Jump to content

Anavrin

Active Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

 Content Type 

Posts posted by Anavrin

    Wireless Encryption

    in WiFi Pineapple Mark IV

    Posted · Edited by Anavrin

    I was talking about WEP keys, not WPA, I though my quote from your post would've been self-explanatory, oh well...

    Let me re-phrase my question;

    If we force a station to try and authenticate with us via Karma or something,

    we send him a challenge, the station encrypt it with the WEP keys,

    we then try to decrypt the ciphertext with a dictionnary file until the result equals the plaintext challenge which we already know since we created it.

    I was asking if this concept was somewhat practicable, or is there some hidden trickery that would prevent this attack.

    It is less convenient than AP-targeted WEP cracking, but it would be a very effective and decentralized way to mass harvest a lot potential weak WEP keys for multiple AP, 4-ways handshake style, but better.

    Wireless Encryption

    in WiFi Pineapple Mark IV

    Posted · Edited by Anavrin

    As far as the Pineapple is concerned we can send the challenge and accept any response the client sends to authenticate the client but we would then be stuck without the key to encrypt/decrypt the traffic so we couldn't actually talk to the client.

    May be a dumb question, but couldn't we conduct a bruteforce / dictionary attack with that?

    I mean we made the challenge, so we know the paintext of the encrypted challenge response.

    Wouldn't it be possible to retrieve the key by taking the plaintext, encrypting it with a bunch of keys listed in a dictionary and compare it to the challenge response?

    It sure not as convenient as classical WEP cracking, although more convenient than WPA cracking since you don't need the client to explicitly (re)connect to the target AP.

×
×
  • Create New...