Aside from all the performance and reliability reasons, this is a very bad idea because of perimeter security.
Lets assume WPA2 is 'uncrackable'. Are your employees smart enough not to lose their passwords? Or do you have some kind of 2 factor authentication thing planned?
Also, I can shut down your business from my car across the street by simply jamming the signal or sending de-auth packets.
Just kidding, i don't have a car.
Take a look at airdrop-ng. Although there are malicious uses, from an enterprise level you can also:
prevent your users from connecting to open APs near your business (force them onto the encrypted wifi you provide)
turn the tables and deauth an attacker from your own network (drop any MACs that aren't already in your own inventory system)
There are other practical applications, like most "hacking" tools it's a double-edged sword.
You can get the MAC from an encrypted wireless network, even WPA2. MACs are never encrypted for wifi communication. You don't even have to be connected to the network to find it!
I present to you, airodump-ng, part of the aircrack-ng suite:
Actually you can install aircrack-ng on MAC too. http://www.aircrack-ng.org/doku.php?id=install_aircrack#installing_on_mac_osx
I suggest you install it and run the following command.
sudo aireplay-ng --deauth 9999 -a [X] -c [Y] [Z]
Where:
X = YOUR ROUTER/MODEM MAC ADDRESS
Y = YOUR ROOMMATE'S MAC ADDRESS
Z = YOUR NETWORK INTERFACE (eg. wlan0 for linux )
*remove brackets of course.
As long as the command is running, you'll roommate will not be able to connect to your router.
REF: http://www.aircrack-ng.org/doku.php?id=deauthentication
No, it's not. WPA2 encryption isn't easily broken like WEP is, but encryption only stops unauthorized people from connecting to the network in the first place. If you're on a public WiFi network, you're exposed to the same risks whether it's encrypted or not. Encryption doesn't do much good if everyone has the key. (This doesn't apply to application-layer encryption protocols like HTTPS - those are still safe).
If you have the password to the WiFi network, you can read all traffic ~~- it does not use a different key for each device. The password is the encryption key (or more accurately the encryption key is generated from the password)~~
EDIT: Apparently the password is only used as the encryption key when the device authenticates to the access point, and all communications after that do use a unique key - so an attacker would have to see your device authenticate in order to read your traffic. See /u/ikibau's comment
In fact, all packets get sent to all devices, and it's up to the network card on the device to discard those intended for other devices. If you put your wireless card into promiscuous mode with a tool like airmon-ng, you will all receive packets on the network (provided you are connected to the network) whether they are intended for your machine or not.
Ethernet works the same way, but ethernet networks are usually segmented to some degree, so you may not recieve all packets on the network, even in promiscuous mode.
Two best methods would be ARP spoofing or 802.11 deauth broadcast. You can disconnect any wireless device from the network using aircrack-ng but this requires a Linux installation.
I have excellent experience with WIFI adapters.
I started using them back since early 2000's when WIFI wasn't even a big thing yet.
My professional advice would be don't be hard set on "Brands" (meaning don't buy a WIFI adapter because it's Linksys, Netgear, or whatever), this most important thing about a WIFI adapter is the "CHIPSET" manufacturer.
What you are looking for is a reliable chipset manufacturer (what's inside the wifi adapter) and not the outside branding.
These are my suggestions:
In that order. Find a wireless adapter with any of those built in chipsets and you will have a reliable, stable and fast connection no matter what.
(Yes, WEP cracking and WPA cracking if you are looking to audit your own security).
One of my recommendations would be something like this which is what I still been using for years (USB for hooking up to desktop or laptop).
Alfa AWUS036NHR or this one too.
Ignore the information on the column that says "windows not supported" on the aircrack page. That's just for the airodump/aircrack support, not the device itself.
It's a pretty classic attack on WPA2. If you sniff the 4 way handshake and know the PSK, you can decrypt the unique keys and the traffic.
You can use http://www.aircrack-ng.org/doku.php?id=airdecap-ng to do it. Notice how there is mo requirement for the unique key, just that the capture contains the handshake.
You can also use Wireshark https://wiki.wireshark.org/HowToDecrypt802.11
I like to use airodump-ng for this. It is a part of the awesome aircrack-ng suite of pen testing tools. There are binaries available for both Windows and Unix-like operating systems.
Except there are scripts which automate WEP cracking. A somewhat recent machine with decent wifi connection to the AP can crack WEP in literally SECONDS. http://www.aircrack-ng.org/doku.php?id=wesside-ng
A MAC white list is a terrible, terrible replacement for security. MAC white lists don't encrypt the data (You can sit back and read all the data in real time if there's no encryption...very easily!) and it takes a whole 10 seconds to listen for a valid MAC on the unencrypted stream and change your MAC to it. Connection to the AP won't be perfect, but the 'security' is still busted.
Use aircrack-ng on a laptop and ping the device using the app. Use the airodump-ng function. You'll see a chart like this where the PWR shows the reception strength. Move around the house and keep pinging the device. The stronger the signal, the closer you are to it.
