Looking for WiFi hacking help

A place where newbies can post without (much) fear of reprisal. All mission posts should still go in the applicable forum.
Forum rules
Older HTS users: Be nice to the new people.

NEW USERS: This is NOT the place to post about missions! Refer to "Missions" category.

Looking for WiFi hacking help

Post by Abyssmu on Mon Jul 08, 2013 2:45 am
([msg=76384]see Looking for WiFi hacking help[/msg])

Hey guys,

I've been doing a lot of research on how to hack various things. Apps, websites, OS's, etc. Something that I would really like to know is how to hack into WiFi. I'm not going to straight up ask "will you tell me the commands to type in to hack wifi?" That just seems kind of too noobish/lame to me. These are the results of a few hours of research:

Packet sniffing seems alright to me. I found a few sites that said that nothing could decrypt the WPA 2.0 encryption. How valid is this?

Brute forcing also seems okay, just time consuming. That doesn't bother me, as time is irrelevant to me - I study physics - I just look to use it wisely. :P I am currently downloading a wordlist that boasts 1.4+ billion words within it. Would this be something of a good investment of my time?

Are there any other methods of hacking into wifi that I can do some digging on?

I have no mischievous intents. Other than curiosity to see if I can, I have a lot of friends that forget their passwords, and rather than having them pay for a tech person to come out and run a couple of things, I would much rather help them for free!

The power lies in information, and information belongs to everybody!

Abyssmu
Abyssmu
New User
New User
 
Posts: 8
Joined: Mon Jul 08, 2013 2:05 am
Blog: View Blog (0)


Re: Looking for WiFi hacking help

Post by Tentra on Wed Jul 10, 2013 1:16 pm
([msg=76409]see Re: Looking for WiFi hacking help[/msg])

Packet sniffing seems alright to me. I found a few sites that said that nothing could decrypt the WPA 2.0 encryption. How valid is this?


Pretty valid. There was a flaw in the design of WEP encryption that allowed the key to be recovered with enough weak initialization vectors.
Read more about what's known as the PTW attack: https://en.wikipedia.org/wiki/Fluhrer,_Mantin_and_Shamir_attack

However, WPA and its derivatives are a different ball game, it uses a 256-bit key. Typically, most use a network key of ASCII characters, in this case, the ASCII is ran through PBKDF2 with the SSID as a salt to generate a secure 256-bit key, which is then ran through a few thousand iterations of SHA-1. The problem is the use of the SSID as a salt, this is where rainbow tables came into play. You could precalculate almost all possible keys on a per-SSID basis, fortunately others have already done the work for you, most notable is the Church of WiFis tables, found here http://www.renderlab.net/projects/WPA-tables/.

Although, not all SSID and password combinations exist in precomputed rainbow table form leaving no other choice than brute force, or more realistically, dictionary attacks, like you mentioned.

Typically, unless you have some information about what type of password has been used, it's not feasible to try every possibility. There exist 95 ASCII printable characters, and with WPA using a password of between 8 and 63, there are roughly 8.67x10^170 possible passwords. Assuming you can test about 50K keys/second, you're looking at about 5.5x10^158 YEARS to run through all combinations.

So, like I said, unless you have some information about the target to reduce the keyspace, it's likely not worth your time.
User avatar
Tentra
Poster
Poster
 
Posts: 161
Joined: Wed Apr 30, 2008 4:52 pm
Blog: View Blog (0)


Re: Looking for WiFi hacking help

Post by mShred on Sun Jul 14, 2013 10:44 am
([msg=76447]see Re: Looking for WiFi hacking help[/msg])

Okay, first of all. 1.4 billion words? Don't be hasty. Share dat link.
Second of all, cracking WPA? You've got a long time going for ya... But yes, with your wordlist, you are able to try and guess the password. Though, depending on how big your list is, it will also take a while (not nearly as long), and it may not even prove useful. If the password is not in the wordlist, then you're right where you started.
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1689
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: Looking for WiFi hacking help

Post by Abyssmu on Sun Jul 14, 2013 2:32 pm
([msg=76461]see Re: Looking for WiFi hacking help[/msg])

mShred wrote:Okay, first of all. 1.4 billion words? Don't be hasty. Share dat link.

http://toolsyard.thehackernews.com/2013/03/biggest-password-cracking-wordlist-with.html#_
It is just under 15gb of words.

