HACKING WPA2: EVIL TWIN METHOD

The wireless version of the phishing scam

On this technique, named Evil Twin, we take a different perspective to the attack. Using a powerful long range wireless card (Alfa AWUS036NH), we clone the target network to confuse our victim.

Then, we deauthenticate the victim from his own wireless network and wait until he connects to our access point – which looks exactly like his. When the victim connects, he is redirected to a service page asking for the WPA-2 key in order to access the internet.

As soon as we get the key, you can either allow the victim to use the network (maybe improvise some password sniffing?) or just bring it down manually.

For the write-up click here.

On this technique, named Evil Twin, we take a different perspective to the attack. Using a powerful long range wireless card (Alfa AWUS036NH), we clone the target network to confuse our victim.

Then, we deauthenticate the victim from his own wireless network and wait until he connects to our access point – which looks exactly like his. When the victim connects, he is redirected to a service page asking for the WPA-2 key in order to access the internet.

As soon as we get the key, you can either allow the victim to use the network (maybe improvise some password sniffing?) or just bring it down manually.

For the write-up click here.

Wireless

Wireless

cyber security_black

Hacking

Source

About the speaker

Computer, Design, Network & Security

Source: Twitter

About the speaker

Computer, Design, Network & Security

Source: Twitter

Resources

What is the Evil Twin method?

Evil Twin is a term for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. An Evil Twin is the wireless version of the phishing scam. Read more

How to crack a Wi-Fi network's WPA password with Reaver

In the first section of this post, I’ll walk through the steps required to crack a WPA password using Reaver. After that, I’ll explain how Reaver works, and what you can do to protect your network against Reaver attacks. Read more

World of Warbiking

In 2014 Sophos surveyed Wi-Fi hotspots in LondonSan FranciscoAmsterdamNew York CityLas Vegas, San Diego, Sydney and Hanoi.Out of 81,743 networks surveyed in London, 29.5% WEP or no security encryption at all. 52% of networks were using WPA. 17% of Wi-Fi networks we scanned were using WPA2 encryption. Read more

Resources

What is the Evil Twin method?

Evil Twin is a term for a rogue Wi-Fi access point that appears to be a legitimate one offered on the premises, but actually has been set up to eavesdrop on wireless communications. An Evil Twin is the wireless version of the phishing scam. Read more

How to crack a Wi-Fi network's WPA password with Reaver

In the first section of this post, I’ll walk through the steps required to crack a WPA password using Reaver. After that, I’ll explain how Reaver works, and what you can do to protect your network against Reaver attacks. Read more

The Infernal-Twin is an automated tool designed for penetration testing activities, it has been developed to automate the Evil Twin Attack

“The tool was created to help the auditors and penetration testers to perform wireless security assessment in a quick manner and easing complex attack vectors.” states Khalilov M, the author. Read more

World of Warbiking

In 2014 Sophos surveyed Wi-Fi hotspots in LondonSan FranciscoAmsterdamNew York CityLas Vegas, San Diego, Sydney and Hanoi.

Out of 81,743 networks surveyed in London, 29.5% WEP or no security encryption at all. 52% of networks were using WPA. 17% of Wi-Fi networks we scanned were using WPA2 encryption. Read more

Articles

Presentations

Tutorials

Whitepapers

Related videos

Hacking WPA2 key: Evil Twin method

Hacking WPA2 key: Evil Twin method

We deauthenticate the victim from his own wireless network and wait until he connects to our access point. When the victim connects, he is redirected to a service page asking for the WPA-2 key.

The Honey project and CIC News Engine

The Honey project and CIC News Engine

An update about the Honey project and the development of the CIC News engine.

RFID hacking

RFID hacking

Learn about the security and social aspects of RFID technology

OWASP AppSecUSA 2011: Simplifying threat modelling

OWASP AppSecUSA 2011: Simplifying threat modelling

Architects and developers often perceive threat modeling as being too difficult. During this talk, we’ll attempt to bust these myths and show how organizations can incrementally obtain better results.

DEF CON 19: Hacking and forensicating an Oracle database server

DEF CON 19: Hacking and forensicating an Oracle database server

David Litchfield is recognized as one of the world’s leading authorities on database security.

DEF CON 17: Hijacking web 2.0 sites with SSLstrip

DEF CON 17: Hijacking web 2.0 sites with SSLstrip

Many websites mix secure and insecure content on the same page this makes it possible to steal all the data entered on such a page easily, using Moxie Marlinspike’s new SSLstrip tool. I will give a brief explanation and demonstration of the technique.

Battery firmware hacking

Battery firmware hacking

Charlie Miller will take an in depth look at a common embedded controller used in a battery and reverse engineer the firmware.

DEF CON 20: Demorpheus: Getting rid of polymorphic shellcodes in your network

DEF CON 20: Demorpheus: Getting rid of polymorphic shellcodes in your network

In this presentation we propose an approach and hybrid shellcode detection method, aimed at early detection and filtering of unknown 0-day exploits at the network level.