Not familiar with the android device manager, but does it allow you to activate the camera on the device and save it to your gmail or Google drive? Maybe you'll see who's using it or a glimpse of where it is.
Also, I know you can get the signal reception using airodump-ng(part of the aircrack-ng tool suite) if you have a compatible Wifi card and a Linux distro up and running. You'll see something like this look at the table under "Usage Tips" with the signal reception listed as PWR (in decibels) underneath where it says STATION. If you keep pinging the device throughout this, you should see the airodump-ng screen update much quicker with the MAC address of the device. You should then be able to move around with your laptop like a long range metal detector, trying to increase the PWR until you find the device.
Just be quick about it because if you simply misplaced it, the battery will die and you won't be able to use this method. But if your neighbor took it and has a charger, (most androids use micro USB but some off brand tablets use a wall wart with a round plug) then you might see it for a while.
Kali will run on a Mac, but you may have a problem getting a directional reading with the pie plate reflector because of mechanical constraints. You can get the Aircrack-ng suite for Mac separately here if that makes the project easier, but getting the direction of the signal may be important & you'll have to figure that one out based on your equipment & ability to improvise.
It's a pretty classic attack on WPA2. If you sniff the 4 way handshake and know the PSK, you can decrypt the unique keys and the traffic.
You can use http://www.aircrack-ng.org/doku.php?id=airdecap-ng to do it. Notice how there is mo requirement for the unique key, just that the capture contains the handshake.
You can also use Wireshark https://wiki.wireshark.org/HowToDecrypt802.11
Short answer, you can't know who's operating it. Access points can present certificates to authenticate themselves. You'd need to know that the certs are legitimate and valid in order to verify the AP as legitimate or 'authentic'. At any rate, unencrypted WIFI is easily intercepted whether or not the AP is operated by a legitimate vendor or a hacker. VPN is your friend here.
As for shutting it down, you can send DEAUTH to all clients, thus effectively shutting the AP down. It will only work for as long as you are actively sending the frames.
This is basically what aircrack-ng was created for. You tell it to "listen" to an AP for connections and it'll list the MAC addresses of clients communicating with that AP.
> left my computer wide open
The above de-auth attack you mention doesn't leave "your computer wide open" you originally mentioned and, it isn't just solely Chromecasts that are vulnerable to these attacks.
Go ahead and download BackTrack5 from http://www.backtrack-linux.org/downloads/. (I'd recommend you get the GNOME/64 bit version if you aren't familiar with linux and have a machine that can run 64 bit.) BackTrack is a Linux distro specifically built for penetration testing (a.k.a. hacking). It'll have all the tools you need to <b>do</b> these things, so you won't waste time downloading tiny files and working out version conflicts and stuff when you run across something you want to try.
You'll probably also want to make a bootable flash drive for BT5 so you can use it on different computers. For this, use LiLi, which you can get for free at http://www.linuxliveusb.com/.
To start, try cracking a WEP key (wireless password) with aircrack-ng. It's fairly easy and there are a lot of tutorials out there on youtube and elsewhere on teh internets on how to do it. My favorite tutorial is on the aircrack website, http://www.aircrack-ng.org/doku.php?id=simple_wep_crack.
Move on to WPA/WPA2 cracking once you get the hang of WEP cracking. Be sure that you learn WHY something works before you do it, don't just do it because that's what someone said, otherwise you'll never be able to apply your knowledge.
And because I have to say this: never ever ever ever crack or hack something that isn't yours.
Enjoy! (and feel free to contact me with any questions!)
The short answer is - No, if you don't already have previous experience of breaking into a wireless networks. Figuring it out for the very first time is often very difficult.
It depends a lot on 1. which encryption they are using on their router - which is easy to determine because routers send these during the beacon signals 2. if your wireless card supports 'monitoring' mode.
And of-course you need packet airmon-ng, aircrack-ng and 2 others (I don't exactly remember). This is kind of a basic tutorial for all these - TUTORIAL
Often, you will have to catch 'Handshakes' of one or two devices. What I mean by this is - you need to keep on capturing the packets (using Cane and Able or Wireshark maybe) and then wait till one of the devices in the network connects to the router, you will then be able to crack the encryption.
Keep in mind, there are many variables in successful cracking and you will be really lucky if you get it right in the first try. Figuring out what you are doing wrong can be difficult, it will be even worse if after two days of trying you come to know that everything that you were doing was alright but the device card wasn't capturing handshakes.
Helpful google search terms - "Wireless [Encryption Type] cracking wireshark/cane and able/ airmon " . So, essentially - "Wireless WPA2 cracking using airmon ng"
Antennas are just a peice of hardware, they are only used for determining the shape and direction of your signal. Your WiFi card (specifically the chipset) is what you need to make sure supports packet injection. Take a look here for some good ones: http://www.aircrack-ng.org/doku.php?id=compatibility_drivers#which_is_the_best_card_to_buy
Someone correct me if I am wrong, but aircrack-ng is going to be used to capture the packets over a wireless network to capture packets to break the WEP, WPA/WPA2 key, so yes you will need a wireless adapter if you don't have one built onto the motherboard. But the adapter needs to have packet injection capabilities. This link can help you determine if one you do have is compatible with aircrack-ng. Your best bet is to get one of these from Hak 5 to help with your endeavors.
