Results 1 to 5 of 5

Thread: WPA and WPA2 attacks

  1. #1
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520

    WPA and WPA2 attacks

    Well I guess it's a hit or miss type of attack, and I don't even know if it's an attack but it's a theoretical attack. In these circumstances, the victim uses WPA or WPA2 and WPS is enabled... or is supported by the router. The attacker continuously deauths the AP when there are clients and HOPEFULLY the client's or owned doesn't know what's wrong and tries multiple solutions... such as power cycles and maybe eventually a reset. After the router is reset to default settings, the network is unencrypted. The attacker then logs onto the router and grabs the WPS pin which he/she can then pop into reaver. Once (if) the encryption is turned back on on the router, the attacker can punch in the pin into reaver and snag the WPA or WPA2 password (assuming WPS isn't turned off immediately). This idea is all based on luck I guess you could say. Can anyone put in their 2 cents on how they feel or other ways to perform this? Or even other methods?

  2. #2
    Join Date
    2013-Aug
    Posts
    12
    Hey soxrok2122, sounds like your trying to accomplish this:

    g - WPA Downgrade test
    deauthenticates Stations and APs sending WPA encrypted packets.
    With this test you can check if the sysadmin will try setting his
    network to WEP or disable encryption.

    This is from the mdk3 help page, looks like mdk3 will deauth all APs with WPA/2 in the hope that someone will turn off their encryption.

    In terms of the attack itself, I would say it's a very poor attack.
    The reason I think so is that this attack will have a huge disruption rate, for all the AP around you, and the likeliness of someone turning of their encryption is less than one in 50 i'd guess.

    If the user has WPS enables you should always go with reaver, you dont need to know the PSK to get in and once you are in, you can hack the router and find your cleartext password with none of the victims any the wiser.

    The smaller the footprint you have as an attacker the better. You asked me about Evil Twin method to as a captive portal in the other thread, I will say that you cannot do this unless you trick the client into joining your unencrypted Twin of their AP, which most people will not do.

    Good luck ;-)

  3. #3
    Join Date
    2013-Apr
    Location
    Norway
    Posts
    16
    Also used in MITM where you want connections to a spesific AP to be deauthed in order to have them reconnect to an fake ap.
    Which in a way is a hole lot more efficient due to the more silent attack, and sysadmins are more aware of continues deauths to their system
    I would love to change the world, but they will not give me the source code!

  4. #4
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Quote Originally Posted by d4rkcat View Post
    In terms of the attack itself, I would say it's a very poor attack.
    The reason I think so is that this attack will have a huge disruption rate, for all the AP around you, and the likeliness of someone turning of their encryption is less than one in 50 i'd guess.
    Thats what I was thinking too. Too many suspicious steps to accomplish this but hey, if no other way worked, it may be worth a shot! Thanks for the reply!

  5. #5
    Join Date
    2013-Sep
    Location
    USA
    Posts
    3
    Quote Originally Posted by d4rkcat View Post
    If the user has WPS enables you should always go with reaver
    +1, solid advice

Similar Threads

  1. Need help with hid attacks (cmd)
    By Roberton55 in forum NetHunter General Questions
    Replies: 1
    Last Post: 2016-11-12, 22:49
  2. HID attacks bug
    By Reginiano in forum NetHunter General Questions
    Replies: 2
    Last Post: 2016-10-18, 16:52
  3. p2p adb attacks?
    By thesle3p in forum NetHunter Suggestions
    Replies: 5
    Last Post: 2014-12-21, 21:00

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •