WIRELESS VILLAGE - WEP and WPA Cracking 101

Video thumbnail (Frame 0) Video thumbnail (Frame 3203) Video thumbnail (Frame 7962) Video thumbnail (Frame 9387) Video thumbnail (Frame 14124) Video thumbnail (Frame 15403) Video thumbnail (Frame 18543) Video thumbnail (Frame 22754) Video thumbnail (Frame 26536) Video thumbnail (Frame 29854) Video thumbnail (Frame 32061) Video thumbnail (Frame 34349) Video thumbnail (Frame 39417) Video thumbnail (Frame 44566) Video thumbnail (Frame 47011) Video thumbnail (Frame 48750) Video thumbnail (Frame 50990) Video thumbnail (Frame 53860) Video thumbnail (Frame 58835) Video thumbnail (Frame 60519) Video thumbnail (Frame 61924) Video thumbnail (Frame 63738) Video thumbnail (Frame 67674) Video thumbnail (Frame 71457) Video thumbnail (Frame 85896)
Video in TIB AV-Portal: WIRELESS VILLAGE - WEP and WPA Cracking 101

Formal Metadata

Title
WIRELESS VILLAGE - WEP and WPA Cracking 101
Title of Series
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
2018
Language
English

Content Metadata

Subject Area
Area Word Software Password Point (geometry) Motion capture Flag Rule of inference Äquivalenzprinzip <Physik> Exception handling
Laptop Point (geometry) Suite (music) Context awareness Injektivität Workstation <Musikinstrument> 1 (number) Device driver Client (computing) Revision control Wiki Goodness of fit Crash (computing) Spherical cap Hacker (term) Core dump Arrow of time Software protection dongle Alpha (investment) Form (programming) Injektivität User interface Context awareness Graphics processing unit Service (economics) Workstation <Musikinstrument> Suite (music) Software developer Point (geometry) Electronic mailing list Plastikkarte Client (computing) Radical (chemistry) Word Password Infinite conjugacy class property Software protection dongle Laptop
Laptop Boss Corporation Touchscreen Copyright infringement Multiplication sign Stress (mechanics) Counting Online help Line (geometry) Client (computing) Graph coloring Hand fan Goodness of fit Sampling (music) Metropolitan area network Äquivalenzprinzip <Physik> YouTube Äquivalenzprinzip <Physik>
Implementation Existential quantification Multiplication sign Streaming media Bookmark (World Wide Web) Number Mathematics Core dump Encryption Arrow of time System identification Right angle Normal (geometry) Address space Vulnerability (computing) Authentication Predictability Vulnerability (computing) Dataflow Key (cryptography) Planning Cryptography Digital object identifier String (computer science) output Condition number Right angle Nilpotente Gruppe Äquivalenzprinzip <Physik>
Asynchronous Transfer Mode Service (economics) Multiplication sign 1 (number) Device driver Insertion loss Function (mathematics) Computer programming Number Internetworking Netzwerkverwaltung Operating system Flag Configuration space Position operator Wireless LAN Physical system Alpha (investment) Area Touchscreen Information Gamma function Interface (computing) Plastikkarte Bit Digital object identifier Data management Software Interface (computing) Wireless LAN Asynchronous Transfer Mode
Injektivität Point (geometry) Slide rule Injektivität Multiplication sign Plastikkarte Device driver Entire function Process (computing) Software testing Software testing Whiteboard Wireless LAN Asynchronous Transfer Mode
Point (geometry) Suite (music) Trail Multiplication sign Real number Motion capture 1 (number) Client (computing) Mereology Disk read-and-write head Field (computer science) Number Power (physics) Web 2.0 Goodness of fit Mechanism design Spherical cap Single-precision floating-point format Negative number Encryption Energy level Flag Software testing Address space Authentication Scripting language Touchscreen Information Inheritance (object-oriented programming) Key (cryptography) Plastikkarte Client (computing) Storage area network Numeral (linguistics) Enumerated type Right angle Äquivalenzprinzip <Physik>
Point (geometry) Computer file Multiplication sign Online help Client (computing) Mereology Number Web 2.0 Wiki Different (Kate Ryan album) Core dump Encryption Flag Software cracking Arrow of time Äquivalenzprinzip <Physik> Scripting language Default (computer science) Email Algorithm Standard deviation Key (cryptography) Client (computing) Bit Type theory Right angle Figurate number Wireless LAN Table (information) Row (database) Äquivalenzprinzip <Physik>
Point (geometry) Game controller Hoax Multiplication sign Client (computing) Front and back ends 2 (number) Broadcasting (networking) Bridging (networking) Core dump Software cracking Flag Software testing Arrow of time Associative property Authentication Default (computer science) Shift operator Touchscreen Point (geometry) Plastikkarte Maxima and minima Limit (category theory) Data management Message passing Software Wireless LAN Äquivalenzprinzip <Physik>
Point (geometry) Dependent and independent variables Mobile app Key (cryptography) Stress (mechanics) Electronic mailing list Online help Open set Number 2 (number) Backtracking Revision control Type theory Subject indexing Goodness of fit Spherical cap Core dump Flag Arrow of time Iteration Form (programming) Äquivalenzprinzip <Physik>
Point (geometry) Standard deviation Multiplication sign Point (geometry) 1 (number) Client (computing) Motion capture Client (computing) Cryptography Social engineering (security) Revision control Hooking Software testing Escape character Associative property Vulnerability (computing) Associative property
Point (geometry) Dataflow Length Tube (container) Device driver Open set Client (computing) Bookmark (World Wide Web) Twitter Web 2.0 Encryption Uniqueness quantification Software testing Information security Social class Vulnerability (computing) Vulnerability (computing) Dataflow Key (cryptography) Information Electronic mailing list Plastikkarte Computer network Client (computing) Maxima and minima Line (geometry) Cryptography Type theory Word Process (computing) Software Personal digital assistant Password Infinite conjugacy class property Right angle Äquivalenzprinzip <Physik>
Slide rule Key (cryptography) Plastikkarte Client (computing) Bit Denial-of-service attack Client (computing) Cryptography 2 (number) Goodness of fit Core dump Arrow of time Right angle Office suite Cycle (graph theory) Äquivalenzprinzip <Physik> Vulnerability (computing) God
Point (geometry) File format Execution unit Electronic mailing list Gene cluster Horizon Plastikkarte Data dictionary Cryptography Mikroarchitektur Permutation Number Word Software Hash function Different (Kate Ryan album) Personal digital assistant Password Encryption Computer-assisted translation Mathematical optimization Asynchronous Transfer Mode
NP-hard Axiom of choice Randomization Multiplication sign Sheaf (mathematics) 1 (number) Set (mathematics) Chaos (cosmogony) Client (computing) Mereology Mechanism design Sign (mathematics) Mathematics Very-high-bit-rate digital subscriber line Different (Kate Ryan album) Netzwerkverwaltung Flag Cuboid Vulnerability (computing) God Enterprise architecture Electronic mailing list Bit Category of being Proof theory Data management Process (computing) Hash function Configuration space Right angle Quicksort Freeware Asynchronous Transfer Mode Point (geometry) Slide rule Implementation Beat (acoustics) Computer file Motion capture Online help 2 (number) Number Crash (computing) Goodness of fit Internet forum Operator (mathematics) Software cracking Software testing Computer-assisted translation Authentication Default (computer science) Standard deviation Polygon mesh Slide rule Information Key (cryptography) Radon transform Denial-of-service attack Total S.A. Cryptography System call Frame problem Graphical user interface Cache (computing) Word Software Personal digital assistant Password Communications protocol
so welcome to the noob talk we're all noobs it's just some of us have been noobs for longer than others I find that no matter what I'm doing somebody else knows a whole lot more about it than I do with very very very few exceptions one being Wi-Fi however we all have something to learn from somebody else nobody is stupid you're just inexperienced and that can change especially when you're here so we have a whole bunch of accessible challenges for everybody including some of the stuff that we're about to run through which is probably working right now so probably this is why we're doing screenshots but the challenges are actually all available and some of these teams will make friends with you we're running a capture the flag all weekend and the coolest thing about the capture the flag is for the last few years the noob team has come in second because people will sit down and they'll say I just got this in the vendor area and I don't know what to do with it and they will make friends and that team will end up with like 20 people wanted all helping each other learn how to do this stuff and then they come in second place normally two people that do this for a living so come in have fun this is accessible and we're all here to learn from each other and that's why we're doing it so without further ado we're gonna start talking about the wi-fi's if you missed the in brief this is very important we are not lawyers we're definitely not your lawyer and you have permission to hack our shit you don't have permission to hack the hotel the casino your neighbors your mother's best friend yeah as it turns out the rules with radio are really really easy don't be a jerk don't get caught and you're good so everybody be friendly and set up a network at home because setting up a network with WEP or WPA is half of learning how to crack it so and you have permission to do your own stuff yes it turns out if you own it you can hack it well I mean unless you're in the US or something I don't know maybe not even know your own password
you're gonna talk at all I'm doing this I'm gonna talk sometimes maybe you could just dance to Taylor Swift and all talk if you put on Taylor Swift I will shake my booty to some tight a Eric could you fire up Taylor Swift for background while we talk so that he can dance and I can talk that'd be perfect so requirements to hack download Kali Linux put on a black t-shirt and then a black hoodie and then black jeans and then don't shower change the changer terminal to green text yes green text is very important now truthfully it doesn't matter okay I happen to be the primary developer of pensee Linux and so we push it really really hard in the wireless village because I test all of our challenges with it at least all the ones I good enough to take down and it works so we know it works and when people say my laptop doesn't work we say well that sucks here's a pen sue I so anything works if you're good enough at Linux to fix your own problems we recommend pen two because we don't want to do Linux troubleshooting while we're here if you want to do Linux troubleshooting find a new friend we're not your friends for that we're your friends for wireless all right thank you okay you also need a Wi-Fi dongle preferably one that can do packet injection that's not always required but it is way way better the list is pretty much exhaustive on the aircraft wiki so we're not going to go into it but there's quite a few cards that are very cheap very accessible and good to go the tp-link WN 72 to n that people have been recommending for years is now garbage because they switched the chipset and made it version 2 which is a really wonderful thing to do that said the aircraft team has been nice enough to well they made a friend and he's been working on the driver for the realtek 8812 a you chips and so all of the new AC chips from like alpha actually work now if you use that driver it's included in both pen soo and Kali and again if you don't use one of those you can compile it your goddamn self and I'm probably gonna cuss a lot so if you have a problem with that get the fuck out you're also gonna want the aircrack-ng suite we'll talk about some newer stuff at the very end but by-and-large for the past 10 years that's been the absolute standard aircrack-ng contains all of the tools you need all of the attacks you need and that's primarily what we use Gizem it's awesome you use it for sniffing everything for profiling everything especially the new version which has a sweet little web interface and you can sort and press a little button to download handshakes when it doesn't crash things are clickable things are clickable it's really cool MDK 3 for being a dick pretty much exclusively for being a dick we're both dicks we're running what we call fog of war in here so if you're not filtering your pee caps properly good luck and a word list we highly recommend that our contest is not a password cracking contest so we give you the word list that we drew our passwords from password cracking is its own art form and it will not be covered here but you want a good word list probably a big one maybe many many GPUs and things like that for cracking but again we're not gonna go too deep into cracking oh boy
this is important stuff you want to cover this for me absolutely so inside of the arrow dump there will be a few things that you will need to become familiar with like the bssid which is the Mac of the actual access point the SSID which is your SSID all the cool things you've named it like pretty fly for a Wi-Fi and in the comprehend Linksys tell my wife I love her so and then for station because air crack is amazing in the context and down at the bottom station means the actual like devices that are connecting to the access point where you would think it's the actual access point but it's not because they it's a vocabulary problem that they can't solve my station means client just remember that super hard it gets confusing really quickly drink less
so what you can't see you don't know is there so you need to scan the air it's oh yeah we're DC DC a man pulled we're not gonna be able to go up on YouTube that was a short audio sample that was not piracy I mean she's gonna get more fans and that's all we want so the methodology I use and I will share today you've got to configure your radios 99.97% of the time the radio that is in your laptop is not going to be what you need to do amazing hackery things you're going to want to scan you need to see the things that you have scanned know how to pull them apart and see what truly is going on with it you need to isolate down to the targets you want to go after you need to start collecting on that specific target you want to pull the exact wpa2 I'm going to go after this I'm going to go after pretty fly for a Wi-Fi I'm gonna start collecting on it I'm gonna start opening it up in Wireshark start looking at it in different ways I need to find what makes that thing tick what's going on with its clients what's going on with everything else you need to find the thing again targeting counts for like everything who hears ever opened up Wireshark and watch the packets fly by aside from that looking really cool in front of your boss did that help you in any meaningful way no because there's a reason there's a giant filter thing at the top because if you don't use it it is completely worthless although man my screen can scroll really fast thanks NVIDIA and it's color coded I mean is color coded right picking your target filtering down on your target these are absolutely critical skills when you get people with like 900 mega peak apps they're like the handshake I can't find it in here like there's a filter for that oh I was scrolling through okay that's one way I'll see you in the next Ice Age soon yes soon so in in in the world that I live in and hacking and cracking wireless it doesn't it works the first time so as you see there's a nice little red line that says once you perform the attack and you can't get it you need to start over again because you didn't find the thing you didn't do the right stuff to collect the right things to win yeah I can't stress that enough either like I've been doing this for a really long time I've been on the air crack team for a decade and I will collect a hundred thousand IVs and then it won't crack and then I will throw that in the garbage and I won't do it again because it does take two minutes to crack WEP the first time it works but there's like three or four other times before where it just didn't work use don't count that time that that doesn't count practice I was practicing we're just making sure your radio was working yeah yeah all right so let's talk a little bit about
wet I love wet it's good it's just good
enough yeah so again find your targets arrow dump is nice enough to show this kids MIT's nice enough to show this your friggin cellphone's nice enough to show this most likely don't buy iOS identify what you're looking for I'm going to attack pretty fly for a Wi-Fi or whatever it is and then fake off is quite often the standard way of doing it the reason we do things the way we do is not because it is the only way to do it it's because it's the more reliable way to do it you can capture somebody else who's already on you can try to steal their MAC address but then they disconnect and then you're invalid and then this the abd offs you and then it doesn't work so if you make your own authentication you make sure you stay authenticated and things like that so again collect packets replay packets crack packets it's really easy stuff why
is any of this possible right who here remembers and Wi-Fi came out so three months before that they were like okay we've got the stamp on this thing it is good to go let's start marketing it oh hey what kind of encryption are we using oh we should probably put some encryption on this instead of just plain text and so the marketing team slapped on some crypto and didn't bother reading any of the notes rc4 was known vulnerable at the time and they knew how to solve the vulnerability and chose not to do it for Wi-Fi so as it turns out letting the marketing team run crypto is a terrible plan so bad bad bad yeah entropy fails basically the first I think it's a kilobyte of key stream that comes out is just complete garbage and in any sane implementation you just throw that away Wi-Fi doesn't it's predictable and you use it to make a key really quick under normal conditions this doesn't take long I can just sit there and just listen while they're streaming Taytay and I can get enough packets to crack it I think that was actually the longest you've ever listened to just now negative it is always playing yeah air crack will automatically retry after every 5,000 IVs that are captured so if you let air crack run on the dump while you're making it it'll just keep retrying for you until it succeeds or the number gets really high and you're like something's broken in here it says right here about a hundred thousand is where we tend to say it's broken or it should have already given me the key about 120 is where I just give up and wipe that file off of my disk and start over assuming something weird got corrupted or the math just didn't work out for some reason that I don't understand because I am NOT a math major in a room like this while there's a competition going on while everybody's doing all their fancy magical hackery things there may be a lot of things in the air that you catch that is just playing garbage that's showing up as an IV so you're gonna cross the hundred thousand mark and not have the exact things you need to be successful very true oh boy this is my second favorite
program in the world airmon-ng is a great tool if you're running pen - it's been recently updated to support the Arts here are eight eight one two the new alpha you can buy them in the vendor area I'm I don't actually know who selling them but I'm positive they're selling them the new AC drive driver ones are all supported in this now and will be in the next air crack release but basically what this does is it identifies your card tells you about your card looks for a couple of basic problems to tell you you know the drivers broken or if network managers running and gonna mess with you or something like that you could lock system where the users well that's just a general bit of advice so the first thing I do when I plug in an extra in external card is I just run airmon-ng to just see if my card has even showed up because anything else you do after that is not gonna work if your card if your operating system does not know that your card is there and the drivers aren't proper for it really I run with the verbose flag because I'm noisy we know that you are all right so airmon-ng start and then your interface name which if you're on system D is w LP z v XY Z one two three four gamma if you use the same system or you turned off that stupid naming it's like W land zero and then it'll take it and put it in a monitor mode and it will denote that it's in monitor mode by just adding the suffix Mon to the end of it so you don't get confused it also helps network monitor manager keep its hands off that way it doesn't flip it back out of monitor mode for you if anything goes wrong it normally tells you I can't tell you how important this is not just read the manual because I can forgive you for not reading the manual but read what's on the screen the number of people that tell me like why ran airmon-ng and then it wasn't in monitor mode what was the output well it says it's it's not in monitor mode and it told me why but I didn't read that until you asked cool story read it next time first thank you these tools mostly have decent output I'm definitely not going to say always but a lot of times it's very useful so try to read it and understand it I destroyed this interface I created this interface this interface is in monitor mode these are useful bits of information and know and understand about how Linux works if it goes bad for you airmon-ng stop takes it out of monitor mode or it actually aborts and does that by itself if it's really bad check tells you if there's any problems and then check kill fixes your problems the safest way possible by killing all of the services that mess with it like that we're manager and you're about to lose Internet yeah yeah using the internet with a Wi-Fi card while hacking with a Wi-Fi card is a very advanced topic that we shall not be covering is it that advanced yeah I recommend wired users here at DEFCON you can have 7k a second wired it's very nice so here's an
example just running at him on ng shows me that I have my internal wlan0 I got my WLAN one choked up a little kind of
quiet that's not much to say anyway so here when you have an actual problem it will identify through the process ID and the name your the processes are going to prevent you from being able to get a monitor otherwise down below you'll see that it's it'll tell you it's WLAN Mon and you're gonna be able to go from there alright this is the single most