Holy shit, fuck me!! Look what i found using google and it took literally 5 seconds. Maybe even 7 seconds.
http://www.aircrack-ng.org/doku.php?id=compatibility_drivers
Crazy what you can find when you put forth the effort. fucking use google, matt
They're not WPA2?
WEP is the only that's really feasible a normal amount of time.
WPA is about the same difficulty as WPA2.
Here is a good introduction http://www.aircrack-ng.org/doku.php?id=cracking_wpa
I work in IT and was somewhat interested in this story when it came out, I can probably give you a bit of info on it, but first, in the article itself:
>A federal investigation of the Gaylord Opryland Resort and Convention Center in Nashville found that Marriott employees had used "containment features of a Wi-Fi monitoring system" at the hotel to prevent people from accessing their own personal Wi-Fi networks.
Basically they were using their WiFi APs (Access Points) to send deauthenticate signals to all the other devices in the area that weren't connected to their network (by spamming deauth signals to every other AP device in the area.) I kind of wonder if setting your cell phones tethering AP to the same SSID would have 'fixed' the problem (probably not as they likely did it with a white list of 'known good' MAC addresses.) You can read some about that type of 'attack' here and there is a guide to using aircrack to send deauth signals here (worth giving a read-through), or search Google for 'WiFi deauth' or 'WiFi deauth attack'.
This is completely different from good old-fashioned analogue jamming, which is just overpowering a radio signal. That takes out your own operations on those channels, too, which isn't something you want if you plan to use them. WiFi 'jamming' is primarily used in situations where maintaining network security is important, and could be used to keep unknown devices out of the area.
>As for shutting it down, you can send DEAUTH to all clients, thus effectively shutting the AP down. It will only work for as long as you are actively sending the frames.
While this will work, I would advise against it because:
http://www.aircrack-ng.org/doku.php?id=deauthentication
Use responsibly. (You can use it to effectively jam someone's wifi without actually jamming the frequency itself). Hell, you can even discriminate based on device mac addresses. the first six figures of the mac address correspond to a vendor, like apple or samsung or whatever.
i have only used airmon to create a monitor-mode interface. i don't know if it's available on windows though.
actually it seems like it's not available in the windows aircrack suite so i doubt there is a windows version available. sorry :(
I'd look at these 2 links:
http://www.aircrack-ng.org/doku.php?id=b43 http://www.aircrack-ng.org/doku.php?id=broadcom
If you can't get it working, I'd invest the $30 or so for a USB card that's known to work.
Nice. Sounds like I'll have to give it a shot. I've been playing on my desktop but I wouldn't mind being able to play this from my couch. I'll just finish all the hacking missions first. Thanks for the tip.
My wifi issue might be a known bug with SteamOS but I have a scapegoat that I'd like to blame instead. Reading the logs would be spoil my fantasy so I just delete them when they get larger than a meg.
Are you familiar with the way Comcast creates an access point for strangers to piggyback off of other paying customer's wifi? For some unholy reason that network signal is way stronger than that of my own network. It's totally useless and constantly gets in my way.
My options to solve this are obvious but what I want to do is make, what I call, a "Fuck you Comcast wifi network" machine. It's a raspberry pi that sits there with one purpose: de-authenticate every client from the network every second. It would cost me $15 but I won't have to configure any wireless devices to ignore that network AND I will sleep better at night knowing I'm helping other people. It would be cool to have a dedicated display just for showing me every client it kicks off. I'd probably then frame it and put it on my mantel to display it as a work of art. It would receive dozens of likes and upvotes.
But actually I'll just run some cable and only look into it more if I'm still having issues after that.
you are thinking wrong about this, cracking a wifi is nothing that would have to be hidden in the darknet, especially because the software is open source and developed in the public, openly discussed and documented. Pretty much any hacking related topic has software of that kind.
Aircrack-ng has a built-in test for packet injection.
(http://www.aircrack-ng.org/doku.php?id=injection_test)
Matter of fact, just check out the whole documentation since it will answer most, if not all, of your questions.
Yeah you don't need a dedicated device. Any computer that has a wifi card that can be put into monitor mode can crack wifi passwords. Even some Android devices do, I've done so myself.
aircrack-ng -- WEP & WPA-PSK
reaver wps -- WPS pin
reaver GUI -- reaver wps for Android
I've used all myself, the third one to crack an old workplaces wifi connection.
Airbase-ng will help you, also there's securitytube wi-fi primer so you can learn all basics about wi-fi security.
If you have kali, Ideally you want something that can run aircrack-ng. See http://www.aircrack-ng.org/doku.php?id=compatibility_drivers for compatible cards. Why get 2 dongles? I just got a TP-link for $15 from amazon.
Штук 10 наверняка WEP. Сломай и переключи на другие каналы.
