Description: Welcome to Challenge 4 of the WLAN Megaprimer!
In this challenge, you will need to script over an existing tool or write your own to launch a Dictionary attack on a WPA-Personal AP to crack the passphrase. Note - there are no Wi-Fi clients present in the vicinity! :) so no Handshake present :)
It gives us great pleasure to announce that 44con has been kind enough to sponsor the prize for this Challenge. They have some amazing talks lined up this year. Visit their website for more information: http://www.44con.com
Tags: challenge 4 , megaprimer , 44con ,
Awesome! was waiting for the next challenge. I will be attending 44con. See you there.
Already on it. Unfortunately won't be able to attend 44Con though.
Vivek Thanks Man !
Your BOOK " Metasploit megaprimer " when release in 2011 ?
Best regards
it is far more efficient to bruteforce captured handshake. mentioned tool is not needed in real world, is it?
@tohaz How would you crack WPA-PSK if you have no connected clients to the access point? Who would generate the handshake from?
won't this method be ridiculously slow in comparison?
Thanks 44con for a great prize. This challenge is beyond my ability but I look forward to checking out all the software and videos submitted.
Vivek: Coincidentally, I'm working on a WPA problem at work where an older device that only uses WPA-PSK won't connect to a Unifi AP and your video on the nuances of the 4way handshake has been a great help in troubleshooting the problem. Thanks.
Well I'll give this challenge a go if I get some free time and looking forward to wpa enterprise :)
vivek, your challenge is awesome, new idea,
I hope you can provide a video for Karma integrated with metasploit, i think it will be a good video vivek,
Thanks,
Nice challenge. Hope someone writes some nice code...I have WAY too much on my plate right now and wouldn't compete in a second challenge anyway. It would make an interesting exercise.
Wrapping this around wpa_supplicant and even wpa_cli results in a hideously slow tool. I gave it four hours of playing around and it's just too slow. Even running wpa_supplicant deamonised and poking it with wpa_cli results in hideously slow turnaround times per iteration. It would be easier to break into the premesis and steal the AP!
Because of commitments I can't dedicate the time on this - good luck to whoever lick this :-) An ace challenge Vivek, lots of fun for someone.
If I were going to do it, I would be looking at pylorcon/pylorcon2 and a multiple wifi-card setup.
@Vivek - Congrats on having a training event at 44con
@PhaseAmbiguity - The approach may be slower, but if you're using a 54Mb connection divide it by three(to allow for collisions and replies) and you then divide that by the size of the 4way handshake you should get an idea of what the perfect speed would be.
This will really be interesting. Nice thinking there...
Good luck and do som good stuff ;)
I love have two monitors so I can follow along. This has really helped me out not having to minimize ect ect. If anyone can do this I would highly recommend one screen video and the other BT. Much easier to follow along.
Hi sir, If some one has not already cracked this challenge, can you please extend the deadline for a week.? Our exams are going to over on 19th. So I can start to work on this after that. Thanks for the video.
Has this challenge been solved after all? If so i'd love to see the winner script.
I have been working on this myself irrespective of this challenge (in fact I didn't even know of security tube when I started it). It is, as the obvious path seems a collection of scripts around WPA supplicant
While it works, it is ridiculously slow. Authenticating with WPA supplicant takes seconds for just one try, and I just can't work around that fact.
So I would really like to see what a talented coder has done, perhaps with a much better approach