This is default featured slide 1 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 2 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 3 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 4 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 5 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

Showing posts with label WEP/WPA/WPS. Show all posts
Showing posts with label WEP/WPA/WPS. Show all posts

LINSET - WPA/WPA2 Hack Without Brute Force

January 08, 2015  , , , , , , , , ,  


How it works
  • Scan the networks.
  • Select network.
  • Capture handshake (can be used without handshake)
  • We choose one of several web interfaces tailored for me (thanks to the collaboration of the users)
  • Mounts one FakeAP imitating the original
  • A DHCP server is created on FakeAP
  • It creates a DNS server to redirect all requests to the Host
  • The web server with the selected interface is launched
  • The mechanism is launched to check the validity of the passwords that will be introduced
  • It deauthentificate all users of the network, hoping to connect to FakeAP and enter the password.
  • The attack will stop after the correct password checking
Are necessary tengais installed dependencies, which Linset check and indicate whether they are installed or not.

It is also preferable that you still keep the patch for the negative channel, because if not, you will have complications relizar to attack correctly

How to use
$ chmod +x linset
$ ./linset


Read More

WiFiPhisher - Fast automated phishing attacks against WiFi networks

January 08, 2015  , , , , , , , , ,  


Wifiphisher is a security tool that mounts fast automated phishing attacks against WiFi networks in order to obtain secret passphrases and other credentials. It is a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining credentials from captive portals and third party login pages or WPA/WPA2 secret passphrases.

Wifiphisher works on Kali Linux and is licensed under the MIT license.

From the victim's perspective, the attack makes use in three phases:
  1. Victim is being deauthenticated from her access point. Wifiphisher continuously jams all of the target access point's wifi devices within range by sending deauth packets to the client from the access point, to the access point from the client, and to the broadcast address as well.
  2. Victim joins a rogue access point. Wifiphisher sniffs the area and copies the target access point's settings. It then creates a rogue wireless access point that is modeled on the target. It also sets up a NAT/DHCP server and forwards the right ports. Consequently, because of the jamming, clients will start connecting to the rogue access point. After this phase, the victim is MiTMed.
  3. Victim is being served a realistic router config-looking page. wifiphisher employs a minimal web server that responds to HTTP & HTTPS requests. As soon as the victim requests a page from the Internet, wifiphisher will respond with a realistic fake page that asks for credentials, for example one that asks WPA password confirmation due to a router firmware upgrade.

Usage
Short formLong formExplanation
-mmaximumChoose the maximum number of clients to deauth. List of clients will be emptied and repopulated after hitting the limit. Example: -m 5
-nnoupdateDo not clear the deauth list when the maximum (-m) number of client/AP combos is reached. Must be used in conjunction with -m. Example: -m 10 -n
-ttimeintervalChoose the time interval between packets being sent. Default is as fast as possible. If you see scapy errors like 'no buffer space' try: -t .00001
-ppacketsChoose the number of packets to send in each deauth burst. Default value is 1; 1 packet to the client and 1 packet to the AP. Send 2 deauth packets to the client and 2 deauth packets to the AP: -p 2
-ddirectedonlySkip the deauthentication packets to the broadcast address of the access points and only send them to client/AP pairs
-aaccesspointEnter the MAC address of a specific access point to target
-jIjamminginterfaceChoose the interface for jamming. By default script will find the most powerful interface and starts monitor mode on it.
-aIapinterfaceChoose the interface for the fake AP. By default script will find the second most powerful interface and starts monitor mode on it.

Screenshots

Targeting an access point

A successful attack

Fake router configuration page


Requirements
  • Kali Linux.
  • Two wireless network interfaces, one capable of injection.

Read More

[Wireless IDS] Ability to detect suspicious activity such as (WEP/WPA/WPS) attack by sniffing the air for wireless packets

January 23, 2014  , , , , , ,  



Wireless IDS is an open source tool written in Python and work on Linux environment. This tool will sniff your surrounding air traffic for suspicious activities such as WEP/WPA/WPS attacking packets. It do the following
  • Detect mass deauthentication sent to client / access point which unreasonable amount indicate possible WPA attack for handshakes.
  • Continual sending data to access point using broadcast MAC address which indicate a possibility of WEP attacks
  • Unreasonable amount of communication between wireless client and access point using EAP authentication which indicate the possibility of WPS bruteforce attack by Reaver / WPSCrack
  • Detection of changes in connection to anther access point which may have the possibility of connection to Rogue AP (User needs to assess the situation whether similar AP name)

Read More
Subscribe to: Posts (Atom)