doing a whole bunch of accessible challenges for everybody, including some of the stuff that we're about to run through, which is probably working right now. So probably. Uh, this is why we're doing screenshots. But the challenges are actually all available and some of

these teams will make friends with you. We're running a capture the flag all weekend and the coolest thing about the capture the flag is for the last few years, the noob team has come in second. Because people will sit down and they'll say, I just got this in the vendor area and I don't know what to do with it. And they will make friends and that team will end up with like 20 people on it all helping each other learn how to do this

stuff. And then they come in second place. Uh, normally to people that do this for a living. So come in, have fun, this is accessible and we're all here to learn from each other and that's why we're doing it. So without further ado, we're gonna start talking about the Wi-Fi's. If you missed the in-brief, this is very important. We are not

lawyers. We're definitely not your lawyer. And um, you have permission to hack our shit. You don't have permission to hack the hotel, the casino, your neighbors, your mother's best friend. Um, yeah. As it turns out the rules with radio are really really easy.

Don't be a jerk, don't get caught and you're good. So everybody be friendly and set up a network at home because setting up a network with WEP or WPA is half of learning how to hack it. So. And you have permission to do your own stuff? Yeah, as it turns out if you

own it you can hack it. Well, I mean, unless you're in the US or something, I don't know. Maybe not even know your own password. Are you gonna talk at all or should I just take all this? I'm gonna talk sometimes. Maybe you could just dance to Taylor Swift and I'll talk. If you put on Taylor Swift, I will shake my bootay to some tay tay.

Eric, Eric, could you fire up Taylor Swift for background while we talk so that he can dance and I can talk? That'd be perfect. So, requirements to hack, uh, download Kali Linux, put on a black t-shirt and then a black hoodie and then black jeans and then don't shower. Change the, change your terminal to green text? Yes, green text is very

important. Now, truthfully it doesn't matter, okay? I happen to be the primary developer of PenSue Linux and so we push it really really hard in the wireless village because I test all of our challenges with it, at least all the ones I'm good enough to take down and it works. So, we know it works and when people say my laptop doesn't work, we

say well that sucks, here's a PenSue ISO. Uh, anything works if you're good enough at Linux to fix your own problems. We recommend PenSue because we don't wanna do Linux troubleshooting while we're here. Uh, if you wanna do Linux troubleshooting, find a new friend. We're not your friends for that. Uh, we're your friends for wireless. Alright, thank you. Okay, um, you also need a wifi dongle, preferably one that

can do packet injection. That's not always required but it is way way better. Uh, the list is pretty much, uh, exhaustive on the aircraft wiki so we're not gonna go into it. But there's quite a few cards that are very cheap, very accessible and good to go. Um, the TP-Link WN722N that people have been recommending for years is now

garbage because they switched the chipset and made it version 2, which is a really wonderful thing to do. That said, the aircraft team has been nice enough to, uh, well they made a friend and he's been working on the driver for the Realtek 8812AU chips. And so all of the new AC chips from like Alpha actually work now if you use that driver. It's

included in both PenSue and Kali and again if you don't use one of those you can compile it your goddamn self. And I'm probably gonna cuss a lot so if you have a problem with that get the fuck out. You're also gonna want the aircraft NG Suite. We'll talk about some newer stuff at the very end but by and large for the past 10 years that's been the absolute standard. Aircrack NG contains all of the tools you need, all of the

attacks you need and that's primarily what we use. Kismet's awesome, you use it for sniffing everything, for profiling everything, especially the new version which has a sweet little web interface and you can sort and press, press a little button to download handshakes when it doesn't crash. Things are clickable. Things are

pretty much exclusively for being a dick. We're both dicks. We're running what we call fog of war in here so if you're not filtering your PCAPs properly good luck. And a word list. We highly recommend that our contest is not a password cracking contest so we give you the

word list that we drew our passwords from. Um, password cracking is its own art form and it will not be covered here but you want a good word list, probably a big one, maybe many GPUs and things like that for cracking but again we're not going to go too deep into cracking. Oh boy, this is important stuff. You want to cover this for me?

Absolutely. So, inside of uh the arrow dump there will be a few things that you will need to become familiar with like the BSSID which is the MAC of the actual access point, the ESSID which is your SSID, all the cool things you've named it like

pretty fly for a Wi-Fi and in the context- Abraham Linksys. Tell my Wi-Fi lover. So, and then for station because air crack is amazing in the context and down at the bottom station means the actual like devices that are connecting to the access point where you would think it's the actual access point but it's not. Because

they, it's a vocabulary problem that they can't solve I guess. Station means client. Just remember that. Super hard. It gets confusing really quickly. Drink less. So, what you can't see, you don't know is there. So, you need to scan the air. It's,

oh yeah we're gonna get DC, DCMA pulled. We're not gonna be able to go up on YouTube. That was a short audio sample. That was not piracy. I mean she's gonna get

more fans and that's all we want. So, the methodology I use and I was trying to share today, you've got to configure your radios. Uh, 99.97% of the time the radio that is in your laptop is not going to be what you need to do amazing hackery things.

