Upload
manish-landeri
View
50
Download
0
Tags:
Embed Size (px)
DESCRIPTION
wifi hacking
Citation preview
SecurityTube.net
Cracking WPA/WPA2 Personal + Enterprise for Fun and Prot
Vivek Ramachandran Founder, SecurityTube.net [email protected]
SecurityTube.net
Shameless Self PromoHon
WEP Cloaking Defcon 19
Cae LaNe ANack Toorcon 9
MicrosoP Security Shootout
Wi-Fi Malware, 2011
802.1x, Cat65k Cisco Systems
B.Tech, ECE IIT GuwahaH
Media Coverage CBS5, BBC Trainer, 2011
SecurityTube.net
SecurityTube.net
Students in 65+ Countries
SecurityTube.net
Backtrack 5 Wireless PenetraHon TesHng
hNp://www.amazon.com/BackTrack-Wireless-PenetraHon-TesHng-Beginners/dp/1849515581/
SecurityTube.net
Agenda
WPA/WPA2 PSK Cracking Speeding up the cracking process AP-less WPA/WPA2 PSK Cracking Hole 196 WPS ANack Windows 7+ Wi-Fi Backdoors WPA/WPA2 Enterprise PEAP, EAP-TTLS
SecurityTube.net
Understanding WPA/WPA2
SecurityTube.net
Why WPA - WEP Broken Beyond Repair
AirTight 2007
2001 - The insecurity of 802.11, Mobicom, July 2001 N. Borisov, I. Goldberg and D. Wagner.
2001 - Weaknesses in the key scheduling algorithm of RC4. S. Fluhrer, I. ManHn, A. Shamir. Aug 2001.
2002 - Using the Fluhrer, ManHn, and Shamir ANack to Break WEP A. Stubbleeld, J. Ioannidis, A. Rubin.
2004 KoreK, improves on the above technique and reduces the complexity of WEP cracking. We now require only around 500,000 packets to break the WEP key.
2005 Adreas Klein introduces more correlaHons between the RC4 key stream and the key.
2007 PTW extend Andreas technique to further simplify WEP Cracking. Now with just around 60,000 90,000 packets it is possible to break the WEP key.
IEEE WG admi6ed that WEP cannot hold any water. Recommended users
to upgrade to WPA, WPA2
SecurityTube.net
We need WEPs Replacement
WPA WPA2
Intermediate soluHon by Wi-Fi Alliance Uses TKIP
Based on WEP Hardware changes not required Firmware update
Long Term soluHon (802.11i) Uses CCMP
Based on AES Hardware changes required
Personal Enterprise Personal Enterprise
PSK PSK 802.1x + Radius 802.1x + Radius
SecurityTube.net
WEP
Probe Request-Response AuthenHcaHon RR, AssociaHon RR
StaCc WEP Key StaCc
WEP Key
Data Encrypted with Key
SecurityTube.net
WPA: No StaHc Keys
Probe Request-Response AuthenHcaHon RR, AssociaHon RR
StaCc WEP Key StaCc
WEP Key
Data Encrypted with Dynamically Key
Dynamic Key Generated First
How are Dynamic Keys Created?
SecurityTube.net
WPA/WPA2 PSK (Personal) Cracking
SecurityTube.net
WPA Pre-Shared Key
Passphrase (8-63)
PBKDF2
Pre-Shared Key 256 bit
SecurityTube.net
PBKDF2
Password Based Key DerivaHon FuncHon RFC 2898 PBKDF2(Passphrase, SSID, ssidLen, 4096, 256) 4096 Number of Hmes the passphrase is hashed
256 Intended Key Length of PSK
SecurityTube.net
Lets Shake Hands: 4-Way Handshake
AuthenHcator Supplicant Probe Request-Response AuthenHcaHon RR, AssociaHon RR
Pre-Shared Key 256 bit Pre-Shared Key 256 bit
Message 1
ANounce ANounce
SecurityTube.net
4 Way Handshake: Message 1
AuthenHcator Supplicant Probe Request-Response AuthenHcaHon RR, AssociaHon RR
Pre-Shared Key 256 bit Pre-Shared Key 256 bit
Message 1
ANounce
Snounce
PTK
SecurityTube.net
4 Way Handshake: Message 2
AuthenHcator Supplicant Probe Request-Response AuthenHcaHon RR, AssociaHon RR
Pre-Shared Key 256 bit Pre-Shared Key 256 bit
Message 1
ANounce
Snounce
PTK Message 2 SNounce
SecurityTube.net
4 Way Handshake: Message 3
AuthenHcator Supplicant Probe Request-Response AuthenHcaHon RR, AssociaHon RR
Pre-Shared Key 256 bit Pre-Shared Key 256 bit
Message 1
ANounce
Snounce
PTK Message 2 Snounce + MIC
Message 3
Key InstallaHon
PTK
Key Installed
SecurityTube.net
4 Way Handshake: Message 4
AuthenHcator Supplicant Probe Request-Response AuthenHcaHon RR, AssociaHon RR
Pre-Shared Key 256 bit Pre-Shared Key 256 bit
Message 1
ANounce
Snounce
PTK Message 2 Snounce + MIC
Message 3
Key InstallaHon
PTK
Message 4 Key Install Acknowledgement
Key Installed
Key Installed
SecurityTube.net
Demo
How does the Handshake look like?
