wifi wpa Wpa security

[MediaCresta]

Hi, Anyone know a attack for WPA TKIP attack like, the famous wep recover key (I have a bad English so I will write the same in spanish), I mean, not a social engineering attack or brute force hash attack. Exploiting this vulnerability " http://mobile.wi-fiplanet.com/news/article.php/3784251/WPA-Vulnerability-Discovered.htm ".

 

Hola, primero discúlpenme el inglés, no es mi idioma materno. quería saber si alguien sabe como explotar la vulnerabilidad de las claves WPA descritas en el hipervinculo, un ataque similar al wep para recuperar las claves. Gracias de antemano.

[i8igmac]

I guess its a matter of time before this exploit is publicly available... may take a few years. I'm excited to see it

[digip]

You're talking about a PTW attack, which Tkiptun-ng does. Only works on systems that use TKIP without AES, which most systems today, that use WPA with AES, or WPA2, aren't vulnerable to. Has to be specific to the attack. https://www.aircrack-ng.org/doku.php?id=tkiptun-ng explains in more detail.

Quote

General Requirements

Both the AP and the client must support QoS or sometimes called Wi-Fi Multi-media (WMM) on some APs.

The AP must be configured for WPA plus TKIP.

A fairly long rekeying time must be in use such as 3600 seconds. It should be at least 20 minutes.

Specific Requirements

The network card MAC address used by tkiptun-ng needs to be set to the MAC address of the client you are attacking.

 

[MediaCresta]

@digip thanks for your reply.

So if I want to make this attack, is the same process than the wep attack ?.

Reading the link that you post, I see that this kind of attack, isn't fully support by the aircrack suit, so it isn't functional ?, I will try it tomorrow.

 

[MediaCresta]

@i8igmac but, this vulnerability was discover nearly 2008. I do not know why there is almost no documentation about it.

[i8igmac]

digip set the facts.

Now thank i think of it. It is rare that I see this configuration 

[digip]

2 hours ago, MediaCresta said:

@digip thanks for your reply.

So if I want to make this attack, is the same process than the wep attack ?.

Reading the link that you post, I see that this kind of attack, isn't fully support by the aircrack suit, so it isn't functional ?, I will try it tomorrow.

 

Read the page. describes what works and doesn't, what is needed, but also that it was a POC, and not fully functional. It requires specific hardware and drivers to manage the attack and a setup scenario in place that allows the attack to happen, ie: QoS, TKIP, no AES/Encryption on the Router side with WPA. It is not a wep attack, although the chop-chop part I gather from aireplay-ng, was meant more as example to explain the method of attack, not that you would use a WEP chop-chop attack for things like IVs.

* Note, I stated incorrectly as "PTW attack". It was worked on by one of the Authors of the PTW attack ( which is for a specific type of WEP attack, see - https://www.aircrack-ng.org/doku.php?id=supported_packets ).