You're gonna want to scan. You need to see the things that you have scanned, know how to pull them apart and see what truly is going on with it. You need to isolate down to the target that you want to go after. You need to start collecting on that specific target. You want to pull the exact WPA2. I'm gonna go after this. I'm gonna go

after PrettyFly for a wifi. I'm gonna start collecting on it. I'm gonna start opening it up in Wireshark. Start looking at it in different ways. I need to find what makes that thing tick. What's going on with its clients. What's going on with everything else about it. You need to find the thing. Again, targeting counts for like

everything. Who here has ever opened up Wireshark and watched the packets fly by? Aside from that looking really cool in front of your boss, did that help you in any meaningful way? No. Because there's a reason there's a giant filter thing at the top because if you don't use it, it is completely worthless. Although, man, my screen

can scroll really fast. Thanks Nvidia. And it's color coded. And it's color coded, right? Picking your target, filtering down on your target, these are absolutely critical skills. We get people with like 900 meg pcaps and they're like, the handshake, I can't find it in here. Like, there's a filter for that. Oh, I was scrolling through. Okay, that's one

way. I'll see you in the next Ice Age. Soon. Yeah, soon. So, uh, in, in, in the world that I live in, in, in hacking and cracking wireless, uh, it never works the first time. So, as you see, there's a nice little red line that says once you perform the

attack and you can't get it, you need to start over again. Cause you didn't find the thing, you didn't do the right stuff to collect the right things to win. Yeah, I can't stress that enough either. Like, I have been doing this for a really long time. I've been on the air crack team for a decade and I will collect 100,000 IVs and then it

won't crack and then I will throw that in the garbage and I will do it again because it does take 2 minutes to crack WEP the first time it works. Um, but there was like 3 or 4 other times before where it just didn't work. You just don't count that time. That, that, that doesn't count. It was practice. I was practicing. We were just making sure your radio was working. Yeah. Yeah. Alright. So let's talk a little bit about WEP. I

love WEP. It's good. It's just good enough. Yeah. So, again, find your targets. Aerodump is nice enough to show this. Kismet's nice enough to show this. Your friggin' cell phone's nice enough to show this, most likely. Don't buy iOS. Um,

identify what you're looking for. I'm going to attack pretty fly for a Wi-Fi or whatever it is. And then fake off is quite often the standard way of doing it. The reason we do things the way we do is not because it is the only way to do it, it's cause it's the more reliable way to do it. You can capture somebody else who's already on. You can try to steal their MAC address. But then they disconnect and

then you're invalid and then this AP de-offs you and then it doesn't work. So if you make your own authentication, you make sure you stay authenticated and things like that. Um, so again, collect packets, replay packets, crack packets. It's really easy stuff. Um, why is any of this possible, right? Um, who here

remembers when Wi-Fi came out? So three months before that, they were like, okay, we've got the stamp on this thing. It is good to go. Let's start marketing it. Oh, hey, what kind of encryption are we using? Oh, we should probably put some encryption on this instead of just plain text. And so the marketing team slapped on some crypto and didn't bother reading any of the notes. Uh, RC4 was known vulnerable at the time and they knew how to solve

the vulnerability and chose not to do it for Wi-Fi. So as it turns out, letting the marketing team run crypto is a terrible plan. So bad, bad, bad. Uh, yeah, entropy fails. Basically the first, I think it's uh, kilobyte of keystream that comes out is just complete garbage and in any sane implementation, you just

throw that away. Wi-Fi doesn't, it's predictable and you use it to make a key really quick. Um, under normal conditions, this doesn't take long. Uh. I can just sit there and just listen while they're streaming Tay Tay and I can get enough packets to crack it. I think that was actually the longest you've ever listened

just now. Negative. It is always playing. Yeah. Air crack will automatically retry after every 5,000 IVs that are captured. So if you let air crack run on the dump while you're making it, it'll just keep retrying for you until it succeeds or the number gets

really high and you're like, ah, something's broken in here. Uh, it says right here about a hundred thousand is where we tend to say it's broken or it should have already given me the key. About 120 is where I just give up and wipe that file off of my disk and start over assuming something weird got corrupted or the math just didn't work out for some reason that I don't understand because I am not a math major.

And in a room like this, while there's a competition going on, while everybody's doing all their fancy magical hackery things, there may be a lot of things in the air that you catch that is just playing garbage that's showing up as an IV. So you're going to cross the 100,000 mark and not have the exact things you need to be successful.

Very true. Oh boy, this is my second favorite program in the world. AirMon NG is a great tool. If you're running pen two, it's been recently updated to support the RTL, uh, our eight, eight one to the new, uh, alpha. You can buy them in the vendor area. I don't actually know who's selling them,

but I'm positive they're selling them. The new AC drive driver ones are all supported in this now and will be in the next air crack release. Um, but basically what this does is it identifies your card, tells you about your card, looks for a couple of basic problems to tell you if you know the driver's broken or if network manager's running and going to mess with you or something like that. Um, you could luck system users.

Well that's just a general bit of advice. So the first thing I do when I plug in an extra, an external card is I just run AirMon NG to just see if my card has even showed up because anything else you do after that is not going to work. If your card, if your operating system does not know that your card is there and the drivers aren't proper for it.

Really? I run it with a verbose flag because I'm noisy. We know that you are. All right, so AirMon NG start and then your interface name, which if you're on system D is w l p z v the x y z one, two, three, four, gamma. Um, if you use the same system or you turned off that stupid naming, it's like WLAN zero. Uh,

then it'll take it and put it into monitor mode and it will denote that it's in monitor mode by just adding the suffix mon to the end of it so you don't get confused. It also helps network monitor manager keep its hands off. Um, that way it doesn't flip it back out of monitor mode for you. Uh, if anything goes wrong, it normally tells you, I can't tell you how important this is.