important slide I'm just saying that cuz he removed it saying it wasn't important than we made him put it back testing your gear is incredibly important I spent literally more time testing Wireless drivers than I did building the entire wireless capture-the-flag because if it's not stable if it doesn't work right I just don't want to use it because that's really what bites me configuring an access point sometimes is easy except for this morning anyway test test test I'm sending a million D offs a second and it's not working at all why did you run an injection test is the card injected well no I didn't test it okay test it oh it doesn't inject at all cool well that's why you're setting a million packets to no one and it's not going to work again most of the cards anymore just kind of work but a lot of things with weird vendor drivers or staging drivers that aren't mainline Linux kernel drivers and then a lot of the embedded cards we just got one of our team members just got a brand new XPS 13 and it's got a nice embedded Qualcomm chip on it soldered onto the board and it doesn't support monitor mode in any meaningful way but it'll totally tell you it does so that's great no monitor mode no injection but it pretends that it all works fine it just you know doesn't so again testing your gear incredibly important most of this is really easily Google like which cards work in which cards don't but something to keep an eye for is just plain test that is the only way to know whether it works or not just like a gun don't point it at your foot while you're testing it but you know test it and you need to actually stop that D off at one point so that you can get the reassociation oh yeah that's a good point because if you just keep me off talking about that with WPA just you said just send a million packets just just D off
it just kill it all I hate Wi-Fi hi this is what air adult looks like for those of you that don't know it's incredibly helpful so we've got the bssid which is the MAC address of the access point we've got power level which is in signal strength which is a negative number which means negative 43 is a much bigger number than negative 71 that's how negative numbers work I know that's really confusing to people I just heard somebody earlier today saying oh my gosh I'm only getting negative 40 and I'm right next to it this thing's a piece of junk I'm gonna take it back like well number one you're too close that's not good and number two that's a very big number in Wi-Fi that's actually the top of what the standard requires you to pick up if you see something like negative 40 you're almost certainly damaging your card if you can use a 12 foot Ethernet cable use the Ethernet cable instead the number one problem I see with personal test setup is they'll set it all up on their desk and then everything is so close when you're sending packets it's actually like screaming into the person's ear with a bullhorn it doesn't work it distorts really badly you need a nice 12-foot table or at least to put something on the other side of the room that is like the biggest test set up problem I see all the time including myself you have to get things spaced out enough especially when you get the ultra super power high power suite excellent cards because we've got a couple of people over here playing with Yogi's and I think they must be playing somebody else's contest because there's no way you need that to reach us in here what they're doing is damaging their radios bigger the antenna the better bigger is always better I promise yeah that's why we have wasabi other than Zima so this screen is not every single piece of information that you need just cuz you see that the WCT f10 is web does not mean you know what let me just start running my attack this is just your initial scan this is just enough to start to decide what am I going to do next there is not enough information here to move forward and that's where the enumeration comes out and finding the thing you mean footprinting how do I footprint
something you talk too fast watch hunters tell me all about a numeration I'm curious so you download sans cheat sheets and they tell you how to use Wireshark real good that's really important actually because I'm not gonna tell you every flag off the top of my head right now to start sorting through your pee cap because I don't remember and I have my own cheat sheets and I run scripts this comedy show sucks so doesn't have a client what kind of client is that an active client is an intermittent client again you can use somebody else's MAC address and you can do replay attacks from there to gather enough key material to crack the key however if they disconnects you disconnected to because they were the ones holding the authentication to you the access point doesn't talk to people who aren't authenticated there by your replay attack stops so authenticating yourself helping a client maintain it authentication maybe are all really good tricks to keep yourself on the access points you can keep generating traffic air replay is a wonderful thing it's very easy to use but keeping track of those clients or creating a fake one of your own webs authentication mechanism is so broken that they don't even use it in the field they just switched it back to open for the most part shared key authentication allows you to recover the key even faster than attacking the encryption itself so yeh capture our
number one motto here in the wireless village is ABC always be collecting always be collecting copper collecting money for chip ok yeah so write everything to a file that's great you can filter it down by bssid which is warmly recommended especially if you're attacking something specific you can also just capture literally everything and then filter it before trying to attack it offline so I have one device is capturing everything after a certain number of Meg's I cut that off start a new file and I offline attack the file that I created it's very common to just capture absolutely everything and then filter it before you try to use it if you are channel hopping and the handshake happens while you're on the wrong channel you're not going to catch it if all the traffic that you need from the web access point is happening on a different channel you're not going to catch it yeah so not channel happening is very important when you're trying to actually capture data you channel hop when you are looking for things that's the default for arrow dump as an example you just add - - channel which again is in the help and I'm not going to cover every flag in aircrack but - - channel one if you want to stay on channel one and it just stays there I think one of our team members had that problem yesterday where they couldn't figure out why they couldn't see something and they were channel hopping it's a really really common thing to happen that happens to people who do this all the time so be cognizant of like that little number that's changing really fast in the upper left corner
