Wi-Fi (WEP) Cracking in less than 5 mins

wifite

As a part of a wireless security assessment I was asked to assess clients’s wireless security posture. A day before I decided to do some homework and try few tools available in kali linux. I started with a tutorial related to aircrack-ng and its related tools set where we capture IVs, de-authenticate clients and crack the IVs, even after a couple of hours I was unable to crack even the weakest networks around.

Out of frustation I decided to try out another tools and this time it was “wifite”, which  I never used or heard off. After reading about a bit online I planned to go ahead and start playing around. And surprisingly it took less than 3-5 mins for wifite to crack the network I was struggling with.

Below are the steps I followed to crack the WEP network.

  1. Run command “wifite” to initate and wait for at least 3-5 minutes and let the tool  collect near by wireless networks info like security protocol, signal strength, WPS yes/no, clients connected or not, etc.

wifite

2. Once you see a significant number of near by access point press “Ctrl+c” to choose which access point to attack. I selected “****250” access point as my target.

Just select your target and let the tool do it’s magic.cracked

And voila !! In less than a minute the key got cracked.

Conclusion : After trying WEP cracking I realised how weak WEP can be.

Suggestion : Never use WEP as security protocol for your access points.

Be Safe Stay Secure !! and Kudos to author of “wifite”

Note : This tutorial is for educational purpose only, use the steps at your own risk and attack the AP which you own, unless and until you have permission from the owner please do not try this.

In my next post I will share my experience of trying to do get  this to  another level WPA/WPA2.

Advertisements

Anonymous hackers threatens Israel

Anonymous hackers threatens israel’s govt, that they will shutdown the countries critical infrastructure by hacking into their systems, and it has been declared that they are do this massive attack on Israel on the remembrance of the Holocaust Day.

Anonymous has also pointed the youths of Israel, that the team of anonymous will be there to support them.

In a video uploaded on youtube they have give the message to the Israels government, that anonymous will wipe out the existence of Israel from the web.

 

For more info :  http://www.israelhayom.com/site/newsletter_article.php?id=3061

Hacking WIFI passwords

WPA2 is the most recent and strong wifi encryption considered, hacking into any personal wifi network is illegal, do it only if your are authorised to do.

Kali linux is one of the best pentesting operating system,using the tools already built into it one can infiltrate into a wifi network secured with wpa2 encryption.

For more info follow the below link :

http://www.hackersnewsbulletin.com/2015/03/hack-wifi-password-using-kali-linux-network-penetration-testing-tool.html

Keep your browser(Chrome) secure

google chrome security update

Broswer is such thing which is installed on evry other device we interact with today, now even we have them on our mobile devices.

Definitely at some point it can riskier if we did not take necessary precautions. By securing your browsing experience and controlling the privacy setting we can be on the safer side.

Why is it important?

Because this can the entry point for some person with malicious intent to get an entry point to your device.

How can you make it secure?

Watch the video below to learn.

USB can kill your computer ;)

I read an article about how a dude in the subway fished out a USB flash drive from the outer pocket of some guy’s bag. The USB drive had “128” written on it. He came home, inserted it into his laptop and burnt half of it down. He wrote “129” on the USB drive and now has it in the outer pocket of his bag…

to know more visit : http://hackaday.com/2015/03/11/killer-usb-drive-is-designed-to-fry-laptops/

 

 

FREAK Attack

Factoring RSA Export Keys

The FREAK attack was originally discovered by Karthikeyan Bhargavan at INRIA in Paris and the mitLS team.

Among the various state machine problems researcher’s found, one is particularly interesting because it leads to a server impersonation exploits against several mainstream browsers (including Safari and OpenSSL-based browsers on Android).

The attack targets a class of cipher suits, this class of suites were introduced by US government agencies to ensure that they can intercept all foreign communications.

If the server is willing to negotiate the export of weak cipher suite, a man in the middle can trick a victim’s browser to intercept the communication.

This vulnerability is affecting evry other device which is using a free Open SSL version, and every android and apple devices is definitely affected by this.

To check your browser is vulnerable visit : https://freakattack.com/

To check your server is vulnerable to OpenSSL  visit : https://tools.keycdn.com/freak

To eliminate the vulnerability update your OpenSSL version to atleast 1.02.

Sources : https://www.smacktls.com/ , https://freakattack.com/,

 

 

Lead Auditor & InfoSec Professional