Not just read the manual cause I can forgive you for not reading the manual, but read what's on the screen. The number of people that tell me like, well, I ran AirMon NG and then it wasn't in monitor mode. What was the output? Well, it says it's not in monitor mode and it told me why, but I didn't read that until you asked. Cool story. Uh, read it next time first. Thank you. Uh, these tools mostly have decent output.

I'm definitely not going to say always, but a lot of times it's very useful. So try to read it and understand it. I destroyed this interface. I created this interface. This interface is in monitor mode. These are useful bits of information and know and understand about how Linux works. Um, if it goes bad for you, AirMon NG stop takes it out of monitor mode or it actually aborts and does

that by itself. If it's really bad, uh, check tells you if there's any problems and then check kill fixes your problems the safest way possible by killing all of the services that mess with it. Like that we're a manager and you're about to lose internet. Yeah. Yeah. Using the internet with a wifi card while hacking with a wifi card is a very advanced topic that we shall not be covering.

Is it that advanced? Yeah, I recommend wired users here at Defcon. You can have seven K a second wired. It's very nice. So here's an example. Just running AirMon NG shows me that I have my internal WLAN zero. I got my WLAN one.

Choke up a little kind of quiet. Anyway, so here, uh, when you have an actual problem, it will identify through the process ID and the name, your, the pro, the processes that are going to prevent you from being able to get a monitor. Uh, otherwise down below you'll see that it's, uh,

it'll tell you it's WLAN Mon and you're going to be able to go from there. All right. This is the single most important slide. And I'm just saying that cause he removed it saying it wasn't important and we made him put it back. Um, testing your gear is incredibly important. Uh,

I spent literally more time testing wireless drivers than I did building the entire wireless capture the flag because if it's not stable, if it doesn't work right, I just don't want to use it because that's really what bites me. Uh, not configuring an access point sometimes is easy except for this morning. Anyway, uh, test, test, test.

I'm sending a million D offs a second and it's not working at all. Why? Did you run an injection test? Does the card inject at all? Well, no, I didn't test it. Okay. Test it. Oh, it doesn't inject at all. Cool. Well, that's why you're sending a million packets to no one and it's not going to work. Um, again, most of the cards anymore just kind of work,

but a lot of things with weird vendor drivers or staging drivers that aren't mainline Linux kernel drivers. And then a lot of the embedded cards. Um, we just got, uh, one of our team members just got a brand new XPS 13 and it's got a nice embedded Qualcomm chip on it, soldered onto the board and it doesn't support monitor mode in any meaningful way, but it will totally tell you it does. So that's great. No monitor mode,

no injection, but it pretends that it all works fine. It just, you know, doesn't. So again, testing your gear, incredibly important. Um, most of this is really easily Google-able like which cards work and which cards don't. But something to keep an eye for is just plain test that is the only way to know whether it works or not. Um, just like a gun,

don't point it at your foot while you're testing it, but you know, test it. And you need to actually stop that D off at one point so that you can get the reassociation. Oh yeah, that's a good point. Cause if you just keep talking about that with WPA, just you said,

just send a million packets. Just, just D off it. Just kill it all. I hate wifi. This is what arrow dump looks like for those of you that don't know. It's incredibly helpful. Uh, so we've got the BSS ID, which is the Mac address of the access point. We've got power level, which is in signal strength, which is a negative number,

which means negative 43 is a much bigger number than negative 71. That's how negative numbers work. I know that's really confusing to people. I just heard somebody earlier today saying, Oh my gosh, like I'm only getting negative 40 and I'm right next to it. This thing's a piece of junk. I'm going to take it back. Well, number one, you're too close. That's not good. And number two,

that's a very big number in wifi. That's actually the top of what the standard requires you to pick up. If you see something like negative 40, you're almost certainly damaging your card. Uh, if you can use a 12 foot ethernet cable, use the ethernet cable instead. Uh, the number one problem I see with personal test setups is they'll set it all up on their desk and then everything is so close when you're

sending packets. It's actually like screaming into the person's ear with a bullhorn. It doesn't work. It distorts really badly. You need a nice 12 foot table or at least to put something on the other side of the room. Um, that is like the biggest test setup problem I see all the time,

including myself. You have to get things spaced out enough, especially when you get the ultra superpower, high power, sweet, excellent cards because we've got a couple of people over here playing with Yogi's and I think they must be playing somebody else's contest because there's no way you need that to reach us in here. What they're doing is damaging their radios. Bigger the antenna, the better. Bigger is always better. I promise.

Yeah. That's why we have Wasabi on the team. So this screen is not every single piece of information that you need. Just cause you see that the WCTF 10 is WEP does not mean, you know what? Let me just start running my attack. This is just your initial scan.

This is just enough to start to decide what am I going to do next? There is not enough information here to move forward and that's where the enumeration comes out and finding the thing. You mean footprinting? How do I footprint something? Uh, you talked to Sasquatch hunters.

Tell me all about enumeration. I'm, I'm curious. Uh, so you download Sans cheat sheets and uh, they tell you how to use Wireshark real good. That's really important actually. Cause I'm not going to tell you every flag off the top of my head right now to start sorting through your PCAP. Cause I don't remember and I have my own cheat sheets and I run scripts.

Alright, this comedy show sucks. So does it have a client? What kind of client? Uh, is it an active client? Is it an intermittent client? Again, you can use somebody else's MAC address and you can do replay attacks from there to gather enough key material to crack the key. However, if they disconnect, you

disconnected too cause they were the ones holding the authentication to you. The access point doesn't talk to people who aren't authenticated thereby your replay attack stops. So authenticating yourself, helping a client maintain its authentication maybe are all really good tricks to keep yourself on the access point so you can keep generating traffic.

