Search the Community
Showing results for tags 'wi-fi'.
Found 3 results
dEEpEst posted a topic in Free Ebook HackingThis is a real world, highly advanced Wi-Fi hacking course, exactly what you are looking for. This course will teach you to hack Wi-Fi networks' securities, routers, break all types of encryptionand monitor the traffics. This course is special, because: It is full of up-to-date Information The tools used in this course are updated It shows the most effective methods for hacking any Wi-Fi network Every lecture is clearly explained in details with nice examples A Facebook group dedicated to special support for better experience And many more… We'll perform all of our attacks on: • Linux • Windows By the time you finish this course, you will have the full concept of Wi-Fi networks. You will learn to break any type of Wi-Fi encryption (WEP, WPA/WPA2), gain access to the network and take full control of it. You will understand yourself how to protect your own Local Area Network (LAN) and can take necessary steps if needs. This course is also beginner friendly. Even if you are just starting your journey to the hacking world, don’t worry. It will be the most amazing experience in the hacking world you'll have, and I am here to guide you based on my 7 years of real life experience in Cybersecurity. The sections are organized for better understanding this course. If have any question regarding anything of this course, I will be happy to assist you. So what are you waiting for? Come join me. See you in the course, and I am sure you are going to enjoy it. Who is this course for? Anyone who is Interested in Hacking or Wi-Fi Hacking. Source: [Hidden Content] Download: [HIDE] [Hidden Content]]
1337day-Exploits posted a topic in Updated ExploitsTranscend Wi-Fi SD Card 16GB with firmware 1.8 suffers from cross site request forgery and directory traversal vulnerabilities. View the full article
yoyohoneysinger posted a topic in Video TutorialsWPA2 is a 13-year-old WiFi authentication scheme widely used to secure WiFi connections, but the standard has been compromised, impacting almost all Wi-Fi devices—including in our homes and businesses, along with the networking companies that build them. Dubbed KRACK—Key Reinstallation Attack—the proof-of-concept attack demonstrated by a team of researchers works against all modern protected Wi-Fi networks and can be abused to steal sensitive information like credit card numbers, passwords, chat messages, emails, and photos. Since the weaknesses reside in the Wi-Fi standard itself, and not in the implementations or any individual product, any correct implementation of WPA2 is likely affected. According to the researchers, the newly discovered attack works against: Both WPA1 and WPA2, Personal and enterprise networks, Ciphers WPA-TKIP, AES-CCMP, and GCMP In short, if your device supports WiFi, it is most likely affected. During their initial research, the researchers discovered that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by the KRACK attacks. It should be noted that the KRACK attack does not help attackers recover the targeted WiFi's password; instead, it allows them to decrypt WiFi users' data without cracking or knowing the actual password. So merely changing your Wi-Fi network password does not prevent (or mitigate) KRACK attack. Here's How the KRACK WPA2 Attack Works (PoC Code): Discovered by researcher Mathy Vanhoef of imec-DistriNet, KU Leuven, the KRACK attack works by exploiting a 4-way handshake of the WPA2 protocol that's used to establish a key for encrypting traffic. For a successful KRACK attack, an attacker needs to trick a victim into re-installing an already-in-use key, which is achieved by manipulating and replaying cryptographic handshake messages. The research [PDF], titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2, has been published by Mathy Vanhoef of KU Leuven and Frank Piessens of imec-DistriNet, Nitesh Saxena and Maliheh Shirvanian of the University of Alabama at Birmingham, Yong Li of Huawei Technologies, and Sven Schäge of Ruhr-Universität Bochum. The team has successfully executed the key reinstallation attack against an Android smartphone, showing how an attacker can decrypt all data that the victim transmits over a protected WiFi. You can watch the video demonstration above and download proof-of-concept (PoC) code from Github. The researchers say their key reinstallation attack could be exceptionally devastating against Linux and Android 6.0 or higher, because "Android and Linux can be tricked into (re)installing an all-zero encryption key (see below for more info)." However, there's no need to panic, as you aren't vulnerable to just anyone on the internet because a successful exploitation of KRACK attack requires an attacker to be within physical proximity to the intended WiFi network. WPA2 Vulnerabilities and their Brief Details The key management vulnerabilities in the WPA2 protocol discovered by the researchers has been tracked as: CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the four-way handshake. CVE-2017-13078: Reinstallation of the group key (GTK) in the four-way handshake. CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the four-way handshake. CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake. CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake. CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it. CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake. CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake. CVE-2017-13087: reinstallation of the group key (GTK) while processing a Wireless Network Management (WNM) Sleep Mode Response frame. CVE-2017-13088: reinstallation of the integrity group key (IGTK) while processing a Wireless Network Management (WNM) Sleep Mode Response frame. The researchers discovered the vulnerabilities last year, but sent out notifications to several vendors on July 14, along with the United States Computer Emergency Readiness Team (US-CERT), who sent out a broad warning to hundreds of vendors on 28 August 2017. In order to patch these vulnerabilities, you need to wait for the firmware updates from your device vendors. According to researchers, the communication over HTTPS is secure (but may not be 100 percent secure) and cannot be decrypted using the KRACK attack. So, you are advised to use a secure VPN service—which encrypts all your Internet traffic whether it’s HTTPS or HTTP. You can read more information about these vulnerabilities on the KRACK attack's dedicated website, and the research paper. The team has also released a script using which you can check whether if your WiFi network is vulnerable to the KRACK attack or not.