Thanks a lot guys. Kudos to you Tentra. Very helpful explanation and very useful websites.
Abyssmu
New User
New User
 
Posts: 8
Joined: Mon Jul 08, 2013 2:05 am
Blog: View Blog (0)


Re: Looking for WiFi hacking help

Post by DrRoach on Sun Jul 14, 2013 5:29 pm
([msg=76466]see Re: Looking for WiFi hacking help[/msg])

Hi from my personal experience I find brute forcing wifi passwords better. I know will disagree, but here are my reasons why, a. Not everyone knows or can be bothered changing their wifi key so wordlists are rendered pretty much useless and even if they do most people nowadays aren't stupid enough to make their wifi passswords something like password, even though 1.5million (or billion or whatever it was) is quite impressive. Secondly although bruteforcing can take a while most people's passwords are between about 6-15 characters so that you can run a bruteforce overnight and usually have the password when you wake up. Just my opinion though at the end of the day.
DrRoach
Poster
Poster
 
Posts: 155
Joined: Fri Feb 22, 2013 6:53 pm
Blog: View Blog (0)


Re: Looking for WiFi hacking help

Post by centip3de on Mon Jul 15, 2013 2:13 pm
([msg=76484]see Re: Looking for WiFi hacking help[/msg])

DrRoach wrote:Hi from my personal experience I find brute forcing wifi passwords better. I know will disagree, but here are my reasons why, a. Not everyone knows or can be bothered changing their wifi key so wordlists are rendered pretty much useless and even if they do most people nowadays aren't stupid enough to make their wifi passswords something like password, even though 1.5million (or billion or whatever it was) is quite impressive. Secondly although bruteforcing can take a while most people's passwords are between about 6-15 characters so that you can run a bruteforce overnight and usually have the password when you wake up. Just my opinion though at the end of the day.


A: The first part of your argument doesn't support your argument at all, in fact it supports the argument of using a wordlist over brute-forcing. As for the second part of your argument, never underestimate people's stupidity.

B: That depends completely on the hardware you're willing to throw at it. It also depends on the software that you're using to crack it, and whether you're utilizing the GPU or not. But either way, that password has between 6^93 and 15^93 different combinations, which either way, is going to take some time.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1412
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: Looking for WiFi hacking help

Post by limdis on Tue Jul 16, 2013 1:35 am
([msg=76491]see Re: Looking for WiFi hacking help[/msg])

Sure mate. I like the "don't tell me how" approach your are asking for but still... google up what WEP and WPA/WPA2 encryptions 'are'. Then go from there on the hacking portion. I personally suggest looking into the aircrack-ng suite for your cracking needs. Once you get the basics down you'll branch from there to more interesting items
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1319
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Looking for WiFi hacking help

Post by DrRoach on Tue Jul 16, 2013 2:46 pm
([msg=76498]see Re: Looking for WiFi hacking help[/msg])

centip3de wrote:A: The first part of your argument doesn't support your argument at all, in fact it supports the argument of using a wordlist over brute-forcing. As for the second part of your argument, never underestimate people's stupidity.


What I meant by my first point of them not changing their wifi passwords was that it is usually left as the default password that the provider (sky or BT or whoever) supplied. Such as 25ef9ie4h or something random like that.
DrRoach
Poster
Poster
 
Posts: 155
Joined: Fri Feb 22, 2013 6:53 pm
Blog: View Blog (0)


Re: Looking for WiFi hacking help

Post by erjoe0710 on Tue Jul 16, 2013 6:12 pm
([msg=76499]see Re: Looking for WiFi hacking help[/msg])

Try to use reaver, first check if the wireless router if WPS enable you can crack that at least in 4 hrs or more. The faster the computer the faster you can crack. If it is disable, try aircrack + pyrit/oclhashcat.The fast way of cracking is using GPU...Sorry for bad english :?
erjoe0710
New User
New User
 
Posts: 1
Joined: Tue Jul 16, 2013 5:46 pm
Blog: View Blog (0)



Return to NZone

Who is online

Users browsing this forum: No registered users and 0 guests