so it's the what else what else is going on what else is is it this concur up ssin algorithm is the client acting in this way there is more than one web as crazy as that sounds it's not just web just like there's the different encryption types for WPA there's different encryption types for web you need to know those things because when it comes time to cracking you will be more successful if you know what's going on with what you are collecting in your pcap and cheat sheets cheat sheets and cheat sheets because that's what helped me be successful competing in the W CTF if you don't write it down you're gonna have to Google it again and again and again yeah air cracks wiki is really really helpful for stuff but boiling it down to just the things that you need to know once you understand the core concepts because there's a lot of explanation going on in the wiki that you only need the first time you read it writing down these are the steps I take or I run this why fight script and it does everything for me while I like drink my coffee write down the method that works best for you and follow that like it's a gospel it's really the easiest way to do it web especially is just nightmarish because it does a lot of weird things that don't make any sense for a standard the way to tell the difference between 40 bit 104 bit WEP is to crack it there's no marker in the air for that or anything you you just have to try to crack it both ways which is the default and air crack but you have no idea which one it is until you crack it and and things like that make things a little more weird they also make things a little more unpredictable like how many packets do I need to crack this it's just as just a statistical attack against the poor encryption algorithm but to crack a bigger key you need more stuff for that statistical attack so it's a lot less reliable to say like oh you need sixty thousand packets totally sometimes depending on which packets they are now the attack is also based on a known plaintext attack which is why we use our pre-play so often because our packets are so well known we know what is in an art packet and we know where everything is even after it's encrypted about like more than half of the packet is known to us because it's in the unencrypted header and in the encrypted part of the packet at the same time Wi-Fi is really wonderful like that where it gives you a fully unencrypted headers even with WPA sir in the front row sitting at the wireless capture-the-flag table and that's that's not okay please sit where the contestants it thank you no problem this wasabi the new guy's got his eyes out and I'm hungry enough that if somebody brings me food I will tell you a really cool way to crack WEP with 40 IVs yes double-double animal style extra points for more stuff I'm serious I cracked WEP with 40 IVs at shmoocon just saying he definitely didn't use a dictionary attack or maybe all right
needed generate as much traffic as possible again statistical attack to do that what we do is we generate more our packets we capture something which means that somebody has to be on the network in the first place my most common thing after my shit doesn't work that I see an air cracks IRC channel is well I've been sniffing for like ever and I can't replay anything like well it's two o'clock in the morning and you're attacking your neighbors Network and they went to sleep there's no data to capture and thereby there's no data to replay creating a client and connecting to an access point will sometimes get you data if for example there's something on the wired side of the network that's generating packets and then the AP is like oh there's a wireless client I'll bridge this data two of them because they need to know but on a not busy network like say one of your test networks that you set up if there's no legitimate client there will be no legitimate traffic if our attack is a replay attack there is nothing to replay so you have to connect the legitimate client to the network put something on the backend of the network that is pinging the hell out of nobody to generate some traffic something like that to generate traffic a network that has literally nobody on it has nothing to replay no matter what you do you can fake off and D off yourself all you want which seems like a long way to masturbate but you're not going to get anywhere you have to have actual traffic to replay nothing you do generates real traffic you're making fake garbage in the air that the AAP silently ignores because you don't know the actual key something on the wired side or in the air has to know the key otherwise you don't have anything to replay so once you have something valid to replay preferably an art packet aircrack handles that one by default you just say - - are pre play that will sit there and wait for an arp possibly until you die and then it will start sending them as fast as it possibly can the fake off helps us again because if there's something on the wired side that's generating packets we'll get those bridged to us Wi-Fi access points that aren't made by Belkin are what are called smart bridges smart bridges know that if there's nobody on the other side I'm not going to forward the packet so if there's no wireless clients connected there's no reason to put packets into the air but as soon as a Wi-Fi client connects even if it's a fake authentication it says oh cool all the land traffic needs to go into the air now to support this guy lots of things you know NetBIOS are a whole bunch of packets mdns phones are great these are all broadcast packets so they have to go to everybody and so they just get immediately thrown into the air it's very noisy really great fake off is nice and in collecting traffic the more radios the better one dedicated to collecting one dedicated to an attack with one tool and maybe another dedicated to attack in a different way so sometimes I've run replays and then I've also ran why fight with a completely different radio to generate more traffic yeah you can absolutely listen and transmit with the same card but just like humans you can't do it at the same time for every microsecond you're transmitting you are not listening thereby two cards is still really helpful or 47 or whatever well actually 32 is the limit for Intel USB 3 chips you can google that one yeah thanks guys
make actus doesn't use USB it's all Ethernet but it's got those cool lights those might be USB powered I don't know so you need to have success when you run the fake off or everything else is not going to you're not going to have a good time it needs to say Association successful yeah successful again reading the messages in these tools that come out incredibly helpful - one is fake off 0 is the flag you pass to say I only want to do this one time if you were to pass say 30 it'll do it every 30 seconds or every minute or whatever you tell it to do to maintain that authentication some access points actually have an unlimited time out as long as you're sending packets they think you're cool and they leave you alone the standard requires you to reallocate every 5 minutes because it may or may not work every time we do it we normally do it you know once a minute or something like that just to maintain that association so the AP doesn't reject our packets one quick tip control shift T is your friend if you've ran arrow dump in another tab copying max into the adjacent tabs for running these is it's amazing you believe these kids don't run X just put it in screen people you don't need a graphical manager for this or I can use T marks mark it's T MUX fucking Millennials I was born before you 2 months still counts alright it's a short flags or
