2. Before rushing into it
- Because Bruteforce is not always as effective
- Consider a mere 5 character alphabet passwor,
total possible combinations: 72^5=1934917632
- At 3100 keys/second, 7.5 days
- Loadshedding every 6 hours
3. What it is?
●Use Social Engineering
●Generate a list of your guesses to the actual
password
●Try each guesses one by one
●Guesses are generally stored in a txt file
●Called the 'wordlist' or 'dictionary'
4. More about it
●Based on patterns seen across a large number of
users and known passwods.
●Number of combinations is restricted to those on the
dictionary list
●Good passwords may not be on the list
●Moral: Get a good password
6. Offline vs Online
●Offline
–Download the hashed value
–Try and guess the plaintext corresponding to hashed
value
–Relatively faster but not always possible
7. Offline vs Online
●Online
–Guess the password directly
–The server hashes the plaintext and checks it against
the original password
–Relatively slower
8. CRUNCH IT!
●Are you a lazy programmer?
●Do you think that coding is awesome?
●BUT(A big one) you're never in the mood
●Crunch is the thing for you
9. Crunch
●An inbuilt python script for Kali
●Used to generate wordlists
●Basically, generate guesses to the password
●Use of charsets, numbers, and special characters
●Python's interpreter not as fast-you're open to code
in the language of your choice
10. Let's do it
●ON THE DANCE FLOOR
●Kidding, on your computer screens
●DEMO DEMO DEMO
●Fire up your kali as soon as you can and get to the
terminal
●Follow along, ask volunteers for help
11. Wifi Hacking
●Something we've all always wanted to do
●Something we always fail at, one way or the other
●Let's get started
14. Why WEP Sucks?
●The key used for connecting to the AP is also used for
encrpyting each message
●By sniffing and receiving the encrpyted key, and
collecting enough packets, the actual WEP key can be
obtained
●Uses the same key for all clients
●Can always be cracked
16. WPA/WPA2 Passwords
●Upto 133 character passphrase
●Passphrase along with the network SSID used to
generate unique encryption keys
●Keys are unique for each wireless client
●Uses TKIP (Temporal Key Integrity Protocol)
●Re-keying mechanism to provide key generation
every 10,000 packets.
●AES offers higher security compared to TKIP
17. Can they be cracked?
●All passwords can be cracked
●What matters is the time
●Plain Bruteforce is practically dead
●Ways to crack
–Some form of social engineering
–Dicitionary attack
18. Social Engineering: Wifi Phisher
●Does what the name implies
●Creates an access point with the same SSID as the
target AP
●Deauths all the conections to the target AP
●Expects some of the deauth'd devices to connect to
our AP
●Presents a phising page and cracks the password
19. Demo for Social Engineering
●You probably don't have wifiphisher installed
●You can clone the git repository or try this at home
●Easy to implement
21. Wifi Protected Setup(WPS)
- Goal was to create a secured home wireless system
- Useful for newbies who wouldn’t want to connect to wifi using passphrases
- Broadly of two types, Pin and Button
- The fact that the pin in merely 8 character long, leaves it vulnerable to
bruteforce
- Reaver the well known tool for the attack