All Tricks

WPA/WPA-2 When it was known that a WEP network could be hacked by any kid with a laptop and a network connection (using easy peasy tutorials like those on our blog), the security guys did succeed in making a much more robust security measure WPA/WPA2. Now hacking WPA/WPA2 is a very tedious job in most cases. A dictionary attack may take days, and still might not succeed. Also, good dictionaries are huge. An exhaustive bruteforce including all the alphabets (uppercase lowercase) and numbers, may take years, depending on password length. Rainbow tables are known to speed things up, by completing a part of the guessing job beforehand, but the output rainbow table that needs to be downloaded from the net is disastrously large (can be 100s of GBs sometimes). And finally the security folks were at peace. But it was not over yet, as the new WPA technology was not at all easy for the users to configure. With this in mind, a new security measure was introduced to compliment WPA. Wifi Pr...

Fluxion (linset) I hadn't ventured into Hackforums since a while, and this time when I went there I saw a thread about a script called  Fluxion . It's based on another script called  linset  (actually it's no much different from linset, think of it as an improvement, with some bug fixes and additional options). I did once think about (and was asked in a comment about) using something like a man in the middle attack/ evil twin attack to get WPA password instead of going the bruteforce/dictionary route, but never looked the idea up on the internet nor spent much time pondering over it. However, once I saw the thread about this cool script, I decided to give it a try. So in this post I'll show you how I used Fluxion, and how you can too. Disclaimer : Use this tool only on networks you own .Don't do anything illegal. Contents Checking if tool is pre-installed, getting it via github if it isn't. Running the script, installing dependencies if required. Quick ov...

 WPA password hacking Okay, so hacking WPA-2 PSK involves 2 main steps- Getting a handshake (it contains the hash of password, i.e. encrypted password) Cracking the hash. Now the first step is conceptually easy. What you need is you, the attacker, a client who'll connect to the wireless network, and the wireless access point. What happens is when the client and access point communicate in order to authenticate the client, they have a 4 way handshake that we can capture. This handshake has the hash of the password. Now there's no direct way of getting the password out of the hash, and thus hashing is a robust protection method. But there is one thing we can do. We can take all possible passwords that can exists, and convert them to hash. Then we'll match the hash we created with the one that's there in the handshake. Now if the hashes match, we know what plain text password gave rise to the hash, thus we know the password. If the process sounds really time consum...