Jump to content
Sign in to follow this  
panjang110

need help securing my home wifi

Recommended Posts

hmm I thought without broadcasting your SSID they would need to know it, otherwise they couldn't scan it. Of course you have those sniffing programs, but this will stop the script-kiddies from cracking it since they only know how to push a button.

There are scripts that will allow you to capture packets from all sources within range, regardless of the ssid being hidden or not.

 

What matters is obtaining a handshake, and if its not a public network, that can take days. Pray for a power outage.

Edited by tacohunter52

Share this post


Link to post
Share on other sites

 

hmm I thought without broadcasting your SSID they would need to know it, otherwise they couldn't scan it. Of course you have those sniffing programs, but this will stop the script-kiddies from cracking it since they only know how to push a button.

There are scripts that will allow you to capture packets from all sources within range, regardless of the ssid being hidden or not.

 

What matters is obtaining a handshake, and if its not a public network, that can take days. Pray for a power outage.

 

 

The handshake is WPA2-PSKs Achillies'heel. An attacker can use a tool to monitor traffic being transmitted over the air,.. and launch a deauth attack which forcibly disconnects your device from it's Wi-Fi network, and your device immediately reconnects, performing the four-way handshake which the attacker captures,.. it only takes a few seconds.

Edited by Braegnok

Share this post


Link to post
Share on other sites

and after capturing an allowed devices ip from inside the attacker simply clones his ip and quickly becomes an allowed device.

This is the part I'm having trouble believing. Is there any truth to this? I know you are right about deauth requests, but thats provided you are in range and have a powerful enough wifi adapter.

 

Im pretty sure once you get a handshake, you essentially have to brute force it.

 

Ive heard of ip spoofing, but as a way to get people to connect to a fake access point. Or to change ip/mac to one that is allowed. (In the case of mac filtering or a limited ip range)

 

Can you really just change your ip and bypass authentication? that just sounds very farfetched.

 

I tried a search, but didnt see amything giving proof to this claim.

Share this post


Link to post
Share on other sites

Not sure if I'm comfortable posting full instructions,.. it's a bit more complicated than that, after deauth attack you launch a layer-2 attack (rouage AP) that takes advantage of the fact that devices are often set to automatically send an encrypted handshake packet containing passphrase to any wifi network that claims to be a "remembered" wifi network. Of course, the names of these "remembered" networks are broadcast,.. and this tricks the network into sending the encrypted passphrase to your random access point,.. OK now you have the handshake, encrypted passphrase, remembered network access, and allowed ip/MAC address from inside device,.. that's all you need to get in and launch a layer-7 attack on application and network resources for control of router. 

Edited by Braegnok

Share this post


Link to post
Share on other sites

You dont need any special tools to crack any wifi in windows.... Windows will do it for you via command prompt... Youtube it.

 

Best way to set up wifi is  where some one actually needs to log into the wifi and it needs to be verified and accepted before they can receive connection.  They need software like that but with all major companies wanting shared wifi it's hard to get that mainstream.

Share this post


Link to post
Share on other sites

You dont need any special tools to crack any wifi in windows.... Windows will do it for you via command prompt... Youtube it

Are you talking about netsh? That would require the windows computer to have at some point been connected to the wireless network.

 

otherwise with windows i think you would need tools. Maybe things have changed with the powershell now though?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...