Wednesday, 30 April 2014

Cracking WPS (Wi-Fi Protected Setup) Crack any WPA/WPA2/WEP

WPS is short for Wi-Fi Protected System. Most of the Wireless routers have WPS enabled by default. In WPS cracking attacker will try to brute force WPS Pin which in turn can reveal WPA/WPA2/WEP Network Key in plain text.

1. Reaver is the best tool available to brute force WPS in order to retrieve WPS PIN
2. Using WPS Pin attacker can extract plain text password for WEP/WPA/WPA2 encryptions.

Brute Force WPS Pin using reaver :

Reaver extracting Plain text passwords for WPA PSK:

Some of AP's have rate limiting feature where WPS brute force process will be slowed down.
Reaver still will be successful in cracking WPS pin.

This was short introduction to WPS Cracking, and will add more info soon.

To Be Continued ..

Offensive Security Wireless Professional Certification Review 2014

My OSWP (Offensive Security Wireless Professional) certification journey started on 14th Jan 2014 and it is really nice light weight course from Offensive Security, I really enjoyed this course, However I am Now OSWP :)

Today at Wed 4/30/2014 3:31 PM I got official email from Offensive Security Team :)

About OSWP Certification:
I personally feel that this certification will introduce you to the world of Wireless Hacking.
This course covers up Wireless Basics which slowly goes deep into Wireless Packets and from then moving on towards hacking wireless networks with different encryption's.

Wireless Packet Analysis > WEP Attacks > WPA Attacks > WPA2 Attacks

1. Course will teach you lot of things as how wireless network works,
2. Different encryption's available in wireless communication,
3. Attacking weak encryption access points in various scenarios
4. Hands on with various tools focusing on Aircrack-ng suite.
5. WEP/WPA/WPA2 Encryption / Cracking methodologies.
6. Rouge access points hosting and breaking into wireless network.

Videos covers almost everything mentioned above with practical approach, which will definitely clear your concepts about wireless penetration testing.

What is not covered in OSWP :
1. Enterprise Level Authentication and hacking methodologies.
2. WPS Network cracking.

For which you can refer Vivek Ramchandran's Wifi Security Mega primer series from :
(4.2 GB Free Videos)
I really appreciate Vivek Ramchandran's contribution towards wireless security :) Keep it Up!..

My Setup:

1. Real Interest in Learning about Wireless Networks :)
2. Alfa Network Model AWUS036H  (802.11b/g Long Range Wireless USB Adapter)
3. Dlink DIR-615 Wireless Router
4. 9 dBi Antenna
5. Wifi Pineapple Mark V Standard (Optional)

OSWP Certification Exam :

Take a deep breath & Relax!...All offensive security exams are really challenging, and will make you strong with "Try Harder" Approach. It really works...

I can not go much into details about OSWP Exam, but there are number of access points with various encryption's configured and we are supposed to retrieve network key for each of them.
If you have studied and practiced all videos from Offensive Security there are no chances of failing this exam.
Recommend to read material thoroughly solve each and every Lab Exercises which will definitely help you for your ultimate Wifu challenge.
I personally cracked into all given networks within 1 hour time.

OSWP Exam Tips :
1. Study Offensive Security course material, get familiar with Wireless 802.11 Packets.
2. Solve all lab exercises.
3. Go through videos multiple times till you understand attack methodologies completely.
4. Before attacking wireless network read each and every sentence mentioned in Exam Document.
5. Do Not Attack other wireless networks other than specified  by Offensive Team.
6. In case attack won't work go back to material and see if you can get handy information from it :) I am sure you will get it!

When it comes to Wireless Penetration testing assignments, I will trust OSWP Certified!!!

I am Happy to be OSWP Certified !!
Thanks to Offensive Security Team for such a wonderful course.

To Be Continued.....