on my MacBook Pro.
Reference
How to Perform a Mask Attack Using hashcat
That's all! See you.
Sunday, December 03, 2017
HOWTO : Install Forked AirCrack-NG on Kali Linux 2017.3
Since AirCrack-NG release 1.2rc4 and github repository commit number 7552fdc do not detect 5GHz channel number properly, you need to use jpmv27's repository for the workaround till official is patched in the next release.
Step 1 :
Step 2 :
Step 3 :
Make sure not to uninstall aircrack-ng by "apt" command as it will also uninstall some useful packages at the same time.
That's all! See you.
Step 1 :
apt install pkg-config libssl-dev libsqlite3-dev libnl-3-dev libnl-genl-3-dev libpcre3-dev
Step 2 :
git clone https://github.com/jpmv27/aircrack-ng
cd aircrack-ng
Step 3 :
make
make install
Make sure not to uninstall aircrack-ng by "apt" command as it will also uninstall some useful packages at the same time.
That's all! See you.
Labels:
Aircrack-ng
Subscribe to:
Posts (Atom)