Сломай штук пять WPA hashcat'ом и переключи на те же каналы.
Пароли на роутеры никто не меняет.
http://www.aircrack-ng.org/ http://hashcat.net/
Купи +15dB всенаправленную антенну.
Ничего из этого не отменяет другого.
Pretty sure someone has a different and better way but these should get yous somewhat in the ball park https://www.youtube.com/watch?v=kpI3fQjf43E http://www.drchaos.com/breaking-wpa2-psk-with-kali/ http://www.aircrack-ng.org/doku.php?id=cracking_wpa
You could try walking around with a linux laptop running aircrack-ng.
It will show you the beacons from the access point, and relative signal strenght.
If you have done enough research, aircrack is the go to. Make sure you have an external wifi card that is capable of injection.
You can find that here: http://www.aircrack-ng.org/doku.php?id=compatibility_drivers.
The most common are the alfa cards like the alfa awus036nha or whatever.
You can probably find one for cheaper, but heres one that i use: https://www.amazon.com/dp/B004YD7UBQ/ref=cm_sw_r_awd_c1nvub02KE5SR.
But of course you would know that after some basic research, right?? :)
> netgear n600 adapter
LOL Bro idk even know why i still have half of these pages laying around.. I guess i just love helping people.. thats the list of wifi adapters that we know are compatible.
First step is to buy yourself a wireless card with an Aetheros chipset, or another chipset that supports "monitor" mode.
If you're not familiar with Linux or computers in general you can just download and install something like Kali Linux (AKA Backtrack) and everything is already pretty much configured for you.
http://www.aircrack-ng.org/doku.php?id=cracking_wpa
Here's something specific to Kali linux
http://lewiscomputerhowto.blogspot.com/2014/06/how-to-hack-wpawpa2-wi-fi-with-kali.html
Enjoy, or not.
Assuming the itouch is making a connection or is connected to an unsecure wifi. You can run wireshark and look for "(wlan.da == 00:11:22:33:44:55:66) or (wlan.sa == 00:11:22:33:44:55:66)" and you should see your itouch connect/communicate.
To narrow down the location better, a directional antenna will help you narrow down where the connection is coming from. Else you will just need to walk/drive around your block and see the signal strength get better.
I AM NOT A LAWYER NOR SUGGESTING IT IS LEGAL TO DO ANYTHING MENTIONED BELOW. If they are using an encrypted network, aircrack-ng will be able to break some networks, but this can take some time and knowledge.
You could also send your itouch device deauth packets to you can see it without having to crack the network security. Auth/Deauth and a few other things are in clear text.
People do. For example http://www.aircrack-ng.org/
It's a little harder than a keygen generator because you have to find the key for each network and also typically have limited throughput so you don't have enough time to do it (except potentially for, e.g. neighbors).
Well im sure its not a WEP key anymore but that can be cracked in about 20 mins by arp poisoning and capturing wep IV's (Initialization vectors). WPA keys are a little harder becasue u need to capture the 4-way handshake, but same principle applies. You will need a wireless card capable of promiscuious mode, aswell as Aircrack-ng, Airmon-ng, and Airodump-ng, all found within the convient Backtrack Package (Now called Kali Linux) Here is the documentation of the Aircrack-ng Suite.
Why yes! yes there is. You could very easily create an air-crack script to de-auth their wifi every few seconds, leaving their wifi essentially useless. You could de-auth everything on their network, or just de-auth their audio system (might have to trial and error till you find the right mac address). The easiest way to do this, (and it really is easy!) is to download Kali Linux (the new backtrack) and run it from a live cd/usb. There are plenty of guides you can follow for how to do this, just follow a wpa cracking guide and stop at the de-auth section.
Feel free to msg me for specifics. to get you started.
I recommend running Kali as a VM in VirtualBox using the default ISO. I have an Alfa AWUS036H, and I have had zero issues attaching it to the VM. If you want persistent storage, I would use a flash drive with unetbootin, or create snapshots in the VM. Snapshots are your friend.
I'm unfamiliar with OSX, to be honest. I use something called winbash a lot, which allows some bash programs to be run in Windows command line. Most popular pentesting tools have ports for OSes other than Linux. http://www.aircrack-ng.org/doku.php?id=install_aircrack
It is part of Aircrack-ng, a Wi-Fi cracking program. There are different parts to the program that help in cracking a Wi-Fi encryption. Aireplay is useful for when you have the target MAC and SSID. It is the main branch of cracking the Wi-Fi encryption whereas Airodump is a packet scanner and aircrack enables your system to begin the scanning/cracking process. To my knowledge, Aircrack open in the terminal is the GUI. When used correctly, you can choose the parameters in which you want to use to perform the crack such as MAC spoofing or disabling AP detection.
Haven't tested with injection. ~~I'll give that a try sometime this weekend.~~
edit:
I followed the instructions on this page to do an injection test and found that it does work. http://www.aircrack-ng.org/doku.php?id=injection_test
Under the Basic Test area of the site I ran the aireplay command and pretty much got the same results saying "Injection is working!". Make sure to put the card in monitor mode before running the test.
