Archive for the ‘WiFi’ Category

  1. wifite
    Link Project: https://github.com/derv82/wifite
    Wifite is for Linux only.Wifite is an automated wireless attack tool.Wifite was designed for use with pentesting distributions of Linux, such as Kali LinuxPentooBackBox; any Linux distributions with wireless drivers patched for injection. The script appears to also operate with Ubuntu 11/10, Debian 6, and Fedora 16.Wifite must be run as root. This is required by the suite of programs it uses. Running downloaded scripts as root is a bad idea. I recommend using the Kali Linux bootable Live CD, a bootable USB stick (for persistent), or a virtual machine. Note that Virtual Machines cannot directly access hardware so a wireless USB dongle would be required.Wifite assumes that you have a wireless card and the appropriate drivers that are patched for injection and promiscuous/monitor mode.
  2. wifiphisher
    Link Project: https://github.com/sophron/wifiphisher
    Wifiphisher is a security tool that performs Wi-Fi automatic association attacks to force wireless clients to unknowingly connect to an attacker-controlled Access Point. It is a rogue Access Point framework that can be used to mount automated victim-customized phishing attacks against WiFi clients in order to obtain credentials or infect the victims with malwares. It can work a social engineering attack tool that unlike other methods it does not include any brute forcing. It is an easy way for obtaining credentials from captive portals and third party login pages (e.g. in social networks) or WPA/WPA2 pre-shared keys.Wifiphisher works on Kali Linux and is licensed under the GPL license.
  3. wifi-pumpkin
    Link Project: https://github.com/P0cL4bs/WiFi-Pumpkin
    Very friendly graphic user interface, good handling, my favorite one is the establishment of phishing wifi attack tools, rich functional interface, ease of use is excellent. Compatibility is also very good. Researcher  is actively update them, we can continue to focus on this fun project
  4. fruitywifi
    Link Project: https://github.com/xtr4nge/FruityWifi
    FruityWifi is an open source tool to audit wireless networks. It allows the user to deploy advanced attacks by directly using the web interface or by sending messages to it.
    Initially the application was created to be used with the Raspberry-Pi, but it can be installed on any Debian based system
  5. mama toolkit
    Link Project: https://github.com/sensepost/mana
    A toolkit for rogue access point (evilAP) attacks first presented at Defcon 22.
    More specifically, it contains the improvements to KARMA attacks we implemented into hostapd, as well as some useful configs for conducting MitM once you’ve managed to get a victim to connect.
  6. 3vilTwinAttacker
    Link Project:https://github.com/wi-fi-analyzer/3vilTwinAttacker
    Much like wifi-pumpkin interface. Has a good graphical interface, the overall experience is very good, good ease of use. Good compatibility. Researcher has hardly been updated.
  7. ghost-phisher
    Link Project: http://tools.kali.org/information-gathering/ghost-phisher
    It has a good graphical interface, but almost no fault tolerance, many options easily confusing, but the overall feeling is still very good use. It can be a key to establish rogue ap, and protect dhcp, dns services interface, easy to launch a variety of middle attack, ease of use is good. Compatible good. Kali has been made official team updated original repo.
  8. fluxion
    Link Project: https://github.com/wi-fi-analyzer/fluxion
    Fluxion is a remake of linset by vk496 with (hopefully) less bugs and more functionality. It’s compatible with the latest release of Kali (rolling). The attack is mostly manual, but experimental versions will automatically handle most functionality from the stable releases.

Happy Hunting

Advertisements

This tutorial will require the use of Backtrack, get the latest version HERE and it is free.

Wireless technology comes at the price of security but at least WPA and WPA2 are safe right? Wrong. WPA and WPA2 are both crackable but the time it takes to crack depends on the strength of their password.

-Boot into BackTrack
-Open up Konsole which is a command line utility built into BackTrack. It is the Black Box in the Lower-Left Hand Corner (See Image).


We will now be entering the following commands into the command line noted by Bold as well as explanations as to what they do:

-The following commands stop the wireless interface so you can change your mac address, this is important because your mac address is a unique identifier so faking one is a good idea if you are accessing a network you don’t have permission to. (Which by the way I wholly condemn)

1:
airmon-ng stop wlan0
ifconfig wlan0 down
macchanger –mac 00:11:22:33:44:55 wlan0
airmon-ng start wlan0

2:
-Now we will put the airodump-ng tool into monitor mode, this will allow us to see all of the wireless networks around us.

airodump-ng mon0

Now choose the network you want to hack and take note of the BSSID, and the Channel it is one as well as the ESSID. The PWR has to be fairly high to be able to hack it, this is determined by how close you are to the wireless router. The closer you are, the better.

