scr4wl Posted February 20, 2017 Posted February 20, 2017 (edited) hmm I thought without broadcasting your SSID they would need to know it, otherwise they couldn't scan it. Of course you have those sniffing programs, but this will stop the script-kiddies from cracking it since they only know how to push a button.There are scripts that will allow you to capture packets from all sources within range, regardless of the ssid being hidden or not. What matters is obtaining a handshake, and if its not a public network, that can take days. Pray for a power outage. Edited February 20, 2017 by tacohunter52 Share this post Link to post Share on other sites More sharing options...
Braegnok Posted February 20, 2017 Posted February 20, 2017 (edited) hmm I thought without broadcasting your SSID they would need to know it, otherwise they couldn't scan it. Of course you have those sniffing programs, but this will stop the script-kiddies from cracking it since they only know how to push a button.There are scripts that will allow you to capture packets from all sources within range, regardless of the ssid being hidden or not. What matters is obtaining a handshake, and if its not a public network, that can take days. Pray for a power outage. The handshake is WPA2-PSKs Achillies'heel. An attacker can use a tool to monitor traffic being transmitted over the air,.. and launch a deauth attack which forcibly disconnects your device from it's Wi-Fi network, and your device immediately reconnects, performing the four-way handshake which the attacker captures,.. it only takes a few seconds. Edited February 21, 2017 by Braegnok Share this post Link to post Share on other sites More sharing options...
scr4wl Posted February 20, 2017 Posted February 20, 2017 and after capturing an allowed devices ip from inside the attacker simply clones his ip and quickly becomes an allowed device. This is the part I'm having trouble believing. Is there any truth to this? I know you are right about deauth requests, but thats provided you are in range and have a powerful enough wifi adapter. Im pretty sure once you get a handshake, you essentially have to brute force it. Ive heard of ip spoofing, but as a way to get people to connect to a fake access point. Or to change ip/mac to one that is allowed. (In the case of mac filtering or a limited ip range) Can you really just change your ip and bypass authentication? that just sounds very farfetched. I tried a search, but didnt see amything giving proof to this claim. Share this post Link to post Share on other sites More sharing options...
Braegnok Posted February 20, 2017 Posted February 20, 2017 (edited) Not sure if I'm comfortable posting full instructions,.. it's a bit more complicated than that, after deauth attack you launch a layer-2 attack (rouage AP) that takes advantage of the fact that devices are often set to automatically send an encrypted handshake packet containing passphrase to any wifi network that claims to be a "remembered" wifi network. Of course, the names of these "remembered" networks are broadcast,.. and this tricks the network into sending the encrypted passphrase to your random access point,.. OK now you have the handshake, encrypted passphrase, remembered network access, and allowed ip/MAC address from inside device,.. that's all you need to get in and launch a layer-7 attack on application and network resources for control of router. Edited February 20, 2017 by Braegnok Share this post Link to post Share on other sites More sharing options...
scr4wl Posted February 20, 2017 Posted February 20, 2017 I think I see what you are getting at. Share this post Link to post Share on other sites More sharing options...
Braegnok Posted February 20, 2017 Posted February 20, 2017 (edited) While hacker is "on your wireless network",.. you can quickly determine hackers exact location with this free app. http://www.dopsys.com/software/MPT%20User%20Interface.html Edited February 23, 2017 by Braegnok Share this post Link to post Share on other sites More sharing options...
dr_bowtie Posted February 21, 2017 Posted February 21, 2017 You dont need any special tools to crack any wifi in windows.... Windows will do it for you via command prompt... Youtube it. Best way to set up wifi is where some one actually needs to log into the wifi and it needs to be verified and accepted before they can receive connection. They need software like that but with all major companies wanting shared wifi it's hard to get that mainstream. Share this post Link to post Share on other sites More sharing options...
scr4wl Posted February 21, 2017 Posted February 21, 2017 You dont need any special tools to crack any wifi in windows.... Windows will do it for you via command prompt... Youtube it Are you talking about netsh? That would require the windows computer to have at some point been connected to the wireless network. otherwise with windows i think you would need tools. Maybe things have changed with the powershell now though? Share this post Link to post Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now