SOURCE Boston 2009: Splunk

SOURCE Boston 2009: Splunk

Learn how Fortune 500 and government organizations are using Splunk to protect themselves against fraud and misuse, and as a valuable tool in their network security and compliance reporting toolboxes.

24C3: Mifare (Little security, despite obscurity)

24C3: Mifare (Little security, despite obscurity)

We analyzed the hardware of the Mifare tags and found weaknesses in several parts of the cipher.

ShmooCon 2014: ISP’s unauthenticated SOAP service

ShmooCon 2014: ISP’s unauthenticated SOAP service

This presentation is meant to encourage individuals to put the applications and software that they may use on their own home or small business networks under the research microscope.

Embed trojan into a JPG Format

Embed trojan into a JPG Format

DeepSec 2013: Uncovering your trails

DeepSec 2013: Uncovering your trails

The presenters showed that Bluetooth is alive and kicking, exploit-wise. A new tool called Bluedriving is presented to capture and store the position and information of bluetooth devices.

Rootkits: What they are, and how to find them

Rootkits: What they are, and how to find them

This class will focus on understanding how rootkits work, and what tools can be used to help find them.

DEF CON 13: Google hacking for penetration testers

DEF CON 13: Google hacking for penetration testers

Johnny Long reveals basic and advanced search techniques, basic and advanced hacking techniques, multi-engine attack query morphing, and zero-packet target foot printing and recon techniques.

Pyrit demonstration (GPU cracking)

Pyrit demonstration (GPU cracking)

Short demo using the passthrough option of Pyrit which eliminates the need for giant tables taking up all your hard drive space.

DeepSec 2009: Building the next generation IDS engine

DeepSec 2009: Building the next generation IDS engine

This talk is about the project to build the next generation IDS engine. The engine has been released under the name Suricata and can be downloaded from the Open Information Security Foundation (OISF) web site.

22C3: Attacking the IPv6 protocol suite

22C3: Attacking the IPv6 protocol suite

After a short introduction on the differences of IPv4 to IPv6, the weaknesses in IPv6 will be shown. Highlight of the talk is the presentation of the THC-IPV6 Attack Toolkit.

28C3: Towards a single secure European cyberspace?

28C3: Towards a single secure European cyberspace?

The “European Great Firewall” was the way that European civil rights organizations has addressed the proposal to create a “single European cyberspace”. This lecture will describe a vulnerability that the proposal reveals in the power structures of the European and world governance.

SOURCE Barcelona 2010: Carders.cc, the rise and fall of an underground forum

SOURCE Barcelona 2010: Carders.cc, the rise and fall of an underground forum

Toying with barcodes

Toying with barcodes

Ever wondered what is in these blocks of squares on postal packages, letters and tickets?

DEF CON 19: Defeating wired 802.1x with a transparent bridge using Linux

DEF CON 19: Defeating wired 802.1x with a transparent bridge using Linux

Using Linux and a device with 2 network cards, I will demonstrate how to configure an undetectable transparent bridge to inject a rogue device onto a wired network that is secured via 802.1x using an existing authorized connection.

NOTACON 3: Network printer hacking

NOTACON 3: Network printer hacking

This presentation will cover techniques that can be used to control and extract data from network printers.

Building the DEF CON Network

Building the DEF CON Network

We will cover on how the DEF CON network team builds a network from scratch, in three days with very little budget.

DeepSec 2013: Mobile Fail: Cracking open “secure” Android containers

DeepSec 2013: Mobile Fail: Cracking open “secure” Android containers

I will discuss specific design flaws in the security of “secure” Applications that promise to keep your data / password safe and sound should the device fall into the wrong hands.

Black Hat USA 2010: Jackpotting automated teller machines redux 1/5

Black Hat USA 2010: Jackpotting automated teller machines redux 1/5

I will demonstrate both local and remote attacks on ATMs, and I will reveal a multi-platform ATM rootkit. Finally, I will discuss protection mechanisms that ATM manufacturers can implement to safeguard against these attacks.

Remote hack on Damn Vulnerable Linux

Remote hack on Damn Vulnerable Linux

This video is made by EXALT and shows a reenactment of a remote hack he did on a Damn Vulnerable Linux (DVL) box.

29C3 GSM: Cell phone network review

29C3 GSM: Cell phone network review

We will describe the process of setting up the test network we operate at 29C3, what legal and technical challenges we have faced, and we will describe the actual installation at the CCH.

DEF CON 14: US-VISIT: Raping personal privacy since 2004

DEF CON 14: US-VISIT: Raping personal privacy since 2004

In this talk, the technology and capabilities of US-VISIT will be explained in detail; weaknesses in the system will be explored, and the consequences of such a system will be considered.

Related videos

Videos from the same category or videos related to the subject.

You will find something new to watch and expand your knowledge.

Black Hat USA 2010: Jackpotting automated teller machines redux 1/5

Black Hat USA 2010: Jackpotting automated teller machines redux 1/5

I will demonstrate both local and remote attacks on ATMs, and I will reveal a multi-platform ATM rootkit. Finally, I will discuss protection mechanisms that ATM manufacturers can implement to safeguard against these attacks.

