KaliTut

Kali Linux tutorial and Linux system tips

WPA2 Half Handshake attack

by Leave a Comment

WPA2 Half Handshake (half handshake): WiFi password hacking software and attack scripts
Each Client connection (Station) to a WiFi access point is a rather complicated process of exchanging random data (generated for a particular connection) and keys. This data set is called WPA handshake. There are four elements in it that various authors call messages (messages), exchanges, or packages. Also, message 1 is usually denoted M1, message 2 is M2, message 3 is M3 and message 4 is M4.

The WiFi password is not transmitted in open form at any stage, however, the handshake contains enough information for brute-force selection of a password. As already mentioned, there should be four elements in the handshake. You can view the composition of the handshake with various tools, for example, using Wireshark , for this purpose the tool has an “ eapol ” filter:

[Read more…] about WPA2 Half Handshake attack

Hacking Wifi using PMKID and Aircrack-ng

by 3 Comments

Hacking WiFi without users in Aircrack-ng
About hacking WiFi, which are not connected to the clients, described in the previous article ” Hacking WiFi without users .” There are technical details on why this attack is possible. In short, some Access Points, when associating with them, send a PMKID, which can be used to crack a password instead of a full handshake. That is, we obtain the necessary data for cracking a password without capturing the usual four-step handshake, therefore, this attack is possible on Access Points, even without connected stations.
In the article referred to, we used the following programs:

[Read more…] about Hacking Wifi using PMKID and Aircrack-ng

Hacking WiFi without users using PMKID attack

by Leave a Comment

Attack on WiFi without clients ( PMKID attack )

There are a large number of various attacks on WiFi . The most universal attack (working against virtually all access points) is an attack on WPA/WPA2 technology, since it is used in the vast majority of wireless access points. WPA/WPA2, when clients connect to an access point, use the EAPOL security protocol, during which there is a gradual exchange of data between the access point and the client that wants to connect. The essence of the attack lies in the fact that it is necessary to intercept the entire (or at least a part) of the transmitted data and use the search method to find a suitable password. Simply put, you first need to grab a handshake (at the EAPOL stage), and then use brute-force to find the correct password.

PMKID attack

At each of these two stages, difficulties may arise: problems with the seizure of a handshake can be caused by many reasons, the most fatal of them being the lack of clients. That is if there are no connecting clients, then the EAPOL protocol is not used, which means there is nothing to intercept.

[Read more…] about Hacking WiFi without users using PMKID attack

Selective wifi jamming networks and clients

by Leave a Comment

(DoS attack on individual access points/clients) Selective wifi jamming can be useful in different scenarios. For example:

wifi jamming
  • you want to leave without communication of others, but you yourself need to stay online via WiFi,
  • or you want to make all access points, except your own, unavailable for connection, on which you launch various attacks against connected clients ( sniffing traffic with password, changing DNS , infecting backdoor executable files, phishing, embedding your content into the content of HTML pages and anything else).
[Read more…] about Selective wifi jamming networks and clients

mitmAP WiFi access point to intercept passwords

by Leave a Comment

WiFi access point to intercept passwords: configure and analyze data mitmAP is a small Python3 script that automates the creation of a wireless access point and launches tools for sniffing traffic, including those that allow you to partially bypass the HSTS .

The program comes with SSLStrip + and dns2proxy and automatically launches them, thereby achieving HTTPS / HSTS bypass. With mitmAP, you don’t need to go into this process, but if you want to do something like this, for example, with create_ap, then start with “ how to setup Rogue access point “.

[Read more…] about mitmAP WiFi access point to intercept passwords