Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "wpa2"
So WPA2 has been broken.
That's quite a bad news coming so shortly after the BlueBourne vulnerability was discovered
Read more here if interested:
Wi-Fi WPA2 has supposedly been successfully hacked and a proof of concept is supposed to be released later today. Thoughts? Link below.
FYI to anyone following the Krack WPA2 vulnerability
A testing suite in python has made its way to github.
Last night I was exploring the feasibility of cracking the WPA2 key of my own router at home. I set out on a late night adventure, set up a couple devices and, knowing the default password convention of the manufacturer, setup a Hashcat instance with the relevant masks on my laptop, created a Crunch wordlist and ran aircrack on my Raspberry Pi 3, and thought "Hey - maybe there's something for Android too."
Hashcat on Android is a cat based social media app. I'm a little scared.4
TIL if you know the password for a WIFi SSID, you can replicate it with your hardware. All devices that have credentials for that SSID will connect to yours if your signal is stronger. The encryption just needs to be the same (wpa2/wep) The underlying UUID doesn’t matter.
Not bad for a quick and dirty man-in-the-middle attack. The WiFi spec needs a bit more work.
TLS all the things!4
I was trying to crack my own wifi using airmon-ng but found out applying brute force will take up to 237 years!(11 lower case character password )
Is there any other way to crack my WPA2 (psk) more efficiency?9
Hey guys, I don't want to shock you, but I just found out something very important that nobody of you knows:
WPA2 is broken.
Now thank me and give me plusses for I am the first and only one to have given you this important piece of information.4
There’s no place like home,
Where the internet’s busted,
Cellular data is shit,
And right in the corner of nowhere,
Here I was enjoying my day off, no work, the office chat group is silent, just me and my ps4 playing detroit, while downloading some other games,
Until the wifi suddenly disconnects, and I’m unable to reconnect due to “the security method might not be correct” error,
As I was about to look it up, somehow my phone wifi connection is also acting up, then I tried to forget the ssid and reconnect, it keeps saying “incorrect password”,
Angry and bitter, I took my laptop and starts pulling all the cables to find out which one I can tap into the modem with, just my luck, it was the one at the farthest end of the house, installed to another switch,
Then I checked the wifi settings, took me some time to figure out the modem’s password, lo and behold, the password’s still the same, security setting is set to WPA/WPA2-PSK [AES], as far as I know/remember the configuration hasn’t changed, what the fuck??
After that I tried changing the security configurations, going back and forth from the other end of the house back to near the modem to try connecting to it, changing the ssid, changing the password, restarting the modem many times, with no avail, same error, on both devices,
Well, shit, I’m probably looking in the wrong place anyway, hopefully it sorted itself by tomorrow,
Fucking christ this year is a fucking shitfest:
- wpa2 krack
- "DUHK Attack Lets Hackers Recover Encryption Key Used in VPNs & Web Sessions"
- "Hacker Hijacks CoinHive's DNS to Mine Cryptocurrency Using Thousands of Websites"
- "Bad Rabbit: New Ransomware Attack Rapidly Spreading Across Europe"
My fucking router didn't yet get patched, my fucking phone is outdated and I can't change to my patched one because devrant just shits the bed in extended desktop mode. Windows 8.1 loses support in 3 months, rendering my last chance of using it on my surface pro done, making me use windows 10 with its fucking shit ass not optimized tablet interface. I have just fucking constant paranoia what else could be hacked tomorrow, nothing is fucking safe anymore for fucks sake. I even went as far as implement 3 step auth and intrusion detection on my shitty ass VPS nodes, fucking give me a break you fucking assholes.5
Years ago I was working in local cinema as a student job from time to time and used to sleep after shifts at my uncle's. Uncle did not had internet but there were so many wlans all around. Since I had nothing to do for hours after shift, I downloaded Backtrack linux at home, made live dvd of it and saved a two articles of "how to hack wifi" to text files.
It took me 4 hours to break WEP, since I was total lame, and it was the only one WEP around. They also had mac restrictions set to router, so I changed my mac address to one of their devices, logged in to router and added our mac address. For my uncle it was complete magic but since he is total geek to linux he liked it.
Fast forward weeks later. When I came to my uncle's house he was downloading like ton of linux distributions. Literally each one. Gigabytes of data. I told him not to do so because sooner or later neighbour will notice, but he did not care. Guess what, he notices, probably slow internet and (maybe) bigger bills, I do not know, but owner just changed protocol to WPA2, not changing password. So the story continued for almost 2 years. Felt a bit sorry for neighbour but did not expect such an outcome. I just wanted to watch youtube videos and scroll social networks, keeping low profile so no one notice.1
Linux has been around since back when dinosaurs punched holes in cards, but for some reason it still takes a few hours of googling and error debugging to do something as basic as connect to a wpa2-enterprise wifi network.
What the fuck? Where's the "connect to any standard work or school wifi network" command line utility distributed with all os flavors? Why can't I just put in a username and password and be done with it instead of sudo editing networking adapter configuration files manually?3
!rant && story
tl;dr I lost my path, learned to a lot about linux and found true love.
So because of the recent news about wpa2, I thought about learning to do some things network penetration with kali. My roommate and I took an old 8gb usb and turned it into a bootable usb with persistent storage. Maybe not the best choice, but atleast we know how to do that now.
Anyway, we started with a kali.iso from 2015, because we thought it would be faster than downloading it with a 150kpbs connection. Learned a lot from that mistake while waiting apt-get update/upgrade.
Next day I got access to some faster connection, downloaded a new release build and put the 2015 version out it's misery. Finally some signs of progress. But that was not enough. We wanted more. We (well atleast I) wanted to try i3, because one of my friends showed me to /r/unixporn (btw, pornhub is deprecated now). So after researching what i3 is, what a wm is AND what a dm is, we replaced gdm3 with lightdm and set i3 as standard wm. With the user guide on an other screen we started playing with i3. Apparently heaven is written with two characters only. Now I want to free myself from windows and have linux (Maybe arch) as my main system, but for now we continue to use thus kali usb to learn about how to set uo a nice desktop environment. Wait, why did we choose to install kali? 😂
I feel kinda sorry for that, but I want to experiment on there before until I feel confident. (Please hit me up with tips about i3)
Still gotta use Windows as a subsystem for gaming. 😥3
So, WPA2 was proven not fully secure. Wonder how much time it will take for most devices to be patched...2
Don't know it I should spend 15 + hrs trying to crack my neighbors WPA2 setup or if I should just move on to another target. P.S. Nothing unethical that I do4