Once you have chosen the wireless network enter the following into the terminal:
This will write capture packets and put them into the “filename” file, we are trying to capture the handshake between the router and wireless connection which will give us the key we need to crack.

3:
airodump-ng mon0 –channel * –bssid **:**:**:**:**:** -w filename

The following step is optional but is highly recommended as it will speed up the process a great deal.

Once “WPA handshake: **:**:**:**:**:**” appears in the top right-hand corner we can move on. If you are having trouble getting the WPA handshake to occur then do step 4.

4:
aireplay-ng -0 1 -a **:**:**:**:**:** -c **:**:**:**:**:** mon0

What this step (4) does is it deauthorizes a wireless connection and trie to re-establish it so it will generate a new handshake to capture. This step ends once you have captured the handshake.

5:
aircrack-ng –w wordlist.lst -b **:**:**:**:**:** filename.cap

Step 5 is now trying to crack the password in “filename.cap” using a list of words, here called “wordlist.lst” you can download a good 200 million word dictionary here (128MB but unzipped is 800MB). However if this wordlist becomes unavailable feel free to drop me a line and I’ll post a new one.

Your computer has to compute the hash value of every password in that list but a computer can go through those 200 million passwords in 6-12 hours.

6.

If the password isn’t found in the dictionary you can try and brute-force the password with this command: (Note this could take a very long time depending on their password strength).

/pentest/password/jtr/john –stdout –incremental:all | aircrack-ng -b **:**:**:**:**:** -w – filename.cap

Note: If you would like some instructions on how to install Backtrack5 have a look at The Geek Net, they have produced a very simple yet very effective tutorial.

Better WiFi security could soon be just a few rolls of wallpaper away. French researchers at Institut Polytechnique de Grenoble, in cooperation with the Centre Technique du Papier, have developed wallpaper that can block WiFi signals, preventing them from being broadcast beyond the confines of an office or apartment.  But unlike other signal-blocking technologies based on the Faraday cage (which block all electromagnetic radiation), the wallpaper only blocks a select set of frequencies used by wireless LANs, and allows cellular phones and other radio waves through. L’Informatcien reports that researchers claim the price of the wallpaper, which is being licensed to a Finnish manufacturer for production, would be “equivalent to a traditional mid-range wallpaper.” It should be available for sale in 2013.

Pierre Lemaitre-Auger, the director of studies at Grenoble INP’s ESISAR (School of Advanced Systems and Networks) said during a demonstration of the wallpaper that in addition to preventing WiFi snooping, it could also be used in areas where there is concern about interference from WiFi or to block external WiFi sources—such as in hospitals, hotels, or theaters. (It could also be used to prevent guests from trying to get out of paying for WiFi and picking up an outside network for free.) He also said that the paper could be marketed to people concerned about sensitivity to electromagnetic waves, such as “people who want the opportunity to protect themselves and to have very low levels of radio waves in their apartment.”

TeliaSonera was the first operator in the world to launch a 4G LTE network. We’re talking December 2009 here, a full year before Verizon turned on their 4G LTE network. Now most people accessing said ridiculously high speed network have thus far been doing it via USB modems, but that’s just officially changed. TeliaSonera has announced that they’re selling the Samsung Galaxy S II LTE in Sweden, making it the first phone in Europe to come with 4G LTE. If you sign up for a two year contract you get the phone for free, and your phone bill comes ou

t to 649 Swedish kronor ($97.26). That’s not bad. That package includes 3,000 minutes, 3,000 text messages, and 10 GB of data. We’d like to remind our readers that Europeans don’t pay for incoming cal

ls or text messages. As for what sort of technology is being used to power the voice portion of the Galaxy S II LTE, it’s good old fashioned CSFB (circuit switched fallback). In other words, when you’re connected to the 4G LTE network and someone calls you your device will disconnect from the 4G LTE network, connect to the 3G network, and then route the call through. Supposedly you can’t even notice the lag, though we haven’t tested this ourselves.

Read More @ www.intomobile.com