SecurityTube.net
A Quick Block Diagram
Passphrase (8-63)
PBKDF2 (SSID)
Pre-Shared Key 256 bit
SNonce ANonce AP MAC
Client MAC
4 Way Handshake
PTK
SecurityTube.net
WPA-PSK DicHonary ANack
Passphrase (8-63)
PBKDF2 (SSID)
Pre-Shared Key 256 bit
SNonce ANonce AP MAC
Client MAC
4 Way Handshake
PTK
DicHonary Verify by Checking the MIC
SecurityTube.net
Demo
WPA/WPA2 Personal Cracking
SecurityTube.net
BoNleneck in the WPA-PSK DicHonary ANack
Passphrase (8-63)
PBKDF2 (SSID)
Pre-Shared Key 256 bit (PMK)
SNonce ANonce AP MAC
Client MAC
4 Way Handshake
PTK
DicHonary Verify by Checking the MIC
SecurityTube.net
PBKDF2
Requires SSID List of commonly used SSIDs
Requires Passphrase Can be provided from a DicHonary
PMK can be pre-computed using the above
SecurityTube.net
Other Parameters in Key Cracking
Snonce, Anonce, Supplicant MAC, AuthenHcator MAC varies and hence cannot be pre-calculated
PTK will be dierent based on the above MIC will be dierent as well
Thus these cannot be pre-calculated in any way
SecurityTube.net
Speeding up Cracking
SNonce ANonce AP MAC
Client MAC
4 Way Handshake
PTK
Verify by Checking the MIC
Pre-Shared Key 256 bit (PMK)
Pre-Calculated List of PMK for a 1. Given SSID 2. DicHonary of Passphrases
SecurityTube.net
Plaqorms
MulH-Cores ATI-Stream Nvidia CUDA . In the Cloud Amazon EC2
SecurityTube.net
Fast Cracking Demo
Pyrit hNp://code.google.com/p/pyrit/
SecurityTube.net
Demo
Speeding up WPA/WPA2 Personal Cracking
SecurityTube.net
In the Cloud EC2 Cluster Compute
SecurityTube.net
AP-less WPA/WPA2 PSK Cracking
SecurityTube.net
Understanding Clients
SSID: default
Client
SSID CredenCals
Default
SecurityTube
ProtectedAP ********
.
SecurityTube.net
An Isolated Client
SecurityTube.net
Demo
Isolated Client Behavior
SecurityTube.net
Demo
CreaHng a Catch All Honeypot
SecurityTube.net
Cracking WPA with Only Client?
Hacker Honeypot
Supplicant Probe Request-Response AuthenHcaHon RR, AssociaHon RR
Pre-Shared Key 256 bit Pre-Shared Key 256 bit
Message 1
ANounce
Snounce
PTK Message 2 Snounce + MIC
DeAuthenHcaHon
SecurityTube.net
WPA-PSK DicHonary ANack
Passphrase (8-63)
PBKDF2 (SSID)
Pre-Shared Key 256 bit
SNonce ANonce AP MAC
Client MAC
4 Way Handshake
PTK
DicHonary Verify by Checking the MIC
SecurityTube.net
Demo
WPA/WPA2 AP-less Cracking
SecurityTube.net
WPA/WPA2 Personal Safe for use in SMB Long + Random Passphrase?
SecurityTube.net
WPA/WPA2 GTK Misuse Vulnerability (Hole 196)
SecurityTube.net
PTK and GTK
PTK1 GTK-Common
PTK1 GTK-Common
PTK1 GTK-Common
Pairwise Transient Key (PTK) Unique for All Clients Group Temporal Key (GTK) Same for All Clients
Access Point
Client 1 Client 2 Client 3
SecurityTube.net
Abusing the GTK
Insider ANack Malicious Insider can gain access to the common GTK
Use GTK to send trac to Clients on behalf of the AP
MulHple ANacks possible MITM RedirecHon DoS
SecurityTube.net
ARP Spoong ANack
Wired LAN
Access Point
User Laptop Malicious Insider
1. Gateway ARP Update
SecurityTube.net
DoS using Replay ANack ProtecHon PN = 1000 PN = 1000
PN = 1001
PN = 1500
PN = 1001
PN = 1500
PN = 1002
Malicious Insider
SecurityTube.net
WPS ANack
SecurityTube.net
Whats Wrong with WPS?
