(There is a Spanish version of this post | haga click aqui para acceder a este post en Español)
Just a few months ago we heard: "WPA is down, we've cracked it!"
That's absolutely wrong, no body has cracked this security algorithm. Today, this will be our main idea.
At least, no body had published anything about WPA cracking. It was long time ago from WEP cracking but not yet for WPA (of course, WPA2 is included)
There are some ways to access to a WPA wireless network, but none of them could be called "cracking":
- Capture the WPA - TKIP handshake (aircrack + dictionary): this is not cracking because you need a later dictionary attack to be able to get the password. If you have no dictionary, you won't be able to get the password.
- Use the WPA Magic Key dictionaries (w/o aircrack): This tool can generate the default password list for this router if your wireless is WLAN_XXXX or JAZZTEL_XXXX and you never changed your password.
- John The Ripper (to use with aircrack): You can generate your own dictionary if you know the password pattern and it's not very long (shorter than 4 - 5 characters), if it's long your dictionary will be huge and you won't be able to use it. (View table and pie chart below)
From the calculations in the table above, it could be a bad idea try to crack by using brute force attack in a WPA wireless network.In the pie chart below you can check what most passwords are in the strongest group (mixed character type).
Then, I think still nobody cracked a WPA password, right?
From the hacker point of view, the most important difference between WEP and WPA is what they transmits on the IP package. A WPA packet is not transmitting any information about the network master key, this is not true about WEP encryption.
Now, we must learn about WPS (Wikipedia EN). The most simple&easy way to think what's WPS: "WPS is a button which allows us to connect (or not) to a WiFi".
Finally, if nobody was able to crack a WPA... what the hell is reaver? what the hell can it do for me? will I be able to use reaver?
- Reaver: Is a script-tool which will use a WPS vulnerability algorithm to "cheat" a router and get the WPA key.
- As far as I know, reaver will only be able to help you when your're using TKIP (not supported for AES yet)
- Previous to execute "reaver" you should execute the "walsh" script-tool. It's a "twin-app" what will tell you which wireless networks are vulnerable to this attack.
There are lots of video tutorials about reaver... (my favority one is the first video)
Video#1 (here you will learn how to install too, very interesting)
Video#2
You maybe need this tips.
In most cases you will get reaver from linux distributions like Backtrack or WifiWay.
We will talk soon about the new rease of WifiWay (v.3)
You mustn't use this information for hacking, you have to use it just for learn about security, right?
We are legion
================================================================
Next Post: "PayPal is vulnerable, XSS"
No comments:
Post a Comment