Uh, air replay is a wonderful thing. It's very easy to use. Um, but keeping track of those clients or creating a fake one of your own, uh, WEPs authentication mechanism is so broken that they don't even use it in the field. They just switched it back to open for the most part. A shared key authentication allows you to recover the key even faster than attacking the, uh, encryption itself. So yay.

Capture our number one motto here in the wireless village is ABC. Always be collecting. Always be collecting. We're collecting money for sharing. Okay. Yeah. So write everything to a file. That's great. Uh, you can filter it down by BSS ID, which is warmly recommended,

especially if you're attacking something specific. You can also just capture literally everything and then filter it before trying to attack it offline. So I have one device that's capturing everything. After a certain number of megs, I cut that off, start a new file and I offline attack the file that I created. Uh,

it's very common to just capture absolutely everything and then filter it before you try to use it. If you are channel hopping and the handshake happens while you're on the wrong channel, you're not going to catch it. If all the traffic that you need from the web access point is happening on a different channel, you're not going to catch it. Yeah. So not channel hopping is very important when you're trying to actually capture

data. Uh, you channel hop when you are looking for things. That's the default for arrow dump as an example. You just add dash dash channel, which again is in the help and I'm not going to cover every flag and air crack, but dash dash channel one, if you want to stay on channel one and it just stays there. Uh, I think one of our team members had that problem yesterday where they

couldn't figure out why they couldn't see something and they were channel hopping. Uh, it's a really, really common thing to happen. That happens to people who do this all the time. So be cognizant of like that little number that's changing really fast in the upper left corner. So it's the what else? What else is going on?

What else is, is it this encryption algorithm? Is the client acting in this way? There is more than one WEP. As, as crazy as that sounds, it's not just WEP. Just like there's the, the different encryption types for WPA, there's different encryption types for WEP.

You need to know those things because when it comes time to cracking, you will be more successful if you know what's going on with what you are collecting in your PCAP. And, uh, cheat sheets, cheat sheets, and, uh, cheat sheets because that's what helped me be successful, uh, competing in the WCTF. If you don't write it down,

you're going to have to Google it again and again and again. Yeah. AirCorrect's Wiki is really, really helpful for stuff, but boiling it down to just the things that you need to know once you understand the core concepts. Cause there's a lot of explanation going on in the Wiki that you only need the first time you read it. Um, writing down, these are the steps I take or I run this Wi-Fi script and it does

everything for me while I like drink my coffee, uh, write down the method that works best for you and follow that like it's a gospel is really the easiest way to do it. Um, WEP especially, is just nightmarish because it does a lot of weird things that don't make any sense per a standard. Um, the way to tell the difference between 40 bit and 104 bit WEP is to crack it.

There is no marker in the air for that or anything. You, you just have to try to crack it both ways, which is the default in AirCrack. Um, but you have no idea which one it is until you crack it and things like that make things a little more weird. They also make things a little more unpredictable. Like how many packets do I need to crack this?

It's just a statistical attack against the poor encryption algorithm, but to crack a bigger key, you need more stuff for that statistical attack. So it's a lot less reliable to say like, Oh, you need 60,000 packets totally sometimes depending on which packets they are. Uh, the attack is also based on a known plain text attack,

which is why we use ARP replay so often because ARP packets are so well known. We know what is in an ARP packet and we know where everything is. Even after it's encrypted about like more than half of the packet is known to us because it's in the unencrypted header and in the encrypted part of the packet at the same time. Uh,

wifi is really wonderful like that where it gives you a fully unencrypted headers even with WPA. Yay. Um, sir in the front row, sitting at the wireless capture the flag table. And that's, that's not okay. Um, please sit where the contestants sit. Thank you.

No problem. This was Sabi, the new guy has got his eyes out. Uh, and I'm hungry enough that if somebody brings me food, I will tell you a really cool way to crack web with 40 IVs. Yes. Double double animal style. Extra points for more stuff.

I'm serious. I cracked web with 40 IVs at ShmooCon. Just saying. He definitely didn't use a dictionary attack. Or maybe. All right. Need to generate as much traffic as possible. Again,

statistical attack. To do that, what we do is we generate more ARP packets. We capture something, which means that somebody has to be on the network in the first place. My most common thing after my shit doesn't work that I see in air cracks, uh, IRC channel is, well, I've been sniffing for like ever and I can't replay anything like,

well it's two o'clock in the morning and you're attacking your neighbor's network and they went to sleep. Um, there's no data to capture and thereby there's no data to replay. Um, creating a client and connecting to an access point will sometimes get you data if, for example, there's something on the wired side of the network that's generating packets

and then the AP is like, Oh, there's a wireless client. I'll bridge this data to them because they need to know. Um, but on a not busy network, like say one of your test networks that you set up, if there's no legitimate client, there will be no legitimate traffic. If our attack is a replay attack, there is nothing to replay.

So you have to connect a legitimate client to the network, put something on the back end of the network that is pinging the hell out of nobody to generate some traffic, something like that to generate traffic. A network that has literally nobody on it has nothing to replay, no matter what you do, you can fake off and de-off yourself all you want, which seems like a long way to masturbate,

but you're not going to get anywhere. You have to have actual traffic to replay. Nothing you do generates real traffic. You're making fake garbage in the air that the AP silently ignores because you don't know the actual key. Something on the wired side or in the air has to know the key. Otherwise you don't have anything to replay. Um,

so once you have something valid to replay, preferably in our packet, uh, air crack handles that one by default, you just say dash dash ARP replay. It will sit there and wait for an ARP possibly until you die and then it will start sending them as fast as it possibly can. Um, the fake off helps us again because if there's something on the wired side that's generating packets, we'll get those bridged to us.