25C3: Hacking the iPhone

25C3: Hacking the iPhone

This talk will summarize what we have learned about the internal architecture of the iPhone platform, its security, and the ways we have found to defeat these security measures.

ShmooCon 2014: ISP’s unauthenticated SOAP service

ShmooCon 2014: ISP’s unauthenticated SOAP service

This presentation is meant to encourage individuals to put the applications and software that they may use on their own home or small business networks under the research microscope.

BruCON 2010: Embedded system hacking and my plot to take over the world 1/4

BruCON 2010: Embedded system hacking and my plot to take over the world 1/4

This presentation analyzes common vulnerabilities in popular embedded systems that carry sensitive data every day.

DEF CON 20: Demorpheus: Getting rid of polymorphic shellcodes in your network

DEF CON 20: Demorpheus: Getting rid of polymorphic shellcodes in your network

In this presentation we propose an approach and hybrid shellcode detection method, aimed at early detection and filtering of unknown 0-day exploits at the network level.

NOTACON 3: Network printer hacking

NOTACON 3: Network printer hacking

This presentation will cover techniques that can be used to control and extract data from network printers.

Rootkits: What they are, and how to find them

Rootkits: What they are, and how to find them

This class will focus on understanding how rootkits work, and what tools can be used to help find them.

OWASP AppSecUSA 2011: Simplifying threat modelling

OWASP AppSecUSA 2011: Simplifying threat modelling

Architects and developers often perceive threat modeling as being too difficult. During this talk, we’ll attempt to bust these myths and show how organizations can incrementally obtain better results.

DeepSec 2013: Uncovering your trails

DeepSec 2013: Uncovering your trails

The presenters showed that Bluetooth is alive and kicking, exploit-wise. A new tool called Bluedriving is presented to capture and store the position and information of bluetooth devices.

DEF CON 19: Hacking and forensicating an Oracle database server

DEF CON 19: Hacking and forensicating an Oracle database server

David Litchfield is recognized as one of the world’s leading authorities on database security.

24C3: Why Silicon-Based Security is still that hard: Deconstructing Xbox 360 Security

24C3: Why Silicon-Based Security is still that hard: Deconstructing Xbox 360 Security

We describe the design of the Xbox 360 security system from a very high-legel point of view. In the second part we will discuss the details of the Xbox 360 system and security architecture.

SOURCE Boston 2009: Splunk

SOURCE Boston 2009: Splunk

Learn how Fortune 500 and government organizations are using Splunk to protect themselves against fraud and misuse, and as a valuable tool in their network security and compliance reporting toolboxes.

DeepSec 2009: Building the next generation IDS engine

DeepSec 2009: Building the next generation IDS engine

This talk is about the project to build the next generation IDS engine. The engine has been released under the name Suricata and can be downloaded from the Open Information Security Foundation (OISF) web site.

29C3 GSM: Cell phone network review

29C3 GSM: Cell phone network review

We will describe the process of setting up the test network we operate at 29C3, what legal and technical challenges we have faced, and we will describe the actual installation at the CCH.

RFID hacking

RFID hacking

Learn about the security and social aspects of RFID technology

Hacking WPA2 key: Evil Twin method

Hacking WPA2 key: Evil Twin method

We deauthenticate the victim from his own wireless network and wait until he connects to our access point. When the victim connects, he is redirected to a service page asking for the WPA-2 key.

Toying with barcodes

Toying with barcodes

Ever wondered what is in these blocks of squares on postal packages, letters and tickets?

Remote hack on Damn Vulnerable Linux

Remote hack on Damn Vulnerable Linux

This video is made by EXALT and shows a reenactment of a remote hack he did on a Damn Vulnerable Linux (DVL) box.

DEF CON 14: US-VISIT: Raping personal privacy since 2004

DEF CON 14: US-VISIT: Raping personal privacy since 2004

In this talk, the technology and capabilities of US-VISIT will be explained in detail; weaknesses in the system will be explored, and the consequences of such a system will be considered.

24C3: Mifare (Little security, despite obscurity)

24C3: Mifare (Little security, despite obscurity)

We analyzed the hardware of the Mifare tags and found weaknesses in several parts of the cipher.

DeepSec 2013: Mobile Fail: Cracking open “secure” Android containers

DeepSec 2013: Mobile Fail: Cracking open “secure” Android containers

I will discuss specific design flaws in the security of “secure” Applications that promise to keep your data / password safe and sound should the device fall into the wrong hands.

28C3: Towards a single secure European cyberspace?

28C3: Towards a single secure European cyberspace?

The “European Great Firewall” was the way that European civil rights organizations has addressed the proposal to create a “single European cyberspace”. This lecture will describe a vulnerability that the proposal reveals in the power structures of the European and world governance.

Battery firmware hacking

Battery firmware hacking

Charlie Miller will take an in depth look at a common embedded controller used in a battery and reverse engineer the firmware.

Building the DEF CON Network

Building the DEF CON Network

We will cover on how the DEF CON network team builds a network from scratch, in three days with very little budget.

Share This