your friend when you're writing things they're not your friend when you're trying to learn this stuff again I keep saying them as long flags because frankly I use the long flags because I never remember which attack - 7 is - - our replay is really nice to remember because I know it's going to do an art pre-play attack for me it happens to be 3 you can also do - - interactive where it will tell you every single packet that comes by in an encrypted form which is really hard to read then you say do you want to replay this one sure I do why not and then you can see what kinds of packets you get good responses with that's a really weird thing to do our replay is way better and it's number three and I also would like to point out that arrow dump uses - a - filter for a bssid but air replay is modifying the bssid by and so you need - B which is modifying the packet not just filtering a b c in there somewhere I don't know there's a - - help for all of these tools that I can't stress enough is written for your benefit not mine is the coder oh cool we get to crack it now I
used backtrack that's awesome because I don't use Callie to do wireless I think that's backtrack 3 I think it's backtrack 5 are 300 version air crack is that 1.1 okay so anywhere in the last nine years is that one and there's been three air crack releases in the last six weeks and before that it was like how many years I don't even know point is it still runs the same you type aircrack-ng and you tell it to open a peek app you can also tell it to open like star cap or something like that and it'll open lots and lots of them if you made lots and lots of them and then it'll ask you which one you want to attack and you press 37 which is the number in the index list and then it starts trying really really really hard and again if you leave it running and you don't have enough of the right IVs like it'll tell you we tried this many keys and it was not successful and it'll say waiting for the next 5,000 10,000 30,000 it'll keep going up in iterations the cool thing is it's also way way faster the more packets you have so trying with five thousand packets could take a few minutes trying with a hundred thousand packets takes a few seconds so reading in those packets actually takes longer than the cracking once you have enough of them because it narrows down the statistical probability of what the key could be you should totally enter this flag and see what happens
WPA that's a thing and wpa2 which are different in no meaningful ways WPA and wpa2 WPA one versus wpa2 are standards
given by the Wi-Fi Alliance for interoperability testing basically they require a different crypto and have optional the other crypto so it's tkip is required in CCMP is optional for version 1 and then CCMP is required in tkip is optional for version 2 it's actually written into the standard ADA tool of an IEEE standard that you can use either one of those at any time but it's pretty much just you know this one is kind of backwards compatible this one is less backwards compatible although you know 10 plus years after it happening you really really really really really want a esc cmp you want wpa2 because the other ones finally showed some vulnerabilities and some flaws and it's just plain slower because all the Wi-Fi chips have a crypto accelerator for AES on them so in as few words as possible you need to see an association with an access point either you are forcing it or it happens by itself at two o'clock in the morning at fill company name here if there's absolutely nobody there there's not going to be any associations or clients to knock off and light back on it's also a rough time for social engineering you know when the whole place is closed and the lights are off you're not going to get in by sweet-talking somebody who doesn't exist and if you show up at 7:00 a.m. when everybody starts coming to work you don't have to be loud and proud and do any kind of deal everybody's gonna hook up and you're going to see an association weird the early bird gets the handshake that's what I heard cool bring a breakfast burrito that's how that goes right the early bird is the handshake yeah you wanna do you want
me all right so what is unique about the network appreciate key so the vulnerability is the pre-shared key if you can grab enough of the handshake you can run a word list against it and if it is in that word list you will be successful so the vulnerability is you I mean let's be fair passwords suck we suck even amongst our team we've been cracking each other's handshakes because it's funny and we're lazy passwords are awful the standard specifically says from 10 plus years ago if this isn't at least 20 characters and not in the dictionary then it's not even close to secure password is 8 characters long which is the minimum that the standard allows and it will get you into way more networks than you think it does why I don't know just because it's the simplest possible thing password 1 capital P also works great usually for the open or for the guest networks at any company it's probably the company name it's probably on a post it next to the Secretary's desk or on the wall to again we are the vulnerability in WPA primarily this is not a password cracking class there are guys that do heavy crypto and they can do really cool stuff but the vast majority of the cool stuff is like permutations off of a word list that a human being might type because we're incompetent there's no real vulnerability here there's throwing huge expensive amounts of compute resources against something that is resistant to specifically that and that just happening to get lucky because people suck if you take a password out of like a line from your favorite show or your favorite song and it's nice and long in this case length is all that matters you you really 63 characters or shorter and you you really it you'll never get cracked with it let's just use WPS yeah don't use WPS I want type of it in yeah and who here's been in a conference where they say like connect to our secure Wi-Fi and it's open and or an airport or a hotel my other favorite is you go to a conference and they're like okay the pre-shared key is this if they put the pre-shared key on a sticky note how much does that do all you need to do is put that pre-shared key right into Wireshark and it will decode all of the traffic decrypt all of the traffic for everybody for you because that is the only thing that is missing in unlocking the crypto that's the key that's the whole key that's everything about the key and then you can decrypt everybody's traffic you can also put up your own network you know Here I am Def Con pre-shared key I make one tubes I know the pre-shared key and then you're on my network just the same pre-shared key is the only thing that secures you it's right there in the name pre-shared key as soon as it's known it's like pre shared public informations like posting your face next year driver's license on Twitter
yeh flow I love flow make sure you reconfigure your test network from DUP from web to WPA now if you were following along to hack the test networks your card should already be oh right I mean there in a few minutes if you don't mind we're just gonna finish this talk real quick and we're done hey thank you for thanks for coming so sure we were kidding sir you can sit back down we were kidding okay bye yeah there you go thank you free seat so the flow we're gonna go through we need to find the networks again we need identify what's going on we need to start collecting on the client on the access point in the client and we need to create because we are creating that Association we want to hurry up this process we don't want to watch it happen organically we want the we want the handshake now we're gonna do a D off you need to catch that handshake and then we're gonna crack it and it's a crypto contest at that point again we're talking about the reliable way to do it
