Monday, October 27, 2014

WEP Auditing (Updates)

Two new WEP hacking features have been added to WAIDPS.
·         KoreK Chopchop Attack
·         Fragmentation Attack
Both methods need a wireless client to be present. Detail on both attack can be found on Aircrack-NG page (http://www.aircrack-ng.org/doku.php?id=korek_chopchop & http://www.aircrack-ng.org/doku.php?id=fragmentation)


Example of a KoreK Chopchop Attack
The screenshot below show the selection of the option. Simply press [Enter] while WEP attacking is in progress to bring up the "Auditing Menu". Select [O1]  for KoreK Chopchop attack.


Once the option is entered, it will start to read packets from any Client MAC address. After chosen a packet to use, decryption will begin. It may take up to a minute or more.


Once decryption of ARP packet is completed, a Keystream (XOR) packet will be saved with the AP name. WAIDPS will automatically replay the generated packet shown above. Cracking of the WEP will be as per normal which replaying of the ARP packet till it is cracked.

Example on Replaying of Existing Keystream  (KoreK)
If an existing decrypted ARP packet is found, user do not need to redo the KoreK Chopchop again. User can select the existing decrypted ARP packet to create another new Keystream file as shown below.



Example of a Fragmentation Attack
Cracking using the Fragmentation Attack is similar to the KoreK Chopchop attack. Simply press [Enter] while WEP attacking is in progress to bring up the "Auditing Menu". Select [O2]  for Fragmentation Attack.


Once the 1500 bytes of PRGA (pseudo random generation algorithm) is obtained. It will create a ARP packet and WAIDPS will automatically replay the generated packet shown above. Cracking of the WEP will be as per normal which replaying of the ARP packet till it is cracked.

Example on Replaying of Existing Keystream  (Fragmentation)
Similar to Korek chopchop, if an existing keystream is found, user do not need to launch the Fragmentation attack again. Simply use the existing keystream to generate a ARP packet for replaying.




NOTE: KoreK Chopchop and Fragmentation attack require a client to be connected to the Access Point. It may not be as easy as seem to be.. in most cases, attack failed due to unsupported chipset, improper patch for injection and much more other reason. Refer to Aircrack-NG page for detail.



Please support my page by liking it https://www.facebook.com/syworks
Visit GitHub        - https://github.com/SYWorks/waidps




Friday, October 10, 2014

Intrusion Detection (Updates)

My apology, I was somehow very busy for past few months and did not update on the WAIDPS. Although, there are many new features (New WEP attacking mode, WPS attacking mode enhancement, decrypting and viewing of live packets captured in monitoring module etc) added to the WAIDPS but as mentioned, I am busy, I unable to put all at once.. Below are updates on Intrusion Detection Module.

Intrusion Detection (Updates)

WAIDPS has included the following wireless attacks by MDK3 as shown below.
  • MDK3 Beacon Flooding (Different ESSID)
  • MDK3 Beacon Flooding (Similar ESSID)
  • MDK3 Authentication DoS with multiple clients
  • MDK3 Authentication DoS to multiple Access Points
  • MDK3 Authentication DoS to multiple Access Points with multiple clients
  • MDK3 Basic Probing & ESSID Bruteforcing
  • MDK3 Downgrade Test
  • MDK3 WIDS/WIPS/WDS Confusion

With the inclusion of all the above attacks, WAIDPS can now detect the following wireless attacks
·         Association / Authentication flooding
·         Detect mass deauthentication which may indicate a possible WPA attack for handshake
·         Detect possible WEP attack using the ARP request replay method
·         Detect possible WEP attack using chopchop method
·         Detect possible WPS pin bruteforce attack by Reaver, Bully, etc.
·         Detection of Evil-Twin
·         Detection of Rogue Access Point
·         Beacon Flooding
·         MDK3 Basic Probing & ESSID Bruteforcing
·         MDK3 Downgrade Test
·         MDK3 WIDS/WIPS/WDS Confusion


 Screenshot of a Beacon Flooding by MDK3


Authentication Flooding to targeted AP by MDK3

Authentication DoS to Multiple Access Points by MDK3

MDK3 Basic Probing & ESSID Bruteforce Mode

MDK3 WIDS/WIPS/WDS Confusion attack detection