images from Google Image Search
SecurityTube.net
WPS Bruteforce Demo
DemonstraHon
SecurityTube.net
Windows 7 Wi-Fi Backdoors
SecurityTube.net
Available Windows 7 and Server 2008 R2 onwards Virtual adapters on the same physical adapter SoPAP can be created using virtual adapters
DHCP server included With this feature, a Windows computer can use a single physical wireless adapter to connect as a client to a hardware access point (AP), while at the same ;me ac;ng as a so
SecurityTube.net
CreaHng a Hosted Network
SecurityTube.net
Client sHll remains connected to hard AP!
SecurityTube.net
Demo of Hosted Network
DemonstraHon
SecurityTube.net
Wi-Fi Backdoor
Easy for malware to create a backdoor They key could be: Fixed Derived based on MAC address of host, Hme of day etc.
As host remains connected to authorized network, user does not noHce a break in connecHon
No Message or Prompt displayed
SecurityTube.net
Makes a Rogue AP on every Client!
Rogue AP Rogue AP
Rogue AP
SecurityTube.net
Why is this cool?
VicHm will never noHce anything unusual unless he visits his network sexngs has to be decently technical to understand
ANacker connects to vicHm over a private network no wired side network logs: rewalls, IDS, IPS Dicult, if not impossible to trace back Dicult to detect even while aNack is ongoing J
Abusing legiHmate feature, not picked up by AVs, AnH-Malware
More Stealth? Monitor air for other networks, when a specic network comes up, then start the Backdoor
SecurityTube.net
Demo of Metasploit + Hosted Network
DemonstraHon
SecurityTube.net
WPA-Enterprise
SecurityTube.net
WPA-Enterprise
AssociaHon
AuthenHcator Supplicant
AuthenHcaHon Server
EAPoL Start
EAP Request IdenHty EAP Response IdenHty
EAP Request IdenHty
EAP Packets
EAP Packets EAP Success
EAP Success PMK to AP
4 Way Handshake
Data Transfers
SecurityTube.net
WPA/WPA2 Enterprise
EAP Type Real World Usage
PEAP Highest
EAP-TTLS High
EAP-TLS Medium
LEAP Low
EAP-FAST Low
. .
SecurityTube.net
PEAP
Protected Extensible AuthenHcaHon Protocol Typical usage: PEAPv0 with EAP-MSCHAPv2 (most popular)
NaHve support on Windows PEAPv1 with EAP-GTC
Other uncommon ones PEAPv0/v1 with EAP-SIM (Cisco)
Uses Server Side CerHcates for validaHon PEAP-EAP-TLS AddiHonally uses Client side CerHcates or Smartcards Supported only by MicrosoP
SecurityTube.net Source: Layer3.wordpress.com
SecurityTube.net
Understanding the Insecurity
Server side cerHcates Fake ones can be created Clients may not prompt or user may accept invalid cerHcates
Setup a Honeypot with FreeRadius-WPE Client connects Accepts fake cerHcate Sends authenHcaHon details over MSCHAPv2 in the TLS tunnel ANackers radius server logs these details Apply dicHonary / reduced possibility bruteforce aNack using Asleap by Joshua Wright
SecurityTube.net
Network Architecture
BT5 VM
FreeRadius-WPE + Wireshark 1
eth1
mon0 Wireshark 2
Honeypot AP setup by ANacker
SecurityTube.net
PEAP Cracking with Honeypot
DemonstraHon
SecurityTube.net
Windows PEAP Hacking Summed Up in 1 Slide J
SecurityTube.net
EAP-TTLS
EAP-Tunneled Transport Layer Security Server authenHcates with CerHcate Client can opHonally use CerHcate as well No naHve support on Windows 3rd party uHliHes to be used
Versions EAP-TTLSv0 EAP-TTLSv1
SecurityTube.net
Inner AuthenHcaHon in EAP-TTLS
MSCHAPv2 MSCHAP CHAP PAP
SecurityTube.net
EAP-TTLS Cracking with Honeypot
DemonstraHon
SecurityTube.net
Leverage the Cloud
SecurityTube.net
EAP-TLS Peace of Mind!
Strongest security of all the EAPs out there Mandates use of both Server and Client side cerHcates
Required to be supported to get a WPA/WPA2 logo on product
Unfortunately, this is not very popular due to deployment challenges
SecurityTube.net
SecurityTube Wi-Fi Security DVD
hNp://www.securitytube.net/