WIFI
WIFI¶
> 802.11
is a common standard for wireless LANs today, common authentication methods
> - Do not enable security
> - WEP
> - WPA/WPA2-PSK
(pre-shared key)
> - PA/WPA2 802.1X
(radius
certification)
WPA-PSK¶
The general process of certification is as follows
Four handshakes
- The 4th handshake starts at the validator (AP), which generates a random value (ANonce) to send to the requester.
- The requester also generates its own random SNonce, and then uses these two Nonces and PMK to generate the PTK. The requester replies message 2 to the verifier, and also has a MIC (message integrity code) as the verification of the PMK.
- It first verifies the MIC and other information sent by the requester in message 2. After the verification is successful, the GTK is generated if necessary. Then send the message 3
- The requester receives message 3, verifies the MIC, installs the key, sends a message 4, and a confirmation message. The verifier receives message 4, verifies the MIC, installs the same key
Example¶
> Experiment: shipin.cap
From a large number of Deauth
attacks, it can be judged that it is a traffic attack when cracking wifi
At the same time, the handshake packet information was successfully discovered.
Next run the password
linux
:aircrack
kitwindows
:wifipr
, faster thanesaw
,GTX850
can be close to10w\s :
)
Get the password 88888888
in wireshark
Edit -> Preferences -> Protocols -> IEEE802.11 -> Edit
Fill in the form key:SSID
to decrypt the wifi
package to see the clear text traffic
> KCARCK related: https://www.krackattacks.com/