Wifi access points, um, that aren't made by Belkin are what are called smart bridges. Smart bridges know that if there's nobody on the other side, I'm not going to forward the packet. So if there's no wireless clients connected, there's no reason to put packets into the air. But as soon as a wifi client connects, even if it's a fake authentication, it says, oh cool,

all the land traffic needs to go into the air now to support this guy. Uh, lots of things, you know, net bios, ARP, a whole bunch of packets, MDNS phones are great. Uh, they're, these are all broadcast packets, so they have to go to everybody. And so they just get immediately thrown into the air. It's very noisy, really great. Fake off is nice. And in collecting traffic, the more radios, the better one dedicated to

collecting one dedicated to an attack with one tool and maybe another dedicated to attack in a different way. So sometimes I've run replays and then I've also ran wifi with a completely different radio to generate more traffic. Yeah, you can absolutely listen and transmit with the same card,

but just like humans, you can't do it at the same time. For every microsecond you're transmitting, you are not listening. Thereby two cards is still really helpful or 47 or whatever. Actually 32 is the limit for Intel, uh, USB three chips. You can Google that one. Yeah. Thanks guys.

The cactus doesn't use USB. It's all ethernet, but it's got those cool lights. Those might be USB powered. I don't know. So you need to have success when you run the fake off or everything else is not going to, you're not going to have a good time.

Okay. It needs to say association successful. Yeah, successful. Again, reading the messages in these tools that come out incredibly helpful. Um, dash one is fake off. Um, zero is the flag you pass to say, I only want to do this one time. If you were to pass say 30 it'll do it every 30 seconds or every minute or

whatever you tell it to do to maintain that authentication. Some access points actually have an unlimited timeout. As long as you're sending packets, they think you're cool and they leave you alone. Um, the standard requires you to re authenticate every five minutes because it may or may not work every time we do it. We normally do it, you know, once a minute or something like that just to maintain that association so the

AP doesn't reject our packets. One quick tip, control shift T is your friend. If you've ran arrow dump in another tab, uh, copying max into the adjacent tabs for running these is, it's amazing.

You believe these kids don't run X? Just put it in screen people. You don't need a graphical manager for this. Or I can use Tmux. Tmux. Fucking millennials. I was born before you. Two months still counts.

All right. So short flags are your friend when you're writing things. They're not your friend when you're trying to learn this stuff. Again, I keep saying them as long flags because frankly I use the long flags because I never remember which attack dash seven is. Um, dash, dash ARP replay is really nice to remember because I know it's going to do

an ARP replay attack for me. It happens to be three. Uh, you can also do dash dash interactive where it will tell you every single packet that comes by in an encrypted form, which is really hard to read. Then you say, do you want to replay this one? Sure I do. Why not? Uh, and then you can see what kinds of packets you get good responses with. Uh, that's a really weird thing to do. ARP replay is way better. Uh,

and it's number three. And I also would like to point out that arrow dump uses dash a to filter for a BSS ID, but air replay is modifying the BSS ID by, and so you need dash B, which is modifying the packet, not just filtering a B C in there somewhere. I don't know.

There's a dash dash help for all of these tools that I can't stress enough is written for your benefit, not mine as the coder. Oh cool. We get to crack it now? Uh, I used backtrack. That's awesome. Cause I don't use Cali to do wireless. I think that's backtrack three.

I think it's backtrack five R three. I don't know what version of aircrack is that? 1.1. Okay. So anywhere in the last nine years is that one. There's been three aircracker releases in the last six weeks. And before that it was like how many years? I don't even know. Point is, um, it still runs the same.

You type aircrack-ng and you tell it to open a PCAP. You can also tell it to open like star dot cap or something like that. And it'll open lots and lots of them if you made lots and lots of them. And then it'll ask you which one do you want to attack? And you press 37, which is the number in the index list. And then it starts trying really, really, really hard. And again, if you leave it running and you don't have enough of the right IVs like it'll

tell you, we tried this many keys and it was not successful. And it'll say waiting for the next 5,000, 10,000, 30,000. It'll keep going up in iterations. And the cool thing is it's also way, way faster than the more packets you have. So trying with 5,000 packets could take a few minutes. Uh,

trying with a hundred thousand packets takes a few seconds. So reading in those packets actually takes longer than the cracking once you have enough of them because it narrows down the statistical probability of what the key could be. You should totally enter this flag and see what happens.

Oh, it's off the screen. WPA, that's a thing. And WPA two, which are different in no meaningful ways. Um, WPA and WPA two, WPA one versus WPA two are standards given by the wifi Alliance for interoperability testing. Um, basically they require a different crypto and have optional the other crypto.

So it's TKIP is required and CCMP is optional for version one and then CCMP is required and TKIP is optional for version two. It's actually written into the standard, uh, 802.11i standard that you can use either one of those at any time, but it's, it's pretty much just, you know,

this one is kind of backwards compatible. This one is less backwards compatible. Although, you know, 10 plus years after it happening, you really, really, really, really, really want AES CCMP. You want WPA two because the other ones finally showed some vulnerabilities and some flaws and it's just plain slower because all the wifi chips have a

crypto accelerator for AES on them. So in as few words as possible, you need to see an association with an access point. Either you are forcing it or it happens by itself. At two o'clock in the morning at Phil company name here, if there's absolutely nobody there,

there's not going to be any associations or clients to knock off and let it back on. It's also a rough time for social engineering. You know, when the whole place is closed and the lights are off, you're not going to get in by sweet talking somebody who doesn't exist. And if you show up at 7am when everybody starts coming to work, you don't have to be loud and proud and do any kind of D offs.

