Description on dictionary attack, word list generation and Wifi Hacking

1. Wordlist Generation

2. Before rushing into it
- Because Bruteforce is not always as effective
- Consider a mere 5 character alphabet passwor,
total possible combinations: 72^5=1934917632
- At 3100 keys/second, 7.5 days
- Loadshedding every 6 hours

3. What it is?
●Use Social Engineering
●Generate a list of your guesses to the actual
password
●Try each guesses one by one
●Guesses are generally stored in a txt file
●Called the 'wordlist' or 'dictionary'

4. More about it
●Based on patterns seen across a large number of
users and known passwods.
●Number of combinations is restricted to those on the
dictionary list
●Good passwords may not be on the list
●Moral: Get a good password

5. Mr. Zuckerberg and dada

6. Offline vs Online
●Offline
–Download the hashed value
–Try and guess the plaintext corresponding to hashed
value
–Relatively faster but not always possible

7. Offline vs Online
●Online
–Guess the password directly
–The server hashes the plaintext and checks it against
the original password
–Relatively slower

8. CRUNCH IT!
●Are you a lazy programmer?
●Do you think that coding is awesome?
●BUT(A big one) you're never in the mood
●Crunch is the thing for you

9. Crunch
●An inbuilt python script for Kali
●Used to generate wordlists
●Basically, generate guesses to the password
●Use of charsets, numbers, and special characters
●Python's interpreter not as fast-you're open to code
in the language of your choice

10. Let's do it
●ON THE DANCE FLOOR
●Kidding, on your computer screens
●DEMO DEMO DEMO
●Fire up your kali as soon as you can and get to the
terminal
●Follow along, ask volunteers for help

11. Wifi Hacking
●Something we've all always wanted to do
●Something we always fail at, one way or the other
●Let's get started

12. Wifi Security Algorithms
●WEP
●WPA
●WPA2

13. Wired Equivalent Privacy (WEP)

14. Why WEP Sucks?
●The key used for connecting to the AP is also used for
encrpyting each message
●By sniffing and receiving the encrpyted key, and
collecting enough packets, the actual WEP key can be
obtained
●Uses the same key for all clients
●Can always be cracked

15. Demo Demo
●Buckle up
●Will have someone generate a WEP key
●Does anyone want to volunteer?

16. WPA/WPA2 Passwords
●Upto 133 character passphrase
●Passphrase along with the network SSID used to
generate unique encryption keys
●Keys are unique for each wireless client
●Uses TKIP (Temporal Key Integrity Protocol)
●Re-keying mechanism to provide key generation
every 10,000 packets.
●AES offers higher security compared to TKIP

17. Can they be cracked?
●All passwords can be cracked
●What matters is the time
●Plain Bruteforce is practically dead
●Ways to crack
–Some form of social engineering
–Dicitionary attack

18. Social Engineering: Wifi Phisher
●Does what the name implies
●Creates an access point with the same SSID as the
target AP
●Deauths all the conections to the target AP
●Expects some of the deauth'd devices to connect to
our AP
●Presents a phising page and cracks the password

19. Demo for Social Engineering
●You probably don't have wifiphisher installed
●You can clone the git repository or try this at home
●Easy to implement

20. Dictionary Attack
- Attack using the wordlist we generated in the previous
demo

21. Wifi Protected Setup(WPS)
- Goal was to create a secured home wireless system
- Useful for newbies who wouldn’t want to connect to wifi using passphrases
- Broadly of two types, Pin and Button
- The fact that the pin in merely 8 character long, leaves it vulnerable to
bruteforce
- Reaver the well known tool for the attack