cracking wpa/wpa2 with non-dictionary attacks
DESCRIPTION
null Pune Chapter - September 2012 MeetTRANSCRIPT
![Page 1: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/1.jpg)
By
Swaroop YermalkaR
![Page 2: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/2.jpg)
Changing the
world
through Wireless
Communication!
![Page 3: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/3.jpg)
Dj Akhil Talreja
![Page 4: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/4.jpg)
![Page 5: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/5.jpg)
![Page 6: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/6.jpg)
BT5 r3 laptop with wifi card
Dlink router Galaxy
pop
![Page 7: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/7.jpg)
Simple WPA/2 Cracking Technique Brute-Force attack Understanding WPS [ Wi-Fi Protected Setup ] Exploring Reaver
![Page 8: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/8.jpg)
1. Start Sniffing 2. Capture WPA Handshake 3. Apply Dictionary 4. Crack the password!
![Page 9: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/9.jpg)
![Page 10: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/10.jpg)
Supplicant Authenticator
Probe req,resp
Authentication RR, Association RR
Pre-shared key 256bit Pre-shared key 256bit
PTK PTK Message 2
Snounce + MIC
Message 4
Key install Acknowledgement
Snounce
Source: securitytube.net
![Page 11: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/11.jpg)
![Page 12: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/12.jpg)
Step 1
Step 2
![Page 13: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/13.jpg)
Step 3
Step 4
![Page 14: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/14.jpg)
1. Monitor air for a new client trying to associate with the access point (passive)
![Page 15: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/15.jpg)
2. De-authentication one or all clients and monitor reconnection (active)
De-authentication Packet
Legitimate client AP
![Page 16: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/16.jpg)
![Page 17: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/17.jpg)
![Page 18: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/18.jpg)
![Page 20: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/20.jpg)
Wi-Fi Protected Setup (WPS; originally Wi-Fi Simple Config) is a computing standard that attempts to allow easy establishment of a secure wireless home network. Created by the Wi-Fi Alliance and introduced in 2007, the goal of the protocol is to allow home users who know little of wireless security and may be intimidated by the available security options to set up Wi-Fi Protected Access, as well as making it easy to add new devices to an existing network without entering long passphrases.
Source: wikipedia
![Page 21: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/21.jpg)
![Page 22: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/22.jpg)
![Page 23: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/23.jpg)
Reaver is fantastic tool to crack this WPS pin written by Craig Heffner. It performs a brute force attack against the AP, attempting every possible combination in order to guess the AP's 8 digit pin number. Since the pin numbers are all numeric, there are 10^8 (100,000,000) possible values for any given pin number.
Source: Tactical Network Solutions articles
![Page 24: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/24.jpg)
![Page 25: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/25.jpg)
n0nEc@nhaCkthi$pa$sw0rd!!!
…use pin as master key!
![Page 26: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/26.jpg)
![Page 27: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/27.jpg)
Ex: R0ck$t@R
Keep non-dictionary, combination of symbols, digits and numbers.
![Page 28: Cracking WPA/WPA2 with Non-Dictionary Attacks](https://reader034.vdocument.in/reader034/viewer/2022052506/55721648d8b42a36668b4922/html5/thumbnails/28.jpg)
1. Tactical Network Solutions 2. WiFi Security Megaprimer by Vivek Ramchandran