Close enough, what you need is a card that is able to do "Packet Injection" and a "Monitor Mode".
here a list of compatible cards: http://www.aircrack-ng.org/doku.php?id=compatibility_drivers&DokuWiki=7baf7e1cb19a4d1adbda1ca91d8b2f68#which_is_the_best_card_to_buy
You can do the same thing - if you have a well enough supported wireless card under Linux - using aircrack-ng
Unfortunately, every laptop I've owned since I had an Atheros PCMCIA card has always had some terrible form of Broadcom wireless built in. At least on the newer models, the support is essentially 0.
http://forum.xda-developers.com/showthread.php?t=1271854
Working aircrack-ng with monitor mode and packet injection !
Hi,
so after few days of playing with drivers patches kernel sources i finally got aircrack-ng working on g1 ! ( If you dont know whats aircrack-ng http://www.aircrack-ng.org/) I tested airodump for 1h, had it dumping packets to the sdcard to a cap file with channel switching and aireplay with deauth attack. I monitored this from my laptop to see if the packets are being sent ok and the client was disconnected from the network as expected.
> it is not fool-proof
Nothing is fool proof.
If someone wants to spy on you, your local network isn't the only vector to attack. Especially if they're technically competent enough to hijack your access point instead of just sniffing traffic. For example, isn't ARP poisoning/spoofing at the ISP level possible?
> Also, certificates cannot always be trusted. There are also other ways around encryption, like sslstrip.
This is also out of the scope of your snooping neighbours. They shouldn't have their hands on fake certificates. Attacking someone's wifi is a bit to small time for folks like this. For sslstrip all traffic has to run through the attackers computer, no? A bit beyond inspecting your traffic, although possible.
Its also theoretically possible to break your wifi's encryption too (dictionary attack). How do you tell your safe?
Go ahead and download BackTrack5 from http://www.backtrack-linux.org/downloads/. (I'd recommend you get the GNOME/64 bit version if you aren't familiar with linux and have a machine that can run 64 bit.) BackTrack is a Linux distro specifically built for penetration testing (a.k.a. hacking). It'll have all the tools you need to <b>do</b> these things, so you won't waste time downloading tiny files and working out version conflicts and stuff when you run across something you want to try.
You'll probably also want to make a bootable flash drive for BT5 so you can use it on different computers. For this, use LiLi, which you can get for free at http://www.linuxliveusb.com/.
To start, try cracking a WEP key (wireless password) with aircrack-ng. It's fairly easy and there are a lot of tutorials out there on youtube and elsewhere on teh internets on how to do it. My favorite tutorial is on the aircrack website, http://www.aircrack-ng.org/doku.php?id=simple_wep_crack.
Move on to WPA/WPA2 cracking once you get the hang of WEP cracking. Be sure that you learn WHY something works before you do it, don't just do it because that's what someone said, otherwise you'll never be able to apply your knowledge.
And because I have to say this: never ever ever ever crack or hack something that isn't yours.
Enjoy! (and feel free to contact me with any questions!)
-Daveaham_Lincoln
Without mentioning any specific laptop brands:
Yes, nvidia over ATI. And don't get one of those hybrid Intel/nvidia ones.
Wireless seems pretty good right now. Maybe check here about that.
In my experience, there are still suspend/hibernate issues with some models.
No problems from my OCZ SSD.
Well at my home there are lots of people use WEP, but yes you can use Aircrack to crack wpa2. You have to de-auth a client and then capture the packets when they re-authenticate (easy) Once you have captured this you need to use a password dictionary to crack the password(hard). This process is slow and often does not work (password not in dictionary)
> What is aircrack-ng
A software suite for analyzing wireless networks and cracking the keys for some of the authentication types.
> It said the command was not found. Help? Anyone?
Wikipedia actually has a list of the commands included in Aircrack-ng, and "airport-s" isn't similar to any of them.
Have you tried going to the aircrack-ng site and following their "Getting Started" tutorials?
Error http://imgur.com/a/lUltn
I installed everything from the list that aircrack gave on their instructions on the website. http://www.aircrack-ng.org/doku.php?id=install_aircrack
I googled about everything I could and most of what I found was for other distros or were just a copy of what was on the webpage above.
I looked for what I could on the RTL8723 driver; there's not much. It seems to be relatively new and unpopular. PCIe chipsets, like yours, usually have a shorter production duration, ending up being less common and often have less developed drivers.
You seem to be doing everything correctly and should be capturing handshakes. Maybe you are too far away from the AP and can't pick up the handshake, although I doubt it.
You can read "I Cannot Capture the Four-way Handshake!", at the bottom of that page. Obviously you're not alone since that's on the wiki.
Maybe airodump is capturing the handshake but not reporting it. You can try opening the capture file in Wireshark and apply the "eapol" filter and see if there are any matches.
As a last resort, you could build latest version of the RTL8723BE driver.
https://github.com/lwfinger/rtlwifi_new/tree/master/rtl8723be
Good luck.
Note that smashhax is incredibly situational.