Everybody's going to hook up and you're going to see an association. We're the early bird gets the handshake. That's what I heard. Cool. Bring a breakfast burrito. That's how that goes, right? The early bird gets the handshake. Yeah.

You want to do one me. All right, so what is unique about the network? Pre-shared key. So the vulnerability is the pre-shared key. If you can grab enough of the handshake, you can run a word list against it. And if it is in that word list,

you will be successful. So the vulnerability is you. I mean, let's be fair. Passwords suck. We suck. Even amongst our team, we've been cracking each other's handshakes because it's funny and we're lazy. Passwords are awful.

The standard specifically says from 10 plus years ago, if this isn't at least 20 characters and not in the dictionary, then it's not even close to secure. Password is eight characters long, which is the minimum that the standard allows and it will get you into way more networks than you think it does. Why? I don't know.

Just because it's the simplest possible thing. Password one, capital P also works great. Usually for the open or for the guest networks at any company, it's probably the company name. It's probably on a Post-it next to the secretary's desk or on the wall too. Again, we are the vulnerability in WPA primarily.

This is not a password cracking class. There are guys that do heavy crypto and they can do really cool stuff, but the vast majority of the cool stuff is like permutations off of a word list that a human being might type because we're incompetent. There's no real vulnerability here. There's throwing huge expensive amounts of compute resources against something

that is resistant to specifically that and that just happening to get lucky because people suck. If you take a password out of like a line from your favorite show or your favorite song and it's nice and long, in this case, length is all that matters. You really, 63 characters are shorter and you really, you'll never get cracked with this stuff.

I mean, I could just use WPS. Yeah, don't use WPS. I don't want to type all that in. Yeah. And who here has been at a conference where they say like connect to our secure wifi and it's open and we're an airport or a hotel.

My other favorite is you go to a conference and they're like, okay, the pre-shared key is this. If they put the pre-shared key on a sticky note, how much does that do? All you need to do is put that pre-shared key right into Wireshark and it will decode all of the traffic, decrypt all of the traffic for everybody, for you, because that is the only thing that is missing in unlocking the

crypto. That's the key. That's the whole key. That's everything about the key. And then you can decrypt everybody's traffic. You can also put up your own network. You know, here I am, Defcon pre-shared key. I make one too because I know the pre-shared key and then you're on my network. Just the same pre-shared key is the only thing that secures you.

It's right there in the name pre-shared key. As soon as it's known, uh, it's like pre-shared public information. It's like posting your face next to your driver's license on Twitter. Yay. Flow. I love flow. Make sure you reconfigure your test network from WEP to WPA now.

If you were following along to hack the test networks, your cards should already be. Ooh, bribes. We'll be there in a few minutes. If you don't mind. We're just going to finish this talk real quick. And we're done. Thank you for coming.

So sir, we were kidding, sir. You can sit back down. We were kidding. Okay, bye. Yeah, there you go. Thank you. Free seat. So the flow we're going to go through, we need to find the networks again. We need to identify what's going on. We need to start collecting on the client, on the access point in the client and we need to create,

cause we are creating that association. We want to hurry up this process. We don't want to watch it happen organically. We want the, the, we want the handshake. Now we're going to do a D off. You need to catch that handshake and then we're going to crack it. And it's a crypto contest at that point. Again,

we're talking about the reliable way to do it where you send a D off and they reauthenticate. But there is also the lazy or quiet way of doing it where you just kind of show up and hang out outside the wireless village waiting for us to turn on our equipment in the morning before we open the door. That works at the office too. You show up at six o'clock, you sip your coffee in the car while sniffing. Everybody else shows up,

they authenticate. You didn't send a single packet. You were dead silent and you've got a hundred handshakes. I mean everybody does Cali Linux. What is it? The quieter you are, the louder everything is or something. Who has a Cali tattoo?

So same thing. You do your initial scan. You want to see what's going on in the air. You say, you know what? I want to go after WCTF zero zero or the pretty fly for a wifi that you want to go after. So who spelled cipher like that?

Was that you? Nope. That's not me. That was me. Oh my God. Get off the stage. Good. I'm going to go eat. That's not okay. Get off the stage for this whole slide. I will do pizza. You can't talk anymore. Okay, so WPA, what is the cipher? This is something that air crack will tell you or arrow dumb will show you

right in there. Uh, kids will show you right as well. If T Kip is a very vulnerable cipher cause it's based on RC four and all it does is cycle the keys that are in use for the crypto, but it's still basically web. They just cycle the keys fast enough that you can't run that statistical attack on it anymore. Uh, ASCC MP again, faster, better.

Crypto accelerator right on the card and really nice. So definitely use that. Um, but if you don't, there's some cool DOS attacks you can use. They're in MDK three. I'm not going to say much more about that cause DOS is, well, probably the reason I'm getting seven K a second. Thanks kiddies. Um, and is there a client connected again with no client? There is no handshake with no handshake. There is no cracking.

