Hi everyone!
and much that I do not write a post on wireless ...:-)
after I recovered from the holidays and the death of my favorite singer! (Michael Jackson), one of the arguments that I have followed and that at this time and really interesting are these damn wireless networks with WPA-PSK until very recently this protection was considered more secure than WEP, but now times have changed! !
not write a guide on Crakk because as already published and so far not discovered and say almost nothing.
in this post of lighthouse consierazioni really interesting (which I have developed over time) on wireless networks of Alice and her WPA-PSK with TKIP encryption algorithm.
So first of all because their wireless networks because of Alice sempice are the most popular!. But let's cut to the chase!
First and best cha know the password of modems Alice (The WPA-PSK!) And consists of 24 lowercase alpha pseudo-random number.
Here's an example of WPA-PSK Alice: 3r79yvxq43pzob250f3celm6
I read somewhere that Alice's key has a first wave of letters and numbers Second, nothing more false, as you will see the key example of the letters and numbers are "scattered" throughout the key in the sense that there's a sequence of letters and numbers all together (to understand) here is an example: rdtegdtvxcvet7746242096 [key not Vaida] 3r79yvxq43pzob250f3celm6 [valid key!]
The key to the modem of Alice and one in the sense that you can not change, that is, the telecom provider which in this case gives you the key and only for that modem to change password you have to unlock the modem or better still change the modem.
The SSID (Service Set Identifier) \u200b\u200bof the network (ie the network name so to speak!) By default will be something like an Alice-xxxxxxxx where the applied x are numbers.
a few lines above I mentioned the word PSEUDO-RANDOM Why, the key question is not randomly generated but is generated using a secret algorithm provider, but you will say, according to which the variables agoritmo generates the password, the simple password in question "contains" and is generated with: SSID, MAC Address of your modem, and serial number of the modem and then to be clear to the network with the Alice-123456 and MAC Address 00:00:00:00:00:00 serial number 7890123 is a WPA precise
To Know, the provider in question (but not only he) has a database in here has all the modem users have bought including SSID, MAC Address, Number of series Password and WPA-PSK
So given these considerations, the attack techniques to the network can vary
1) You can launch an attack on the database and exploit some vulnerability of the telecom system and be able to copy (or at least in part!) the database that contains the password! but a very difficult and risky operation!
2) You can do a reverse groped from SSID (default) and then to get the MAC Address of the serial modem and then derive the PSK on the internet there are people who are already well advanced (and know!), but do not want to reveal the secret or public program (WE ARE ALWAYS IN ITALY!)
3) As you already know, capturing a 4 way handshake can sottopore to a dictionary attack, Gia dictionary where is it? as I create it?
on the internet and filled with dictionaries of all forms and all languages \u200b\u200benough to be able to search and have patience, if you're lazy and you get bored searching on internet I found the pseudo-random key generators WPA on this site: www. thefutureweb.netsons.org there are two generators, one in Java and one in VB.net just try and tell me!
4) Two small stones: a dictionary containing all the combiazioni 24 characters is about the size of 3 GB (giga-bytes), and it takes quite a while before you create it with the generaori, aircrack-ng runs without problems files of this size, but what more infastidsce and the time taken by this program to process all the passwords, as they say some items on the web aircrack-ng takes years to find the password! for example my laptop running aircrack-ng to about 270 key processes backtrack 3 / s (password / second) and the beauty of it took three hours to process 3 billion with a password file to 80MB. and my laptop with a 1.73GHz Pentium dual-core processor per core, the situation does not change if I load the live distribution of backtrack 3 on the desktop computer in my room, an AMD dual core 2200GHz per core, much higher than the laptop aircrack-ng but draw only 350 Key / s, and then nothing changes. : (I think if you can combine the computing power of two or more pc may have more hope of being able to find the key in a shortest possible time I tried I still do not but I'm just experienced quini I know something more I will let you know!
5) A bit of settimame back and released the new relase of aircrack-ng version 1.0 since then backtrack 4 (pre-final) and it already has (and I still do it there) I downloaded the binaries for windows and tried the new features of this release, and I run aircrack-ng GUI I have fed the *. cap file and the dictionary ............ and I was in disbelief, the new relase on windows runs like a dream, with my laptop processes the beauty of 930 key / fixed only if the key 530 / s (do not know why) a big step forward! :>))
6) Then, using these improved capabilities have done so, start both computers, one with OS Vista and XP with atro I have connected via the ethernet cable and I have configured the local network so that computers you see both, so with the one I create the dictionary and the other by aircrack-ng I try to crack the handshake! an alternative I tried and the results are satisfactory!
7) Also try Elcomsoft Wireless Security Auditor, which exploits the latest GPU to increase the computing power is running on my laptop winzoz and develop the beauty of 1000 key / s without using the graphical Kingston!
8) Turn on the Internet I found a very interesting topic with respect to crack the WPA, some users to crack the password using rainbow tables but what am I?, In short, the rainbow tables (or rainbow tables) are nothing more than the large tables where there are all password hashes, but then you say, are of major dictionaries, in principle it! but with some extra boost, the gold operation is very simple, with a simple dictionary aircrack take the password hash and converts it into the''test''sull'handeshake if the corresponding hash the password is correct, otherwise we pass aircrack-RI and the next is the same process, with rainbowtables aircrack does nothing which take the already created in the hash table and compare them directly without any transition, this technique lightened the work of aircrack and passwords that will prepare the second acconcciano billion and a bit of time to cracking.
9) And if we we create a rainbow-table?? good question! in, aircrack-ng-ng airolib find the program that gave a specific SSID and a dictionary creates a rainbow-table for that specific SSID, I see that I do not like this method because it does nothing but create the hash starting from the dictionary and since the creation of the rainbow-table requires large amounts of resources and in addition to table created you from a success rate of 60-65%, turning on Internet I found the generators of rainbow-tables so I have tried to create a rainbow-tables containing all the alphanumeric passwords to 24 characters, the result is? create a big hash table requires huge computing resources and the program I estimated that for a table of well-5GB of attack estimated the success rate of 0.002% and practically anything!! uan solution: If you could combine the computing resources of many PCs you could create a rainbow-table containing all the passwords to 24 characters and broken up into multiple volumes so it can be managed by aircrack-ng and then the cracking may be successful!
10) the last point and perhaps the best! And I do not go well! (Why I'm tired already !!!!) and that if the researchers Dasser a move to look for a flaw in this algorithm would be the best thing (if I were a programmer would bring havoc to the WPA! :-)..) is already If you find a flaw in the algorithm there would Biogno of all this shit ....... but there will come a Gorno ......... :-))
0 comments:
Post a Comment