You need a supported network card/driver. If yours doesn't have Monitor Mode it won't work.
You need smashhax with an update version below 1.13. This means that, if you have an un-updated physical cartridge that is any version other than 1.0.0, it won't work (for example, you just bought a new physical cartridge).
On top of that, for a lot of people, downgrading using smashhax has proven to be impossible.
I'll help you, although it would have benefited you to do it yourself.
Fastest / easiest way to install: sudo port install aircrack-ng
Guide if you need help: http://www.aircrack-ng.org/doku.php?id=install_aircrack#installing_on_mac_osx
You need to put the device into monitor mode first.
EDIT : Sorry couldn't link on my phone. Read this wiki about the aircrack suite, it's really good. This page tells you what you want to know.
This is definitively the most thorough list of free dictionary files. Hopefully this will point you on the right track for easily searchable questions.
A cursory search led me to this aircrack page which explains very well how to do this.
That is actually true, with a strong password it is next to impossible. Only if WPS is disabled, the password is greater than 8 characters, and the password is not in a wordlist. The reason why I love this show is that it is accurate.
Source: Bachelors in CIS(Major: Network Security) and created a wireless social engineering toolkit at just 16 years old. Also taught classes in wireless penetration testing.
Further reading on how to crack WPA:
I should've probably said handshake. It's the WPA handshake that's captured. Not the encrypted key. Brute Force or Dictionary Attack will still be necessary to obtain the passphrase.
Capture packets travelling over the air, then perform a comparison across them - WEP uses RC4, a weak cipher even when used properly, and also uses it badly - it repeats IVs, which are the values used to ensure that the same plaintext doesn't always create the same ciphertext. From there, with enough captured data, it is possible to calculate what the key is.
https://en.wikipedia.org/wiki/Fluhrer,_Mantin_and_Shamir_attack
If you're looking for specific details on how, http://www.aircrack-ng.org/doku.php?id=simple_wep_crack
install aircrack-ng on your computer if you don't already have it:
sudo apt-get install aircrack-ng
Then do this command to start listing wifi access points and devices that are connected to each access point.
airodump-ng wlan0
Let it sit for a little bit while it scans for some wifi signals. When you've got a good list going on hit ctrl+C to make it stop.
There's a lot of things on the screen, so the first thing you want to look for is the hotel's wifi name, it should be listed in the top table. Once you find that, take a look at the BSSID that's associated with it and look for that BSSID on the bottom table. All of the "Stations" listed to the right of your hotels BSSID are MAC addresses that you should try.
There isn't an easy way of telling if a MAC address has paid for the wifi that I know of, so just try them until one works, but I would assume that if they're connected to the wifi, they're paying for it.
If I understand correctly, the other answers assume you specified "connected to the same network as the router". I reply with the assumption you're interested in nearby devices, regardless where they're connected to.
WiFi cards can "sniff" packets being sent in the ether. Usually unconnected devices will send "probe" packets to try and connect to the network they've connected to in the past. They'll do this on all available channels, so your card can "sniff" those while staying on a specific channel to serve its regular users.
But to be able to cover all cases, the router should try many frequencies. If it stays on a single frequency, it won't be able to sense devices connected to a different AP on a different, far channel. But if you make it loop through all channels its radio would then be busy with the device sensing, and it would be unable to serve its primary purpose of WiFi connectivity. You could still plug a secondary wifi card into the OpenWRT and use one card for device detection and the other one for regular communication.
Have a look at the airmon-ng program of the aircrack-ng suite.
Requirements: Should be run as root/sudo.
Python Scapy Community (scapy-com) - Dev version of Scapy which supports additional filters such as EAP types. Get @ https://bitbucket.org/secdev/scapy-com
Airmon-ng, airodump-ng (Aircrack-ng Suite - http://www.aircrack-ng.org/)
Gnome-Terminal for ease of launching airodump (requirement for Promiscuous/Channel hopping to capture the EAPOL packets)
just download any WIFI traffic analyzer or similar soft on your ios/droid and do some leg work..
been years since i played with, but if wifi analyzer doesnt help you might need to update your (laptop) drivers to monitor mode.
check compatibility of your wifi adapter http://www.aircrack-ng.org/doku.php?id=compatibility_drivers
if its not on the list maybe invest few bucks on cheap USB wifi adapter thats supported and fallow the installation guide on the same website..
use airmon from the suite to find it.. but still you will have to do the leg work..
some linux know-how will be required. and some leg work will be needed, but you will see signal strength accurately as you walk around till you come close..
Make sure your wireless device is connected directly to Kali, not through a virtual bridging adapter.
Put your WLAN device into monitor mode using something like:
airmon-ng start wlan0
This will create a new interface called mon0 or similar.
Identify your target using:
airodump-ng mon0
Identify the MAC address of the target AP and client.
Launch the attack:
aireplay-ng -0 0 -a <AP MAC> -c <Client MAC> mon0
As soon as you cancel the action (ctrl+c) the target will immediately reconnect to the AP.
