How to Hack/Audit WPA and WPA2 networks

network audit tools

Auditing or breaking WPA and WPA2 PSK authentication on wireless networks. David Hoelzer gives a ten minute demonstration explaining all of the steps necessary to demonstrate the insecurity if pre-shared keys. This excerpt is ten minutes out of a 36 hour IT Audit and IT Security Auditing course that he teaches for SANS. SANS is offering an 00 discount on the course delivered live via a virtual classroom starting at the end of March. For more information, please see here: blogs.sans.org

This entry was posted by admin on September 15, 2010 at 7:02 am, and is filed under Accounting. Follow any responses to this post through RSS 2.0.You can leave a response or trackback from your own site.

Comments (22)
Related Posts

#1 written by CyberDefense 1 year ago

The blog entry has info on how to save $1,100 on an upcoming SANS class! Great deal!

Quote
#2 written by DHAtEnclaveForensics 1 year ago

That discount code is only good through Friday January 29. I’ll be teaching the class that the code is good for, so if you decide to sign up please drop me a line!

Quote
#3 written by pzmtuthcvpvl 1 year ago

why pre-shared key weak? average corp turf would have people with no cyrpto generating keys, so yes and very much so but would seem 32+ byte machine genrated random would be effective and shared by keystore only … no? ( note I have seen how any scheme can be defeated by social factors )

Quote
#4 written by DHAtEnclaveForensics 1 year ago

Well, frankly, no. The problem is that there are standards (PCI/DSS for instance) that permit companies to use WPA with PSK with period key changes.

Brute forcing a PSK in 3 months is feasible. Worse, if the WPA is being used to protect credit card information it’s definitely worthwhile. Once the key is broken I can decrypt captured traffic where that key was in use. Given a good position to sniff and time I can compromise every card used where my antenna can see the WPA or WPA2 with PSK.

Quote
#5 written by pzmtuthcvpvl 1 year ago

What a relief, someone who has a grasp of the technical as well as the human factors. I do not know the nomenclature but what is apparent to me is that even with sufficient skills, what happens in practice is that good locks are ( if it happens ) defeated by front office political factors. Numerous proofs in failure mode analysis. So, even with good crypto, correct practice may un-attainable due to offline dedicated 80-core running @ Teraflops shielded by “oh, they wouldn’t do that, would they?”

Quote
#6 written by DHAtEnclaveForensics 1 year ago

I think we’re on the same page. Crypto is really important but when it is likely that your adversaries can see the encrypted data you really need to step it up. Weak keys will continue to be a huge problem until we find a better way to secure things.

Quote
#7 written by watchit25 1 year ago

you are incredible. your explanation is superior to the rest. You also speak from a mindset that is derived from a real world perspective. I will stay tuned to to any other videos you have to offer.. Thank you for your time and effort

Quote
#8 written by pzmtuthcvpvl 1 year ago

( place very positive yes here in accordance with Pro Forma ) Oh, yes, we are on the same page. “pzmtuthcvpvl ” was generated with Java’s SecureRandom – “Nicholas Jordan” is my regular internet alias. I am doing some “over the edge” work – let’s exchange pm’s. Noting for the work at hand, I pondered this while at work. A routine shop floor with just production data, I could contemplate more “profitable” targets as an exercise. Once 000 000 000 0000 is recovered, it is then at risk in perpituity

Quote
#9 written by pzmtuthcvpvl 1 year ago

Weak keys are routinely used in small-shop scenario. A possible set of future events not envisionable at security planning may be approachable by designing a Matrix such that a lower-bound can be established for prevalance of “on the team” active exposure(s). A system with strong locks incorrectly designed can be used to place responsibility on authority who has no power to act.

Quote
#10 written by 419starter 1 year ago

great tutorial! one question, what model network adapter are you using and is it dependable?

Quote
#11 written by DHAtEnclaveForensics 1 year ago

In this example I’m using the mini-PCI atheros card that comes with the Asus EEE PCs. I’ve modified it a bit to add a external antenna connector to the chassis of the netbook since the card maxes out at 37 milliwatts. While the card is extremely reliable it is a bit on the low-power end. You can get similar Atheros cards with up to about 200 mW of power but I haven’t looked around to find one that will fit into the tiny space that’s available in this netbook.

Quote
#12 written by NeytiriOwns 1 year ago

What rainbow table did you use for this? The biggest one is 35Gb but i cant download that one. And i know just the alpha numeric one won’t do. So what one did you use?

Quote
#13 written by Toxiccity90 1 year ago

i have a question for you? have you ever used pyrit? and does it make a huge difference compared to using cowpatty alone? i mean it says it uses all cores and the gpu to create the hash file lists. I have a 1 million word list and all 1000 ssids all ready generaterated. i figure this will make a big difference too.

Quote
#14 written by QuickFox2 1 year ago

It doesn’t matter if you think PSK is insecure. It may be breakable, but a 63 character alphanumeric with symbols would take in excess of 10,000 years to break, PSK can be very effective if you use it properly.

Quote
#15 written by DHAtEnclaveForensics 1 year ago

That’s a nice thought. The trouble is that you cross a threshold of diminishing returns. As soon as you are using more characters than are actually produced by the hashing algorithm you are forced to produce hash collisions. In other words, once you get to a certain size there are guaranteed to be other (shorter) keys that will match your really long key.

Sorry!

Quote
#16 written by RebornAc3 1 year ago

@QuickFox2 Who uses 63 character long passphrase?

Quote
#17 written by rougeson 1 year ago

why mine takes too long to capture the station? i have linksys

Quote
#18 written by SiamJihad 1 year ago

i think it is not able to crack password like wep right??

Quote
#19 written by kejuanthompson 1 year ago

i cant hand shake help me i done it many time is it becuase am not close

Quote
#20 written by DHAtEnclaveForensics 1 year ago

@XtremTutorials I would expect that someone watching this video at least has the basic knowledge necessary to open a terminal window!!

Quote
#21 written by iamtallpoppy 1 year ago

@rebornac3 I do… Google “passphrase”

Quote
#22 written by saad6633 1 year ago

what’s the name of that program ?

Quote
Comment Feed for this Post

How to Hack/Audit WPA and WPA2 networks

CONTACT US

September 2010

Mon	Tue	Wed	Thu	Fri	Sat	Sun
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30

How to Hack/Audit WPA and WPA2 networks

CONTACT US

September 2010

Log in