Jump to content

How does karma attack work on multiple devices in the same time?

mooooon

By mooooon
in Security

Recommended Posts

digininja Grand Master

digininja

Posted
Posted
8 hours ago, mooooon said:

Prob requests from an ap ... would that make sense ?  

You really need to work on your terminology, probes don't come from an AP, they come from a client.

 

8 hours ago, mooooon said:

Aircrack doesn't provide an option for probes listening only.

You can get lists of probe requests from Aircrack-ng.

Link to comment
Share on other sites
mooooon Newbie

mooooon

Posted
  • Author
Posted
14 hours ago, digininja said:

You really need to work on your terminology, probes don't come from an AP, they come from a client.

 

You can get lists of probe requests from Aircrack-ng.

i know ... but how else can i see the probes from certain clients only without knowing them exactly other than monitoring the network they are on? then their probes shows.

aircrack ? clients .... what parameter ... aireplay only what provides client parameter ..... aircrack just writes the data to a cap file how can i extract them for that file .? i know about the wireshark filter for probes

wlan.fc.type_subtype == 4 

but then after exporting specified packets .... how would i view it wouldn't it be mess ? and need some regex and stuff. 

 

10 hours ago, digininja said:

I strongly recommend you go through this Wifi Primer from Security Tube, it will help you understand a lot more about how wifi works and its vulnerabilities.

http://www.securitytube.net/groups?operation=view&groupId=9

they are kinda old i wish if they were updated version them ... also i think i know the basics anyway ..... the videos are down too

Quote

This video does not exist.

 

 

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

Airodump-ng, part of the Aircrack-ng suite of tools sniffs traffic and will log what you want.

If a client is using randomised MAC addressees when probing, then you won't be able to work out which are from a specific client, if they aren't then you just look for all the probes from your chosen MAC.

I'll tell Vivek about the videos being down. Despite them being old, they still give a very good base for WiFi as the low level concepts don't change.

Link to comment
Share on other sites
mooooon Newbie

mooooon

Posted
  • Author
Posted
3 hours ago, digininja said:

they still give a very good base for WiFi as the low level concepts don't change.

Tell that to wpa 3 .

3 hours ago, digininja said:

Airodump-ng, part of the Aircrack-ng suite of tools sniffs traffic and will log what you want.

If a client is using randomised MAC addressees when probing, then you won't be able to work out which are from a specific client, if they aren't then you just look for all the probes from your chosen MAC.

But does the --bssid option work on clients?  ... also thats why monitoring the network they are on would help.. as i don't need to know them or their mac and the probes are being showing there in the probes column.

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted
2 hours ago, mooooon said:

Tell that to wpa 3 .

6 hours ago, digininja said:

If you understood the basics then you would understand that none of the WPA or WEP family would be affected by Karma.

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

If the client expects the network to be encrypted and it isn't, it will try to connect, find out that WPA isn't offered, and then disconnect. You could setup a WPA version of the network, collect message two of the 4 way handshake, take that away and try to crack it, but it wouldn't be instant, and the server would not be able to authenticate itself to the client in message 4 of the handshake so the client would disconnect.

For a standard Karma attack, which is to lure clients to connect to your open wifi network, the client expecting WPA or WEP will prevent the attack.

Link to comment
Share on other sites
mooooon Newbie

mooooon

Posted
  • Author
Posted
22 hours ago, digininja said:

If the client expects the network to be encrypted and it isn't, it will try to connect, find out that WPA isn't offered, and then disconnect

hmm but why try when it can just check ? 

 

 

22 hours ago, digininja said:

You could setup a WPA version of the network, collect message two of the 4 way handshake, take that away and try to crack it, but it wouldn't be instant,

 

22 hours ago, digininja said:

the client expecting WPA or WEP will prevent the attack.

that's why i said 

Quote

 

3-after capturing a Good number of handshakes then start brute forcing

4- when it cracks a weak one.. broadcast it to get the victims connected

 

as mostly you can't control the security of the networks that get saved on your phone maybe it's a friends one that have a weak pass ... i am sure that there is always a network on everyone device with a weak password..

so anyway they get auto connected after that so it can be considered a karma attack ( getting them to auto connect despite their will ) 

and about WEP 
if the network is saved you can get it to auto connect even if you don't know the password 
https://www.wifi-libre.com/topic-756-una-historia-de-rogue-ap-el-pdf-de-koala-traducido-al-espanol.html

also what about krack ?  in the demonstration video he gets the victim to auto connect to his network without knowing the password.... ,right ?

Link to comment
Share on other sites
mooooon Newbie

mooooon

Posted
  • Author
Posted
54 minutes ago, digininja said:

OK, obviously you know your stuff so don't really need any help, good luck with it all.

Anyway in a term of 5 months i was writing suggestions to a friend about similar ideas  ... wanna check them ? ( i wish i get time/skill to achieve part of them)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...