Use responsibly: get permission from the owner of all devices involved and follow your local cybercrime laws. Don't mess up your future by getting a dumb felony on your record.
if you're trying do do a deauth command from airplay-ng (which i would use to temp kick him off and disturb his game) some wifi cards don't work with it i believe...you can also download Kali and put it on a flash drive and boot it off of there....it has everything you need, and plenty of guides how to do it just google "How to boot kali linux off of a usb drive" then "how to boot kali on a usb on a (add model of computer here)" then go here http://www.aircrack-ng.org/doku.php?id=deauthentication for command list
I've tried LOIC, but it doesn't work. (JavaLOIC to be specific)
I have all the information, but nothing will process on terminal. It says it's mac compatible, but also notes that airplay-ng doesn't work..?
http://www.aircrack-ng.org/doku.php?id=install_aircrack#installing_on_mac_osx
it depends on the chip. i haven't really done much research on internal NICs, but check out the following compatibility charts and see if any of these supported chips ship with internal NICs :
otherwise you'll probably have to get an external. they're probably just as cheap as internal, it's just another piece of hardware you'll have to keep track of.
also of note, i'm not sure if kali linux automatically ships with all the supported drivers. maybe in recent updates they do, but in my experience i've had to manually install my ALFA drivers every time i install kali. it's not a big deal, it's pretty easy to do, but i just thought you should know in case you get a card that you bought because you thought it would be compatible and think it's not working.
I would probably not trust the switches if you need it that very secure (I would assume you'll put OpenBSD on it?). Blacklist those stuff altogether. Perhaps use a USB stick from this list
If you don't want ndiswrapper crap, this list should help if you are into security auditing. The list is a bit old though so if you are looking for 802.11ac you might need to pull up some other list.
This list will give you stuff that should work out of the box (because you don't need ndiswrapper) and compatibility on security auditing tools. Might be a bit outdated however.
Other thing ( network connections) can not use WLAN interface which is used for packet injection or monitoring mode. So you just plug in USB WLAN device, install necessary kernel modules, configure it as far as needed and enjoy. Of course device shall be supported see list http://www.aircrack-ng.org/doku.php?id=compatible_cards
> Extra info: I do not have internet on either Ubuntu or CentOS because neither plays nice with my USB wireless adapter and I'm much to far away to connect with ethernet.
They play nice to some USB wireless adapter. You just bought one that isn't well supported yet. This list might be what you want to look for, although the list is a bit old.
If you have the linux driver files those are probably the source code for the driver and you probably need to build them before use. If they have an RPM or deb file you might get away with package management but it is not recommended until you verified the files and stuff.
I think there is a list of chips that are compatible with Kali on the kalilinux website. Some manufacturers give information about the chips they use, some don't. I think you will find the information you need if you google a little. Maybe this list can help you.
Hi! You can always try sniffing the ether yourself. A good starting point is the Aircrack-ng tutorial (essentially, you just need a wireless card that you can put to monitor mode, after which you can just view all packets that are passing through the air).
This seems to be a good place to start. If at a loss, a quick google search for "(wireless card) packet injection" should yield some good results.
I have only ran Kali in VirtualBox on my windows box but it (airodump) worked with my alfa 036nha. It may just be that you need a different wireless adapter. Check if your card is compatible
You can send a deauth packet to a router and get it to deauthenticate/disconnect all the clients attached to it. Definitely a possible vector for a DoS, but only if you're close enough to the access point to do it.
It sounds like you don't want to dual boot Kali with Windows, but if you make a live boot usb then you never have to install anything.
Just download kali and put it on a usb and then when the computer starts it will start kali on the usb.
If you still don't want to do that then it's fine as long as the aircrack suite works with your adapter on Windows.
There are very few adapters that airodump-ng and aireplay-ng work with on Windows and you can see the list here: http://www.aircrack-ng.org/doku.php?id=compatibility_drivers
I don't know much about Acrylic, but if you can get it to do the job of both airodump-ng and aireplay-ng and work with your adapter then go for it!
P.S. aircrack-ng will work on Windows as long as you have something to crack. I still recommend getting Kali though.
EDIT: Also make sure your adapter can inject packets, if not, you won't be able to do much hacking.
Something (1) combined with active measures along the lines of airdrop-ng might work[*], but I imagine there's always a risk that it doesn't see/boot them in time and you get some creds. Probably leave a pretty big log trace though.
Physically locating the attacker would be even harder, although with enough deployed sniffers you might get some triangulation, combined with CCTV footage or something?
[*] I've never actually tried it out personally, but it seems capable assuming things are still susceptible to this sort of spoofing.
The Raspberry Pi runs a version of Debian Linux, called Raspbian. If the program exists for Debian (and is supported by an arm processor) then you can most likely run it; although it'll be slower than on a normal PC.
At a glance, yes, there is a version of Air Crack for Debian. I'd search, "Air Crack on Rasperry Pi" to see if anyone else has successfully done it first, though.
BackTrack is an entire linux distribution. Run it on a live CD on a computer and test your hardware with that, to see if it is a hardware issue.