where you send a D off and they really but there is also the lazy or quiet way of doing it where you just kind of show up and hang out outside the wireless village waiting for us to turn on our equipment in the morning before we open the door that works at the office too you show up at 6 o'clock you sip your coffee in the car while sniffing everybody else shows up they authenticate you didn't send a single packet you were dead silent you've got a hundred handshakes I mean everybody does Kali Linux what is it the quieter you are the louder everything is or something who has a Kali tattoo so same thing you do your initial scan you want to see what's going on in the air you say you know what I want to go after WCT f00 or the pretty fly for a Wi-Fi that you want to go after so who spelled
cypher like that was that you that was me oh my god get off the stage good I'm gonna leave that it's not okay you get off the stage for this whole slide I will do you can't talk anymore okay so WPA what is the safer this is something that air crack will tell you our arrow dump will show you right in there kids and I'll show you right as well if tkip is a very vulnerable cypher because it's based on our c4 and all it does is cycle the keys that are in use for the crypto but it's still basically WEP they just cycle the keys fast enough that you can't run that statistical attack on it anymore a sec MP again faster better crypto accelerator right on the card and really nice so definitely use that but if you don't there's some cool dos attacks you can use there in MDK 3 I'm not going to say much more about that because DOS is well probably the reason I'm getting 7k a second thanks kiddies and is there a client connected again and with no client there is no handshake with no handshake there is no cracking I'll talk a little bit at the end of this about the fact that that may or may not be true anymore but that's what's really important all right what's up I'm going to go through
Pete so you can come back up here now you can see here the cipher ccmp or tkip and those would be more or less it doesn't make a huge difference to you unless you want to run a toss attack or you want to optimize your network to suck less
so again D off pack it normally the Wi-Fi card handles replaying for you there's a very very sensitive back system in Wi-Fi where I say hey dude and you say ACK and I say it's great to see you do do you say ACK and I know that you got every single packet because you have to act each one of them individually in monitor mode we completely ignore that so I can set a D off and I will not know if you act it or not so normally we send like a few in this case it's a hundred is what we tell it to send aircrack decided that people are too conservative so for every one you tell aircraft to send it will send 64 so in this case we are sending 6400 D off packets which is not very stealthy but it does work pretty well the important thing is is setting 0 here will die off forever and if you don't stop D offing there will not be a reassociation and no cake at the party no but seriously there's no cake at the party and at this point with the W CTF we provide our own word list because it becomes a crypto contest house lucky is your password and if it's sucky enough if you have a sufficient password you will crack it or if you have a sufficient word list it will crack it air crack is a great tool for cracking it is reasonably accelerated it's been accelerated more and more this last couple of releases have been mostly about optimizations new CPU architectures that speed these things up and when you're cracking with a few Meg word lists that's fine when you start getting into I want to do permutations to dictionary attacks and crazy stuff like that both John the Ripper and hash cat support WPA formats and they're very accelerated GPU clusters and like you can absolutely crack all this that we're doing on like an Intel Atom from five years ago that's pink that you bought at Walmart for two hundred bucks but if you want to do real work most of these people have like X number of GPU clusters that cost half a million dollars and need their own AC units just you AWS yeah you could do AWS it doesn't actually cost all of your money just all of it bet a dollar oh boy
MBK 3 is for being a jerk that is the primary purpose of the tool it is for testing things we started off testing this morning by running a beacon flood attack at a thousand packets per second you're welcome and nobody's network manager was working it was really weird you'd think they'd test this crap Leonard Leonard pottering here no okay running everything through d-bus wasn't actually the best idea anyway it's really important to test things and this is a tool specifically for testing protocol abuses sending thousands of beacon packets is very abnormal and it makes things crash it makes things very unhappy it makes sniffers very unhappy if you're not doing proper filtering to make sure you're only capturing the things you care about which is why we stressed on you know filtering filtering is good you can run D off attacks with this you can run very targeted D off attacks with this you can run very untargeted D off attacks with this it is a useful tool and I encourage you strongly to test it at home and not on your neighbors and I really really mean that because as it turns out when you das a small city block people eventually get upset that was my job for a little while yes that is somebody's job if you run like a persistent D authenticate flood on a business for long enough they will actually fly out some asshole with the directional antenna and I will find you typically with the police in tow because I'm not that big I just seem that big some on this stage I'm twenty four inches shorter than this really so running the fog of war last night the team showed up early to try and see that they could catch off of us and in a short amount of time I gave them a gig and a half of garbage free wordlist yes I with the correct flags I used old word list from previous has WC TFS and I sent out all the thousands of words from those word lists as beacons so - - help gives you a little bit tells you what the initial flags are like a - a - B - C or just a B C and then - - full help drops a bunch of extra things underneath those sections and categories to let you know what other things that you can add to those to either be more specific or be more aggressive yeah I'm gonna spend the last
few minutes because I didn't bother develop any slides because none of my challenges we're working until right before this talk but I want to talk about the new stuff I want to talk about the elephant in the room and that is Adam from the hash cat team he's an elephant I mean an 800-pound gorilla I mean dudes awesome right he makes this sweet password cracker and he's got a whole bunch of team members that actually understand crypto as opposed to say me so while I am zero chaos there's this dude zero beat oh yeah zero beat who actually was going through looking for a halt in WPA 3 and failing that accidentally found one in wpa2 and publicly released it he swears there's more coming and I want to be his friend so hopefully he'll tell me all about them but about last week I guess last week there was a big announcement you know here's a random hash cat forum post not you know anything flashy but they released an attack on the pmk ID they didn't name it and give it a like a logo there was no logo there was no name it's like these people aren't douchebags it's weird right they could have called it p.m. crack okay we'll name this later and logo contest 50 points and the capture the flag logo contest coolest logo and name and we'll send it over to Adam and his guys so they can feel special that way we could get them