I'll talk a little bit at the end of this about the fact that that may or may not be true anymore, but that's what's really important. All right, so when you're done with your pizza, you can come back up here. Uh, you can see here the cipher CCMP or TKIP and those will be more or less, it doesn't make a huge difference to you unless you want to run a DOS

attack or you want to optimize your network to suck less. So again, D off, um, packet, um, normally the wifi card handles replaying for you. Uh, there's a very, very sensitive ACK system in wifi where I say, hey dude,

and you say ACK and I say, it's great to see you dude. And you say ACK and I know that you got every single packet cause you have to ACK each one of them individually in monitor mode. We completely ignore that so I can set a D off and I will not know if you ACK it or not. So normally we send like a few. In this case, it's a hundred is what we tell it to send.

Aircrack decided that people are too conservative. So for every one you tell aircraft to send, it will send 64. So in this case we were sending 64 hundred D off packets, which is not very stealthy, but it does work pretty well. The important thing is, is setting zero here will D off forever.

And if you don't stop D offing, there will not be a reassociation and no cake at the party. No, but seriously, there's no cake at the party. And at this point with the WCTF,

we provide our own word list because it becomes a crypto contest. How sucky is your password? And if it's sucky enough, if you have a sufficient password, you will crack it. Or if you have a sufficient word list, it will crack it. Aircrack is a great tool for cracking. It is reasonably accelerated. It's been accelerated more and more.

This last couple of releases have been mostly about optimizations, new CPU architectures that speed these things up. And when you're cracking with a few meg word list, that's fine. When you start getting into, I want to do permutations of dictionary attacks and crazy stuff like that. Both John the Ripper and Hashcat support WPA formats and they're very accelerated GPU clusters.

And like you can absolutely crack all this that we're doing on like an Intel Adam from five years ago, this pink that you bought at Walmart for 200 bucks. But if you want to do real work, most of these people have like X number of GPU clusters that cost half a million dollars and need their own AC units. You can just do AWS. Yeah, you could do AWS. It doesn't actually cost all of your money.

Just all of it, but a dollar. Oh boy. MDK three is for being a jerk. Um, that is the primary purpose of the tool. It is for testing things. Uh, we started off testing this morning by running a beacon flood attack at a

thousand packets per second. You're welcome. And nobody's network manager was working. It was really weird. You'd think they test this crap. Leonard. Leonard pottering here. No. Okay. Uh, running everything through D bus wasn't actually the best idea. Anyway, um, it's really important to test things and this is a tool specifically for

testing protocol abuses. Sending thousands of beacon packets is very abnormal and it makes things crash. It makes things very unhappy. It makes sniffers very unhappy if you're not doing proper filtering to make sure you're only capturing the things you care about, which is why we stressed on, you know, filtering, filtering is good. Um,

you can run D off the tax with this. You can run very targeted D off the tax with this. You can run very on targeted D off the tax with this. Uh, it is a useful tool and I encourage you strongly to test it at home and not on your neighbors. And I really, really mean that because as it turns out when you dose a small city block, people eventually get upset. Um, that was my job for a little while. Yes,

that is somebody's job. If you run like a persistent D authenticate flood on a business for long enough, they will actually fly out some asshole with a directional antenna and I will find you. Um, typically with the police in tow because I'm not that big. I just seem that big cause I'm on this stage. I'm,

I'm 24 inches shorter than this really. So running the fog of war last night, the team showed up early to try and see if they could catch off of us. And in a short amount of time I gave them a gig and a half of garbage. Free word list. Yes, I, uh, with the correct flags,

I used old word lists from previous, uh, W CTFs and I sent out all the thousands of words from those word lists as beacons. So dash dash help gives you a little bit. It tells you what the initial flags are like a dash a dash b dash c or just

a, b, c and then, uh, dash dash full help drops a bunch of extra things underneath those sections and categories to let you know what other things that you can add to those to either be more specific or be more aggressive. Alright, I'm going to spend the last few minutes cause I didn't bother to

develop any slides cause none of my challenges were working until right before this talk. Um, but I want to talk about the new stuff. I want to talk about the elephant in the room and that is Adam from the Hashcat team. He's an elephant. I mean an 800 pound gorilla. I mean dude's awesome, right? He makes this sweet password cracker and he's got a whole bunch of team members that actually understand crypto as opposed to say me. Uh,

so while I am zero chaos, there's this dude zero beat and yeah, zero beat who actually was going through looking for a hall in WPA three and failing that accidentally found one in WPA two and publicly released it. He swears there's more coming and I want to be his friend.

So hopefully he'll tell me all about them. But about last week, I guess last week, uh, there was a big announcement, you know, here's a random Hashcat forum posts, not, you know, anything flashy, but they released an attack on the PMK ID. They didn't name it and give it like a logo? Yeah, there was no logo. There was no name. It's like these people aren't douchebags. It's weird, right?

They could have called it PM crack. Um, okay, we'll name this later and logo contest, uh, 50 points in the capture the flag logo contest, coolest logo and name, and we'll send it over to Adam and his guys so they can feel special. Uh, that way we can get them in the press, you know,

cause you can't get a vulnerability in the press without logo and a vulnerability name. So anyway, they came out with this attack and it's a really interesting attack. It's basically attacking the fact that the access points send you the same information as the handshake to negate the need for the handshake.