Also try the command here for monitor mode:
http://www.aircrack-ng.org/doku.php?id=newbie_guide
It has been a while since I've messed with monitor mode.
If (A3) is not true, then the conclusion (C4) does not follow. Therefore you still need to address my objection to (A3).
>The aim of the Chinese room example was to try to show this by showing that as soon as we put something into the system that really does have intentionality (a man), and we program him with the formal program, you can see that the formal program carries no additional intentionality. It adds nothing, for example, to a man's ability to understand Chinese
The computer only needs to be capable of having intentionality. There is no requirement for it to add intentionality.
But perhaps a computer program can also add intentionality, for there are computer programs which can crack a decryption key just from analysing patterns of syntax. For example, WEP cracking.
In this sense, a computer program is perhaps capable of having more intentionality than a human.
>you're referring to the man's ability to learn Chinese, whereas his point is about a man that doesn't understand Chinese.
Searle is not claiming that the man does not understand, he is claiming that the man can not understand Chinese. The word cannot has a modal connotation that means it is impossible for the man to ever understand Chinese. However it is not impossible, because all he requires is the relevant decryption key.
I've never used Xiaopan, but WPA can be vulnerable to dictionary attacks, or WPS attacks if it is enabled on the AP.
I'm not saying it hasn't happened, or cant be done.
You were agreeing with the person you replied to that they should "all get arrested" like that's somehow feasible....
I'm just saying that if you start arresting people en-mass to curb specific situations like this, like you implied, then i'll be happy to go right ahead and prove to you how easy it is to frame someone.
You're just one google search away from hacking anyone you knows wifi: http://www.aircrack-ng.org/doku.php?id=cracking_wpa
Which then allows you to do anything you would like on the internet under the 'identity' of their IP address which is associated to their name and address with their ISP... This is usually how law enforcement tracks people down, and is how it was implied it happened in this article...
Are there people stupid enough to do bad things like this using their own IP address and get arrested? Certainly.
Are there hackers out there framing 14 year olds doing shit like this? Also, yes.
Its not as simple as trying to arrest everyone who posts a terrorist threat on twitter.
You can hack wifi, you can use TOR, you can use a proxy. There is no such thing as 'being certain of someones identity' on the internet without further evidence, therefor going around trying to arrest anyone who makes terrorist threats on the internet is fucking retarded and easily exploitable by any hacker w/ a grudge.
Your username seems very relevant.
> by that logic any threat delivered over the internet could be faked
You are correct. Any court system will have to accept this cold hard fact.
And its not just 'my logic'. Its the reality we live in.
Here is a tutorial on hacking wifi, no matter what encryption scheme they are using: http://www.aircrack-ng.org/doku.php?id=cracking_wpa
This gives you the ability to do anything on the internet under the identity of whoever pays for the internet connection attached to the wifi.
This doesn't even touch on TOR, and other anonymization proxy services....
You cannot trust anything you read on the internet. They shouldn't allow people on the internet until they sign a document accepting this fact. Nobody is potentially who they say they are, and nothing is for certain. Period.
And what better way for a group of hackers to disguise their activities than to make it look like "its just a bunch of teenagers" ....
http://www.aircrack-ng.org/doku.php?id=changelog_aircrack aircrack Version 2.2-beta2 released on 2005-06-27: aireplay: added automated deauthentication attack
And the concept of the deauthentication attack predates the above aircrack tool release by a couple of years.
Just because you haven't heard of the security concept of deauthentication itself doesn't mean that nobody is talking about it.
If phys.org is using the article as a call to action, they could use a title like "WPA2 still vulnerable to attack". When they use phrases like "Now, a new study... reveals that... Wi-Fi protected access 2 (WPA2) can also be easily broken into" and "The researchers have now shown that a brute force attack on the WPA2 password is possible", they are indicating that this is something new. But it is not, and that is my problem with "the fucking article".
Here's a good place to start. The one I linked to should work, but I hate to guarantee it, because it can be a crap shoot. (sometime the chipset will change, w/o a model number changing at all.
This means something is causing your card to channel hop. Possible reasons is that failed to start airodump-ng locked to a single channel. airodump-ng needs to be started with ”-c <channel-number>.
Maybe aireplay-ng site helps: http://www.aircrack-ng.org/doku.php?id=aireplay-ng#interfacex_is_on_channel_y_but_the_ap_uses_channel_z
1) How are you trying to connect to the apache site? Via internal address or through the internet/FQDN? Maybe the last post here will help? http://www.backtrack-linux.org/forums/showthread.php?t=932
2) maybe this will help: http://www.aircrack-ng.org/doku.php?id=airbase-ng or this http://exploit.co.il/hacking/set-fake-access-point-backtrack5/
You probably looked at some of this stuff but honestly your specific system/setup probably means there isn't a broad fix all answer and you'll have to play with it.
This is a good site to visit to learn about all your chipsets so you know which usb wifi will be right for you, you can also see which tablet carries the same chipset you want.
Wireless Chipsets This is provided by Aircrack-NG.