To attack multiple WEP and WPA encrypted networks at the same time. this tool is customizable to be automated with only a few arguments. wifite can be trusted to run without supervision.
Features :
- sorts targets by power (in dB); cracks closest access points first
- automatically deauths clients of hidden networks to decloak SSIDs
- numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)
- customizable settings (timeouts, packets/sec, channel, change mac address, ignore fake-auth, etc)
- all WPA handshakes are backed up to wifite.py’s current directory
- smart WPA deauthentication — cycles between all clients and broadcast deauths
- stop any attack with Ctrl+C — options: continue, move onto next target, skip to cracking, or exit
- switching WEP attack methods does not reset IVs
- intel 4965 chipset fake-authentication support; uses wpa_supplicant workaround
- SKA support (untested)
- displays session summary at exit; shows any cracked keys
- all passwords saved to log.txt
- built-in updater: ./wifite.py -upgrade
[click to continue…]
Researchers claim to be able to hijack cell-phone data connections.
In a presentation today at Black Hat Europe, a computer-security conference in Amsterdam, a group of researchers claimed to have found a way to hijack the data sent to and from mobile phones. The researchers say that the attack might be used to glean passwords or to inject malicious software onto a device.
Mobile phones are becoming ever more useful for transmitting data in addition to making voice calls, and they’re increasingly being used for sensitive activities such as online banking, as well as for searching the Internet and downloading mobile games.
The new attack relies on a protocol that allows mobile operators to give a device the proper settings for sending data via text message, according to Roberto Gassira, Cristofaro Mune, and Roberto Piccirillo, security researchers for Mobile Security Lab, a consulting firm based in Italy. By faking this type of text message, according to the protocol an attacker can create his own settings for the victim’s device. This would allow him to, for example, reroute data sent from the phone via a server that he controls. The researchers say that the technique should work on any handset that supports the protocol, as long as the attacker knows which network the victim belongs to and the network does not block this kind of message.
Some trickery is required to make the attack work, however. Ordinarily, to transfer settings to a device remotely, a mobile operator will first send a text message containing a PIN code. The operator will then send the message to reconfigure the phone. In order to install the new settings, the user must first enter the PIN.
[click to continue…]
As wireless networks evolve, so does the security encryption needed to protect them. As usual, the methods to hack this encryption evolves just as fast, so let’s take a look at how its done and how to protect yourself from these types of threats.
WEP-based encryption was the first to be developed, and therefore first to be easily cracked and made vulnerable. Then came WPA-based encryption which took the security up a level and introduced some new methods. Let’s look at some differences between the two. WEP, or Wired Equivalent Privacy, is a basic form of wireless security where both the “WAP” and the user are configured with an encryption key of either 64 bits or 128 bits in HEX. When someone connects to the network, the access point issues a “random challenge.” The user inputs the key which is encrypted with the “challenge answer.” If the answer is correct, the user is granted access to the network. WEP is easy to crack because the network key required to gain access is static, and with very little effort can be figured out.
WPA-based encryption, or Wi-Fi Protected Access, is similar in theory to WEP but doesn’t use a static network key, but rather a “Temporal Key Integrity Protocol (TKIP),” which changes keys with every data packet sent or received. This by itself makes WPA a very secure method for wireless networks, but the problem is that in most home-based environments, a “shared pass phrase” is used to access the network. If this pass phrase is any word found in the dictionary, a hacker can crack it through what is known as a “brute force dictionary attack.” While it may take a long time, it can be done.
Since WEP can be easily cracked, we’ll focus on educating you on how your WPA-encrypted wireless network can be cracked and made vulnerable to attacks as well, and how to prevent this from happening, or at least lower your risk considerably. With WPA, there’s two different versions; PSK and RADIUS. In the simplest terms, PSK is hackable and RADIUS is not. PSK uses the TKIP process I mentioned above to authenticate the network, and therefore makes it vulnerable to cracking. While WPA is indeed much more secure than WEP, only WPA-RADIUS is un-crackable. Ninety percent of access points and home wireless routers don’t even support WPA-RADIUS, only advanced enterprise-based routers do, which leaves most WPA-secured home-based networks almost as vulnerable as WEP-secured networks.
[click to continue…]
You can leech free wifi from some paid hotspots by monkeying around with the URLs. Most paid wifi hotspots accept your browser’s request and then redirect you to a login page where you need to pay to access the network. But some systems of this nature are set up in such a way that images and other direct file requests seem to slip through without the redirect to the login page. It’s essentially an oversight on the network administrator’s part, so it may not work with every hotspot. But here’s the hack: just append
?.jpg to the end of your queries to trick the network into loading the full webpage for free. The browser passes this info along as an extra parameter and the site in question will likely just ignore it, loading the page as normal. Of course this tip comes from a blog post that’s nearly two years old, so there’s no guarantees. But here’s the basic code, which I pulled from a commenter on Lifehacker’s write up:
if (window.location.toString().match(".jpg") == null) { window.location.replace(window.location + '?.jpg'); }
Save that as JavaScript file and add it to Firefox via Greasemonkey and give it a shot. Of course since there are plenty of free networks in most places, there isn’t much point to hacking paid networks. But for situations like airports, hotels and other isolated, expensive networks, it could come in handy.
[click to continue…]
