All Tricks

TP Link Archer C5 Router Hacking  0 Today we got our hands on a brand new TP Link Archer C5 router which we will be testing for known vulnerabilities such as hidden backdoors and vulnerabilities, brute force default passwords and WPS vulnerabilities. In this new WiFi hacking tutorial we will be using different tools on Kali Linux 2.0 like Reaver, pixiewps and the Aircrack-ng suite to exploit possible vulnerabilities. TP Link is known to use easy to break default passwords such as the WPS PIN as default wireless password or a password which is derived directly from the MAC address. Especially the last one would make it very easy to retrieve the password because the MAC address is not meant to be secret and is actually send with every single wireless packet send from the router. With a packet analyser like Wireshark it is very easy to retrieve MAC addresses from sending and receiving devices, including the router. In this tutorial we’ll be using airodump-ng for this pur...

WPA/WPA-2 When it was known that a WEP network could be hacked by any kid with a laptop and a network connection (using easy peasy tutorials like those on our blog), the security guys did succeed in making a much more robust security measure WPA/WPA2. Now hacking WPA/WPA2 is a very tedious job in most cases. A dictionary attack may take days, and still might not succeed. Also, good dictionaries are huge. An exhaustive bruteforce including all the alphabets (uppercase lowercase) and numbers, may take years, depending on password length. Rainbow tables are known to speed things up, by completing a part of the guessing job beforehand, but the output rainbow table that needs to be downloaded from the net is disastrously large (can be 100s of GBs sometimes). And finally the security folks were at peace. But it was not over yet, as the new WPA technology was not at all easy for the users to configure. With this in mind, a new security measure was introduced to compliment WPA. Wifi Pr...

 WPA password hacking Okay, so hacking WPA-2 PSK involves 2 main steps- Getting a handshake (it contains the hash of password, i.e. encrypted password) Cracking the hash. Now the first step is conceptually easy. What you need is you, the attacker, a client who'll connect to the wireless network, and the wireless access point. What happens is when the client and access point communicate in order to authenticate the client, they have a 4 way handshake that we can capture. This handshake has the hash of the password. Now there's no direct way of getting the password out of the hash, and thus hashing is a robust protection method. But there is one thing we can do. We can take all possible passwords that can exists, and convert them to hash. Then we'll match the hash we created with the one that's there in the handshake. Now if the hashes match, we know what plain text password gave rise to the hash, thus we know the password. If the process sounds really time consum...