So it's part of high speed roaming protocols, things called opportunistic key caching or eight or 12 and R, uh, will pass the PMK ID and the PMK ID is a known set of publicly available information plus the master key, which you can then run a pass, a standard dictionary attack against,

just the same as you could before. The difference is is this is sent out when roaming is enabled on these access points in the first part of the handshake. The way the handshake works is I'm a client and I say, I want to connect to you Mr AP and the AP says, here's your challenge and it includes everything I need to crack the key. Um,

that might've been a poor design choice. It's a feature. It is a feature. It speeds up the process cause I can say, Oh, we already have a PMK negotiated. We don't need to do this anymore. I'm just going to start sending data at you. But it also works as an attacker because the very first packet contains

everything I need. I can now, legitimately try to connect to an access point and it will send me everything I need to crack it. Whereas before we had to wait for a legitimate client to go back and forth with the access point and then we'd capture that and crack that. So it is a very interesting attack, but for a couple of reasons the sky isn't falling. Number one,

on a pre shared key network, there is literally no reason for that to happen. It's, it's just something that's completely unnecessary. There are a few implementations that do and those are probably be fixed shortly. But even still, it's not a new vulnerability. It's just saving you watching that client.

You can force a handshake basically for yourself as opposed to waiting for a legitimate client, which again at 2am when you're hacking your neighbor, is a legitimately helpful thing I guess. But when you're attacking a corporation or something like that, you know, when you do this for a living, this is just unnecessary because you get legitimate handshakes. It is slightly optimized in that a lot of times you get bad packets because

the error is like that. You're not literally in between the access point and the client. So sometimes your packet gets corrupted and theirs didn't and you miss things. So this is a nice, reliable way to crack the key and that's a great improvement as well. But it's not going to speed up the cracking.

It's still a dictionary attack and it's, it's again, it's really cool, but the sky did not fall. So I think that's an important thing to note. It's also a very interesting attack against EAP networks. All networks, including the enterprise ones, use a PMK. They just derive it differently. And the PMK ID is sent for those networks as well.

The difference is is the PMK changes constantly on an EAP network, on an enterprise network. So by the time you crack it, it's worthless. Also in that case, you're cracking a 64 character key because it's generated by the enterprise network rather than a human. And that's definitely a thing. So next,

I still have like two minutes, right? Cool. Allegedly a minute or so. WPA three, your prayers have been answered. Almost you can do IOT things with this. Oh my God. The IOT is that's so cool. I love the IOTs. I want to capture some packets.

So WPA three has been a long time coming. And when the cracks came out, the crack attacks came out earlier this year and the fall, people immediately jumped on to say like, Oh cool, we've been working on WPA three forever. What they meant to say was is there was a bunch of standards that had been

sort of informational RFCs for years that were implemented by various people, uh, WPA supplicants and host APD, not withstanding you better have brought club Monte and a hug or at least a hug. Um, anyway, I don't see any Montes. I'm just going to keep giving my talk. Um,

so WPA three has a bunch of standards that were generally kind of released, but not standards track. They were like informational RFDS that were used for mesh mode and things like that. And they're not really brand new. The brand new part is that they're actually doing interoperability testing.

They're doing interoperability testing to prove this stuff all works together. And it is really, I broke my mic. Thanks Ronnie. Anyway, broke my mic and then she leaves. Like all women. Oh, I'm sad. Where was I?

WPA three has somebody like volunteer for that. Yeah, I know I'll see you next time with the club Monte. Okay. Thank you. I miss you. Um, miss club Monte too. I had a bunch in Germany. So the handshake has changed. The main difference being that the handshake for WPA is attackable offline.

And that means I can capture the handshake and I can run it on my high speed cracker. The handshake for WPA three as defined by, um, I think it's an informational RFC and then it's used a lot in 802 11 S for mesh mode devices. It's a zero knowledge, um, handshake, which basically means that you're doing a full,

I'm not sharing anything about the key, but I'm proving in a way I have it that you can also prove that you have it. And then we're like, it's some of that spooky shit that again, not math guy, don't understand. But the whole point is it's supposed to be resistant to offline attacks. You shouldn't be able to attack it the way we're attacking things now.

And an online attack means you are literally like trying every password against the access point one at a time until it takes one, which as it turns out is slower and obvious. Um, you can walk into a room and say, who are you looking for? Oh, you're looking for John. I'm John. But you can't walk into a room and say, you're looking for John.

You're looking for Frank, Sam, Sally. I'm Sally. It doesn't work, right? You can't just keep doing that over and over again, maybe to your neighbor. You can, but certainly not to a corporation or an enterprise. It's just not going to work. So the whole idea is to improve that handshake mechanism, which was so broken. They also added in a few things, which sadly are more optional than I'd like them to be. Um,

they added in 802 11 W being part of the requirements. The requirement is you must optionally support it, which isn't really much of a freaking requirement. It's 11 W is the signing of the D off packets so that people like me can't just make a million of them or more likely people like you. Yeah,

I see you with that big antenna. Adding in those kinds of things to the standard makes the whole thing a little bit more robust, takes care of the problems that we have today and helps us move forward. WPA hasn't changed much in the last 10 years or so, but there have been a couple of add on standards that really made a difference. So all this is is wrapping them in a nice little interoperability standard to

allow us to actually take advantage of it. Because although things like management frame protection have been around forever, um, things don't support it, especially home access points don't support it. You can't just check that box. Even open WRT, you can't just check that box. You have to go into the config file. I know a config file. It's hard.

There's no little gooey. Okay. Should be on by default. It should be on my default. It will be on by default. And that's my promise to you. Um, so it's trying to solve a lot of the problems that we're having today and hopefully it's going to do a really good job. But as of right now, nothing supports it and I don't think anybody's actually passed the tests and

quite frankly, um, Linux sure as shit doesn't. So good luck folks. Thanks for playing. Um, and with that I'll take a small bow.