in the press you know because you can't get a vulnerability in the press without a logo and a vulnerability name so anyway they came out with this attack and it's a really interesting attack it's basically attacking the fact that the access points sends you the same information as the handshake to negate the need for the handshake so it's part of high speed roaming protocols things called opportunistic key caching or a total of an AR will pass the pmk ID and the PMP ID is a known set of publicly available information plus the master key which you can then run up a standard dictionary attack against just the same as you could before the difference is is this is sent out when roaming is enabled on these access points in the first part of the handshake the way the handshake works is I'm a client and I say I want to connect to you mr. AP and the AP says here's your challenge and it includes everything I need to crack the key that might have been a poor design choice it's a feature it is a feature it speeds up the process because I can say oh we already have a pmk negotiated we don't need to do this anymore I'm just gonna start sending data at you but it also works as an attacker because the very first packet contains everything I need I can now legitimately try to connect to an Access Point and it will send me everything I need to crack it whereas before we had to wait for a legitimate client to go back and forth with the access point and then we'd capture that and crack that so it is a very interesting attack but for a couple of reasons the sky isn't falling number one on a pre-shared key network there is literally no reason for that to happen it's it's just something that's completely unnecessary there are a few implementations that do and those are probably be fixed shortly but even still it's not a new vulnerability it's just saving you watching that client you can force a handshake basically for yourself as opposed to waiting for a legitimate client which again at 2:00 a.m. when you're hacking your neighbor is a legitimately helpful thing I guess but when you're attacking a corporation or something like that you know when you do this for a living this is just unnecessary because you get legitimate handshakes it is slightly optimized in that a lot of times you get bad packets because the air is like that you're not literally in between the access point in the client so sometimes your packet gets corrupted in theirs didn't and you miss things so this is a nice reliable way to crack the key and that's a great improvement as well but it's not gonna speed up the cracking it's still a dictionary attack and it's it's again it's really cool but the sky did not fall so I think that's an important thing to note it's also a very interesting attack against eat networks all networks including the enterprise ones use a pmk they just derive it differently and the pmk ID is sent for those networks as well the difference is is the pmk changes constantly on a neat network on an enterprise network so by the time you crack it it's worthless also in that case you're cracking a 64 character key because it's generated by the enterprise network rather than a human and that's definitely a thing so next I still have like two minutes right allegedly a minute or so WPA three your prayers have been answered almost into IOT things with this oh my god the IOT is that's so cool I love the IR T's I want to capture some packets so WPA three has been a long time coming and when the cracks came out the crack attacks came out earlier this year and the fall people immediately jumped on to say like oh cool we've been working on WPA three forever what they meant to say was is there's a bunch of standards that had been sort of informational RFC s for years that were implemented by various people WPA supplicant and hostapd none was standing you better have brought club monta and a hug or at least a hug anyway I don't see any Monta so I'm just gonna keep giving my talk so WPA 3 has a bunch of standards that were generally kind of released but not standards track they were like informational RFC's that were used for mesh mode and things like that and they're not really brand-new the brand new part is that they're actually doing interoperability testing they're doing interoperability testing to prove this stuff all works together and it is really it I broke my mic thanks Ronnie anyway broke my mic and then she leaves my call where no I'm sad where was I WPA 3 has somebody like volunteer for that yeah I know I'll see you next time with the club Mott say ok thank you I miss you miss Club Monta - I have lunch in Germany so the handshake has changed the main difference being that the handshake for WPA is attackable offline and that means I can capture the handshake and that can run it on my high speed cracker the handshake for WPA 3 as defined by I think it's an informational RFC and then it's used a lot in 802 11 s for mesh mode devices it's a zero knowledge handshake which basically means that you're doing a full I'm not sharing anything about the key but I'm proving in a way I have it that you can also prove that you have it and then we're like it's some of that spooky shit that again not math guy don't understand but the whole point is it's supposed to be resistant to offline attacks you shouldn't be able to attack it the way we're attacking things now and an online attack means you are literally like trying every password against the access point one at a time until it takes one which as it turns out is slower and obvious you can walk into a room and say who are you looking for oh you're looking for John I'm John but you can't walk into a room and say you're looking for John you're looking for Frank Sam Sally I'm Sally it doesn't work right you can't just keep doing that over and over again maybe it's your neighbor you can well certainly not to a court operation or an enterprise is just not going to work so the whole idea is to improve that handshake mechanism which was so broken they also added in a few things which sadly are more optional than I'd like them to be they added in 802 11 W being part of the requirements the requirement is you must optionally support it which isn't really much of a freaking requirement it's 11 W is the signing of the D off packets so that people like me can't just make a million of them we're more likely people like you yeah I see you with that big antenna adding in those kinds of things to the standard makes the whole thing a little bit more robust takes care of the problems that we have today and helps us move forward WPA hasn't changed much in the last 10 years or so but there have been a couple of add-on standards that really made a difference so all this is is wrapping them in a nice little interoperability standard to allow us to actually take advantage of it because although things like management frame protection have been around forever things don't support it especially home access points don't support it you can't just check that box even open wrt you can't just check that box you have to go into the config file I know a config file I don't know it's hard there's no little GUI ok should be on by default it should be on my default it will be on by default and that's my promise to you so it's trying to solve a lot of the problems that we're having today and hopefully it's gonna do a really good job but as if right now nothing supports it and I don't think anybody's actually passed the tests and quite frankly Linux sure as shit doesn't so good luck folks thanks for playing and with that I'll take a small town [Applause]
Feedback